Nginx Real (2) configuration file & kernel & Log description

1. Optimizing Kernel Parameters

The cat /etc/sysctl.confnet.ipv4.ip_forward = 0 indicates that the routing function is turned on, 0 is off, 1 is on Net.ipv4.conf.default.rp_filter  = 1 Turn on reverse path filtering net.ipv4.conf.default.accept_source_route = 0 handle the packet net.ipv4.tcp_max_tw_ of the passive route BUCKETS = 6000 indicates that the system maintains the maximum number of time_wait sockets at the same time, and if this number is exceeded, the time_wait socket is immediately cleared and a warning message is printed. The default is 180000, change to  5000. For Apache, Nginx and other servers, the parameters of the last few lines can be a good way to reduce the number of time_wait sockets. This parameter controls the maximum number of time_wait sockets. net.ipv4.ip_local_port_range = 1024 65000 represents the range of ports used for outward connections. Small by default: 32768 to 61000, 1024 to 65000. Net.ipv4.tcp_tw_recycle = 1 Enable timewait  Quick Recycle. Net.ipv4.tcp_tw_reuse = 1 turn on reuse. Allows time-wait sockets  to be re-used for new tcp  connections. Net.ipv4.tcp_syncookies = 1 turns on Syn cookies, cookies  is enabled when a syn  wait queue overflow occurs. The maximum number of tcp  sockets in the net.ipv4.tcp_max_orphans = 262144 system are not associated with any one of the user file handles. If this number is exceeded, the orphan connection is immediately reset and a warning message is printed. This limitation is only to prevent a simple dos  attack, not to rely too much on it or artificially reduce the value, but should increase this value (if the memory is increased). net.ipv4.tcp_keepalive_time = 1200 when keepalive ,tcp  send KEEPALIVE  frequency of messages. The default is 2 hours. Net.ipv4.tcp_keepalive_intvl = 30 when the probe is not confirmed, the frequency of the probe is re-sent. The default is 75 seconds net.ipv4.tcp_keepalive_probes = 3 how many TCP keepalive probe packets are sent before the connection is determined to fail. The default value is 9. This value, multiplied by TCP_KEEPALIVE_INTVL, determines how much time a connection can be sent keepalive after it has not responded net.ipv4.tcp_synack_retries = 1 in order to open the connection to the end, The kernel needs to send a syn  with an ACK that responds to the previous syn . The second handshake in the so-called three-time handshake. This setting determines the number of syn+ack  packets sent before the kernel abandons the connection. Syn-ack handshake State Retry count, default 5, 1 or 2 net.ipv4.tcp_syn_retries = 2 Outward SYN handshake retry attempts when Syn-flood attack, default 4net.ipv4.tcp _MAX_SYN_BACKLOG = 262144 records the maximum number of connection requests that have not yet received the client acknowledgment information. For systems with 128m  memory, the default value is 1024, and the small memory system is 128. The net.ipv4.tcp_timestamps = 0 time stamp avoids winding the serial number. A 1gbps  link will definitely encounter a previously used serial number. Timestamps allow the kernel to accept this "exception" packet. You need to turn it off here. net.core.rmem_max = 16777216 Max Socket Read buffernet.core.wmem_max =  16777216 Max Socket Write buffernet.ipv4.tcp_rmem = 4096 87380 4194304tcp read Buffernet.ipv4.tcp_wmem  = 4096 16384 4194304tcp Write buffernet.core.wmem_default =  8388608 The file specifies the default value of the send socket buffer size in bytesAs the unit). net.core.rmem_default = 8388608 The file specifies the default value, in bytes, to receive the socket buffer size. NET.CORE.RMEM_MAX = 16777216 Specifies the maximum value (in bytes) of the size of the receive socket buffer (receive window); The largest TCP data receive buffer net.core.wmem_max =  16777216 Specifies the maximum size (in bytes) of the Send socket buffer (receive window), the maximum TCP data-sending buffer kernel.sysrq = 0 the functional requirements of the debug kernel of the control system kernel.core_ Uses_pid = 1 is used to debug multithreaded applications kernel.msgmnb = 65536 the maximum byte limit per message queue kernel.msgmax =  65536 the maximum size.kernel.shmmax = 68719476736 kernel parameter for each message defines the maximum value of a single shared memory segment kernel.shmall =  4294967296 control The default parameters for shared memory Pages Net.core.somaxconn = 262144listen (), the maximum number of pending requests. The default is 128. For busy servers, increasing this value helps network performance.

1.1. Example

# sysctl  -pnet.ipv4.ip_forward = 0net.ipv4.conf.default.rp_filter =  1net.ipv4.conf.default.accept_source_route = 0net.ipv4.tcp_max_tw_buckets =  6000net.ipv4.ip_local_port_range = 1024 65000net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_ tw_reuse = 1net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_orphans =  262144net.ipv4.tcp_keepalive_time = 1200net.ipv4.tcp_keepalive_intvl = 30net.ipv4.tcp_ keepalive_probes = 3net.ipv4.tcp_synack_retries = 1net.ipv4.tcp_syn_retries =  2net.ipv4.tcp_max_syn_backlog = 262144net.ipv4.tcp_timestamps = 0net.core.rmem_max =  16777216net.core.wmem_max = 16777216net.ipv4.tcp_rmem = 4096 87380  4194304net.ipv4.tcp_wmem = 4096 16384 4194304net.core.wmem_default =  8388608net.core.rmem_default = 8388608net.core.rmem_max = 16777216net.core.wmem_max = 16777216net.core.somaxconn = 262144kernel.sysrq  = 0kernel.core_uses_pid = 1kernel.msgmnb = 65536kernel.msgmax =  65536kernel.shmmax = 68719476736kernel.shmall = 4294967296vm.swappiness =  0fs.file-max = 409600

2.nginx optimized configuration

Configuration file Description:

user  nginx; Specifies the number of user worker_processes  8;nginx  processes that Nginx runs, and it is recommended that you specify by cpu  number to see this result: #  cat /proc/cpuinfo  | grep processor  | wc -lworker_cpu_ Affinity allocates CPUs for each process, 8  processes are assigned to 8  CPUs in the example above, and can of course write multiple, or assign a process to multiple CPUs. worker_rlimit_nofile  409600 the maximum number of file descriptors opened by an nginx process, the theoretical value should be the maximum number of open files, currently consistent with Ulimit -n error_log   /app/local/log/nginx/error.log warn; define error log path and log level use epoll; using Epoll model worker_connections   51200; Maximum number of connections allowed per process,  Theoretically, the maximum number of connections per nginx  server is worker_processes*worker_connections. server_names_hash_bucket_size 64; Save Server name hash table is by command  server_names_hash_max_size  and  server_ Controlled by the names_hash_bucket_size. The parameter hash bucket size is always equal to the size of the hash table and is a multiple of the processor cache size. After reducing the number of accesses in memory, it is possible to speed up the lookup of hash table key values in the processor. If  hash bucket size equals the size of a processor cache, the worst-case lookup of a key is 2 in memory. The first time is to determine the address of the storage unit, and the second is to find the key   value in the storage unit. Therefore, if Nginx is given the need to increase  hash max size  or  hash buCket size tips, then the first is to increase the size of the previous parameter .proxy_headers_hash_max_size 51200; set the maximum value of the head hash table, not less than the total number of headers set by your back end server. proxy_headers_hash_bucket_size 6400; This will limit the length of the header field name if you use a header name longer than 64 characters to increase this value. server_tokens off; off version number display include       /app/local/nginx/conf/ Mime.types;nginx allowed file format tcp_nopush  on; tells Nginx to send all header files in one packet without sending them one after the other tcp_nodelay on; Tell Nginx not to cache the data, but to send it over a period of time-when the data needs to be sent in a timely manner, it should be set to the application, so that the return value cannot be obtained immediately when sending a small piece of data. keepalive_timeout client_header_timeout 20;client_body_timeout 20; assigns a keep-alive link time-out to the client. The server will close the link after this timeout period. We set it down to allow Ngnix to continue working for a longer period of time. client_header_timeout  and client_body_timeout  set the time-out for the request header and the request body (respectively). We can also lower this setting. Reset_timedout_connection tells Nginx to close the unresponsive client connection. This will release the memory space that the client occupies. send_timeout 10; Specifies the response time-out for the client. This setting is not used for the entire forwarder, but between two client read operations. If, during this time, the client does not read any data, Nginx closes the connection. Sendfile    on;sendfile can make sendfile () play a role. Sendfile () can copy data (or any of two file descriptors) between the disk and the Tcp socket. Pre-sendfile is the data buffer that is requested in the user space before the data is transferred. Later with ReaD () copies the data from the file to this buffer, and write () writes the buffer data to the network. Sendfile () is to immediately read data from disk to the OS cache. Because this copy is done in the kernel, sendfile () is more efficient than combining read () and write () and turning off the discard buffer (more about Sendfile) reset_timedout_connection on; Nginx closes the unresponsive client connection. This will release the memory space that the client occupies. send_timeout 30; Specifies the response time-out for the client. This setting is not used for the entire forwarder, but between two client read operations. If, during this time, the client does not read any data, Nginx closes the connection. gzip on; Open gzip compression, real-time compressed output data stream gzip_min_length 1k; from the content-length to obtain the validation, less than 1 K will be more pressure greater gzip_buffers 4  16k; 4 times times the requested memory in 16K to do the compression result stream cache, the default is to request the same size of the original data memory space to store gzip compression results. gzip_http_version 1.0; default 1.1, most browsers already support gzip decompression gzip_comp_level 4; Compression ratio 1-9,1 compression is the fastest in the minimum processing speed, 9 compression ratio max but processing slowest and consumes cpugzip_types text/plain application/x-javascript text/css application/xml; Compression type, regardless of whether the specified text/html is always compressed gzip_vary on; This option allows the front-end cache service # to cause some problems with the following optimization parameters, using Open_file_cache with caution, and also specifying the maximum number of caches, And the time of the cache. We can set a relatively high maximum time so that we can erase them after they are inactive for more than 20 seconds. open_file_cache_valid  Specifies the time interval in open_file_cache for the correct information to be detected. open_file_cache_min_uses  defines the minimum number of files during the inactivity period of the instruction parameter in Open_file_cache. OPEN_FILE_CACHE_ERRORS Specifies whether to cache error messages when searching for a file, including configuringTo add files to the. We also include server modules, which are defined in different files. If your server module is not in these locations, you will have to modify this line to specify the correct location.

2.2. Example Description

user  nginx;worker_processes  8;worker_cpu_affinity 00000001 00000010  00000100 00001000 00010000 00100000 01000000 10000000;worker_rlimit_nofile  409600;error_log  /app/local/log/nginx/error.log warn;pid         /app/local/nginx/logs/nginx.pid;events {use epoll;    worker_ connections  204800;} http {server_names_hash_bucket_size 64;    proxy_headers_hash_max_size  51200;    proxy_headers_hash_bucket_size 6400;    include        /app/local/nginx/conf/mime.types;    default_type   application/octet-stream;    log_format main  ' $remote _addr -   $remote _user [$time _local]  "$request"   "                        ' $status   $body _bytes_sent  "$ Http_referer " "                         ' $http _user_agent '   $http _x_forwarded_for  $request _length   $msec   $connection _requests  $request _time ';     access_log  /app/ local/log/nginx/access.log  main;server_tokens off;    sendfile     on;    tcp_nopush  on;tcp_nodelay on;     Keepalive_timeout  65;client_header_timeout 20;client_body_timeout 20;reset_timeout_ Connection 30;send_timeout 30;gzip on;gzip_min_length 1k;gzip_buffers 4 16k;gzip _http_version 1.0;gzip_comp_level 4;gzip_types text/plain application/x-javascript  Text/css applicatioN/xml;gzip_vary on;open_file_cache max=409600 inactive=30s;open_file_cache_valid 30s;open_ file_cache_min_uses 2;open_file_cache_errors on;    include /app/local/ nginx/conf/vhosts/*.conf;}

3. Log Format description

$remote _addr, $http _x_forwarded_for record client IP address $remote_user record client user name $request record request URL and HTTP protocol $status record request status $body_ Bytes_sent the number of bytes sent to the client, excluding the size of the response header, which is compatible with the "%B" parameter in the Apache module MOD_LOG_CONFIG. The total number of bytes $bytes _sent sent to the client. $connection the serial number of the connection. $connection _requests The number of requests currently obtained through a connection. $msec Log write time. The unit is seconds, and the precision is milliseconds. $pipe if the request is sent over an HTTP pipelining (pipelined), the pipe value is "P", otherwise ".". $http _referer records the length of the request (including the request line, the request header, and the request body) from which page links are accessed $http_user_agent record client browser related information $request_length. $request _time request processing time in seconds, precision milliseconds, starting with the first byte read into the client until the last word is character to the client for log writes. $time The local time in _iso8601 ISO8601 standard format. $time The local time in the _local common log format.

3.2. Example:

log_format main  ' $remote _addr -  $remote _user [$ time_local]  "$request"   "                        ' $status   $body _bytes_sent  ' $http _referer " "                         ' $http _user_agent '   $http _x_forwarded_for  $request _length  $msec   $connection _requests  $request _time ';  $remote _addr: Real IP address of client $remote_user:  client name $time_ local:  Server local time $request:  request URL and HTTP protocol $status: Log request Status $body_bytes_sent: Number of bytes sent to the client, excluding the size of the response header $http_ Referer: Record from which page link is accessed from $http_user_agent: Log client browser related information $http_x_forwarded_for: Proxy mode shows real client address $request_length: requested length $ msec: Log Write Time $connection_requests: The number of requests currently obtained through a connection $request_time: request processing Time 

This article is from the "take a deep Breath again" blog, make sure to keep this source http://ckl893.blog.51cto.com/8827818/1769969

Nginx Real (2) configuration file & kernel & Log description