核心參數最佳化配置
vi /etc/sysctl.conf
添加以下參數設定後運行命令:
/sbin/sysctl -p
關於Nginx核心參數的最佳化:
net.ipv4.tcp_max_tw_buckets = 6000
設定timewait的數量,預設是180000。
net.ipv4.ip_local_port_range = 1024 65000
允許系統開啟的連接埠範圍。
net.ipv4.tcp_tw_recycle = 1
啟用timewait快速回收。
net.ipv4.tcp_tw_reuse = 1
開啟重用。允許將TIME-WAIT sockets重新用於新的TCP串連。
net.ipv4.tcp_syncookies = 1
開啟SYN Cookies,當出現SYN等待隊列溢出時,啟用cookies來處理。
net.core.somaxconn = 262144
web應用中listen函數的backlog預設會給我們核心參數的net.core.somaxconn限制到128,而Nginx核心參數定義的NGX_LISTEN_BACKLOG預設為511,所以有必要調整這個值。
net.core.netdev_max_backlog = 262144
每個網路介面接收資料包的速率比核心處理這些包的速率快時,允許送到隊列的資料包的最大數目。
net.ipv4.tcp_max_orphans = 262144
系統中最多有多少個TCP通訊端不被關聯到任何一個使用者檔案控制代碼上。如果超過這個數字,孤兒串連將即刻被複位並列印出警告資訊。這個限制僅僅是為了防止簡單的DoS攻擊,不能過分依靠它或者人為地減小這個值,更應該增加這個值(如果增加了記憶體之後)。
net.ipv4.tcp_max_syn_backlog = 262144
記錄的那些尚未收到用戶端確認資訊的串連請求的最大值。對於有128M記憶體的系統而言,預設值是1024,小記憶體的系統則是128。
net.ipv4.tcp_timestamps = 0
時間戳記可以避免序號的卷繞。一個1Gbps的鏈路肯定會遇到以前用過的序號。時間戳記能夠讓核心接受這種“異常”的資料包。這裡需要將其關掉。
net.ipv4.tcp_synack_retries = 1
為了開啟對端的串連,核心需要發送一個SYN並附帶一個回應前面一個SYN的ACK。也就是所謂三向交握中的第二次握手。這個設定決定了核心放棄串連之前發送SYN+ACK包的數量。
net.ipv4.tcp_syn_retries = 1
在核心放棄建立串連之前發送SYN包的數量。
net.ipv4.tcp_fin_timeout = 1
如果通訊端由本端要求關閉,這個參數決定了它保持在FIN-WAIT-2狀態的時間。對端可以出錯並永遠不關閉串連,甚至意外當機。預設值是60 秒。2.2 核心的通常值是180秒,你可以按這個設定,但要記住的是,即使你的機器是一個輕載的WEB伺服器,也有因為大量的死通訊端而記憶體溢出的風險,FIN- WAIT-2的危險性比FIN-WAIT-1要小,因為它最多隻能吃掉1.5K記憶體,但是它們的生存期長些。
net.ipv4.tcp_keepalive_time = 30
當keepalive起用的時候,TCP發送keepalive訊息的頻度。預設是2小時。以上就是對Nginx核心參數的詳細介紹。
完整的核心最佳化配置:
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.netdev_max_backlog = 262144
net.core.somaxconn = 262144
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syn_retries = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
net.ipv4.tcp_keepalive_time = 30
net.ipv4.ip_local_port_range = 1024 65000
例,Nginx+Keepalived高可用負載平衡
一、實驗環境:
系統內容:CentOS 6.0 x86_64
Nginx版本:nginx v1.2.4
Keepalived版本:keepalived v1.2.1
Nginx-1:192.9.117.160 (Master)
Nginx-2:192.9.117.161 (Backup)
二、Nginx安裝配置:
分別在兩台伺服器安裝Nginx、keepalived,如下:
yum install -y pcre-devel 安裝perl 相容的正規運算式庫
tar -xzf nginx-1.2.4.tar.gz && cd nginx-1.2.4 ; sed -i -e ‘s/1.2.4//g’ -e ‘s/nginx//TDTWS/g’ -e ‘s/”NGINX”/”TDTWS”/g’ src/core/nginx.h &&./configure –prefix=/usr/local/nginx –user=www –group=www –with-http_stub_status_module –with-http_ssl_module
三、Keepalived安裝配置:
tar -xzvf keepalived-1.2.1.tar.gz &&cd keepalived-1.2.1 && ./configure && make && make install
if
[ $? -eq 0 ];then
echo “Install keepalived success,please waiting configure keepalived ……………”
else
echo “Install keepalived failed ,please check install version !”
exit 0
fi
DIR=/usr/local/ ;cp $DIR/etc/rc.d/init.d/keepalived /etc/rc.d/init.d/ ; cp $DIR/etc/sysconfig/keepalived /etc/sysconfig/ ; mkdir -p /etc/keepalived ; cp $DIR/sbin/keepalived /usr/sbin/
Nginx、Keepalived軟體安裝完畢,111cn.net接下來進行詳細配置。
四、配置Keepalived:
兩台伺服器端keepalived.conf內容都為如下,都設定為backup,不搶佔,注意修改優先順序不同:
! Configuration File for keepalived
global_defs {
notification_email {
wgkgood@163.com
}
notification_email_from wgkgood@163.com
smtp_server 127.0.0.1
smtp_connect_timeout 30
router_id LVS_DEVEL
}
vrrp_script chk_nginx {
script “/data/sh/check_nginx.sh”
interval 2
weight 2
}
# VIP1
vrrp_instance VI_1 {
state BACKUP
interface eth0
lvs_sync_daemon_inteface eth0
virtual_router_id 151
priority 100
advert_int 5
nopreempt
authentication {
auth_typePASS
auth_pass 1111
}
virtual_ipaddress {
192.9.117.162
}
track_script {
chk_nginx
}
}
如上配置,我們需要自己建立check_nginx指令碼,以方便檢查本地Nginx是否存活更好的切換。Check_nginx.sh指令碼內容如下: www.111cn.Net
#!/bin/bash
#auto check nginx process
#2012-10-16 wugk
killall -0 nginx
if
[[ $? -ne 0 ]];then
/etc/init.d/keepalived stop
fi
五、Nginx 配置:
在兩台Nginx伺服器分別建立index.html測試頁面,然後啟動Nginx服務測試。
訪問VIP http://192.9.117.162
Down掉192.9.117.160的Nginx服務,分別查看keepalived後台日誌和ping VIP日誌如下:
Oct 16 16:47:48 localhost Keepalived: Stopping Keepalived v1.2.1 (10/16,2012)
Oct 16 16:47:49 localhost Keepalived_vrrp: Terminating VRRP child process on signal
至此,Nginx+Keepalived高可用WEB架構搭建成功
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
