Optimizing nginx kernel parameters in linux

Kernel parameter optimization configuration

Vi/etc/sysctl. conf
Add the following parameter settings and run the command:
/Sbin/sysctl-p

Optimization of Nginx kernel parameters:
Net. ipv4.tcp _ max_tw_buckets = 6000
Set the number of timewait instances. The default value is 180000.

Net. ipv4.ip _ local_port_range = 1024 65000
Port range that can be opened by the system.

Net. ipv4.tcp _ tw_recycle = 1
Enable timewait quick recovery.

Net. ipv4.tcp _ tw_reuse = 1
Enable reuse. Allow TIME-WAIT sockets to be re-used for a new TCP connection.

Net. ipv4.tcp _ syncookies = 1
Enable SYN Cookies. When a SYN wait queue overflow occurs, enable cookies for processing.

Net. core. somaxconn = 262144
By default, the backlog of the listen function in the web application limits the net. core. somaxconn of kernel parameters to 128, while the NGX_LISTEN_BACKLOG defined by Nginx kernel parameters is 511 by default, so it is necessary to adjust this value.

Net. core. netdev_max_backlog = 262144
The maximum number of packets that can be sent to the queue when each network interface receives packets faster than the kernel processes these packets.

Net. ipv4.tcp _ max_orphans = 262144
The maximum number of TCP sockets in the system is not associated with any user file handle. If this number is exceeded, the orphan connection is immediately reset and a warning is printed. This limit is only used to prevent simple DoS attacks. You cannot rely too much on it or artificially reduce the value. You should also increase this value (if the memory is increased ).

Net. ipv4.tcp _ max_syn_backlog = 262144
The maximum number of connection requests that have not received confirmation from the client. For systems with 1024 MB of memory, the default value is 128, while for systems with small memory, the value is.

Net. ipv4.tcp _ timestamps = 0
Timestamp can avoid serial number winding. A 1 Gbit/s link must have a previously used serial number. The timestamp allows the kernel to accept such "abnormal" packets. Disable it here.

Net. ipv4.tcp _ synack_retries = 1
To enable the peer connection, the kernel needs to send a SYN with an ACK that responds to the previous SYN. That is, the second handshake in the three-way handshake. This setting determines the number of SYN + ACK packets sent before the kernel disconnects.

Net. ipv4.tcp _ syn_retries = 1
Number of SYN packets sent before the kernel disconnects the connection.

Net. ipv4.tcp _ fin_timeout = 1
If the socket is disabled by the local end, this parameter determines the time it remains in the FIN-WAIT-2 state. The peer can make an error and never close the connection, or even become an unexpected machine. The default value is 60 seconds. 2.2 The kernel value is usually 180 seconds. You can follow this setting, but remember that even if your machine is a lightweight WEB server, there is also a risk of memory overflow due to a large number of dead sockets. The risk of FIN-WAIT-2 is smaller than that of FIN-WAIT-1, because it can only eat K of memory at most, however, they have a longer lifetime.
Net. ipv4.tcp _ keepalive_time = 30
The frequency of keepalive messages sent by TCP when keepalive is in use. The default value is 2 hours. The above is a detailed introduction to Nginx kernel parameters.

Complete kernel optimization configuration:

Net. ipv4.tcp _ max_tw_buckets = 6000
Net. ipv4.tcp _ sack = 1
Net. ipv4.tcp _ window_scaling = 1
Net. ipv4.tcp _ rmem = 4096 87380 4194304
Net. ipv4.tcp _ wmem = 4096 16384 4194304
Net. core. wmem_default = 8388608
Net. core. rmem_default = 8388608
Net. core. rmem_max = 16777216
Net. core. wmem_max = 16777216
Net. core. netdev_max_backlog = 262144
Net. core. somaxconn = 262144
Net. ipv4.tcp _ max_orphans = 3276800
Net. ipv4.tcp _ max_syn_backlog = 262144
Net. ipv4.tcp _ timestamps = 0
Net. ipv4.tcp _ synack_retries = 1
Net. ipv4.tcp _ syn_retries = 1
Net. ipv4.tcp _ tw_recycle = 1
Net. ipv4.tcp _ tw_reuse = 1
Net. ipv4.tcp _ mem = 94500000 915000000 927000000
Net. ipv4.tcp _ fin_timeout = 1
Net. ipv4.tcp _ keepalive_time = 30
Net. ipv4.ip _ local_port_range = 1024 65000

For example, Nginx + Keepalived High-Availability Load Balancing

I. Experiment environment:

System environment: CentOS 6.0 x86_64
Nginx version: nginx v1.2.4
Keepalived version: keepalived v1.2.1
Nginx-1: 192.9.117.160 (Master)
Nginx-2: 192.9.117.161 (Backup)
II. Nginx installation and configuration:
Install Nginx and keepalived on the two servers as follows:

Yum install-y pcre-devel install perl-compatible regular expression library

Tar-xzf nginx-1.2.4.tar.gz & cd nginx-1.2.4; sed-I-e's/1.2.4 // g'-e's/nginx // TDTWS/g'-e's/"NGINX"/"TDTWS"/g' src/core/nginx. h &&. /configure-prefix =/usr/local/nginx-user = www-group = www-with-http_stub_status_module-with-http_ssl_module

3. Install and configure Keepalived:
Tar-xzvf keepalived-1.2.1.tar.gz & cd keepalived-1.2.1 &./configure & make install

If

[$? -Eq 0]; then

Echo "Install keepalived success, please waiting configure keepalived ..............."

Else

Echo "Install keepalived failed, please check install version !"

Exit 0

Fi

DIR =/usr/local/; cp $ DIR/etc/rc. d/init. d/keepalived/etc/rc. d/init. d/; cp $ DIR/etc/sysconfig/keepalived/etc/sysconfig/; mkdir-p/etc/keepalived; cp $ DIR/sbin/keepalived/usr/sbin/
Nginx and Keepalived software are installed, and 111cn.net is configured in detail.
4. Configure Keepalived:
The content of keepalived. conf on both servers is as follows, both of which are set as backup and not preemptible. Note that the priority of the change is different:
! Configuration File for keepalived

Global_defs {

Notification_email {

Wgkgood@163.com

}

Notification_email_from wgkgood@163.com

Smtp_server 127.0.0.1

Smtp_connect_timeout 30

Router_id LVS_DEVEL

}

Vrrp_script chk_nginx {

Script "/data/sh/check_nginx.sh"

Interval 2

Weight 2

}

# VIP1

Vrrp_instance VI_1 {

State BACKUP

Interface eth0

Lvs_sync_daemon_inteface eth0

Virtual_router_id 151

Priority100

Advert_int 5

Nopreempt

Authentication {

Auth_typePASS

Auth_pass 1111

}

Virtual_ipaddress {

192.9.117.162

}

Track_script {

Chk_nginx

}

}
In the above configuration, we need to build our own check_nginx script to check whether the local Nginx is alive and better switched. The content of the Check_nginx.sh script is as follows: www.111cn. Net
#! /Bin/bash

# Auto check nginx process

#2012-10-16 wugk

Killall-0 nginx

If

[[$? -Ne 0]; then

/Etc/init. d/keepalived stop

Fi

5. Nginx configuration:

Create the index.html test page for the two nginxservers, and then start the Nginx service test.
Access VIP http: // 192.9.117.162

Drop the Nginx service of 192.9.117.160 and view the keepalived background log and ping VIP log respectively as follows:
Oct 16 16:47:48 localhost Keepalived: Stopping Keepalived v1.2.1 (10/16, 2012)
Oct 16 16:47:49 localhost Keepalived_vrrp: Terminating VRRP child process on signal

So far, Nginx + Keepalived high-availability WEB architecture has been successfully established