Shulou(Shulou.com)05/31 Report--

This article mainly introduces "how to optimize the Linux production server". In the daily operation, I believe many people have doubts about how to optimize the Linux production server. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts about "how to optimize the Linux production server". Next, please follow the editor to study!

I. time synchronization

The time requirement of the server in the production environment is accurate. The dovecot service of my mail server used to stop automatically because of the time problem. It is recommended to edit.

Vim / etc/crontab

So far, it automatically synchronizes with the ntp time server once a day:

14 04 * root / usr/sbin/ntpdate ntp.api.bz > / dev/null 2 > & 1

Second, enable SYN cookie protection in the kernel:

Echo "1" > / proc/sys/net/ipv4/tcp_syncookies

Execute the following command to make the kernel configuration take effect immediately:

/ sbin/sysctl-p

Third, the solution to the slow down of Squid server

If your production server is a squid cache server, you can enter the following command when you find that the system is slow or the web page is slow to open:

Netstat-n | awk'/ ^ tcp/ {+ + S [$NF]} END {for (an in S) print a, S [a]}'

This command can classify and summarize the network connection status of the current system, so as to analyze the reason why the system is slow.

For highly concurrent Squid servers under Linux, the number of TCP TIME_WAIT sockets often reaches 20,000 to 30,000, and the server is easily towed to death. By modifying the Linux kernel parameters, you can reduce the number of TIME_WAIT sockets for the Squid server.

Vim / etc/sysctl.conf

Add the following lines:

Net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.ip_local_port_range = 1024 65000 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 5000

Description:

Net.ipv4.tcp_tw_reuse = 1 means reuse is turned on. Allow TIME-WAIT sockets to be reused for new TCP connections. Default is 0, which means off.

Net.ipv4.tcp_tw_recycle = 1 means to enable fast recycling of TIME-WAIT sockets in TCP connections. Default is 0, which means disabled.

Net.ipv4.tcp_fin_timeout = 30 means that if the socket is closed by the local request, this parameter determines how long it remains in the FIN-WAIT-2 state.

Net.ipv4.tcp_keepalive_time = 1200 indicates how often TCP sends keepalive messages when keepalive is enabled. The default is 2 hours, which changes to 20 minutes.

Net.ipv4.ip_local_port_range = 1024 65000 indicates the range of ports used for outbound connections. Very small by default, changed to 1024 to 65000.

Net.ipv4.tcp_max_syn_backlog = 8192 indicates the length of the SYN queue, which defaults to 1024, and increases the queue length to 8192, which can accommodate more network connections waiting for connections.

Net.ipv4.tcp_max_tw_buckets = 5000 indicates that the system maintains the number of TIME_WAIT sockets at the same time, and if this number is exceeded, the TIME_WAIT socket will be cleared immediately and a warning message will be printed. The default is 180000, which changes to 5000. For servers such as Apache, Nginx, and so on, the parameters in the first few lines can well reduce the number of TIME_WAIT sockets, but it has little effect on Squid. This parameter controls the number of TIME_WAIT sockets to prevent Squid servers from being dragged to death by a large number of TIME_WAIT sockets.

Execute the following command to make the kernel configuration take effect immediately:

/ sbin/sysctl-p

IV. The situation of Nginx server

If the server is a Nginx load balancer or a web server for Nginx+PHP5, these two items must also be turned on:

Net.ipv4.tcp_tw_reuse = 1 # allows TIME-WAIT sockets to be reused for new TCP connections

Net.ipv4.tcp_tw_recycle = 1 # enable fast recovery of TIME-WAIT sockets in TCP connection

Execute the following command to make the kernel configuration take effect immediately:

/ sbin/sysctl-p

5. Adjust the number of Linux file openings

The default value for the number of Linux*** file openings is very low and must be modified higher, otherwise the performance of the squid server will be very low under high load.

Vim / etc/security/limit.conf, add on the * line

* soft nofile 60000 * hard nofile 65535

It's worth noting that you can't change the open number of * * files on a linux system by ulimit-SHn, nor can you write in / etc/rc.d/rc.local.

6. Open only the necessary services

Only the necessary services are turned on, and all others can be turned off. The services listed below can be enabled:

Crond irqbalance microcode_ctl network random sshd syslog

Iptables, this is to be determined. If there is a hardware firewall at the front end, this can also be turned off, and vice versa.

The following command checks for services running at level 5, level 3, and so on

Chkconfig-- list | awk'{print $1 "" $7}'| grep 5:on

Check the print service, which is often missed. Turn it off.

Service cups stop chkconfig cups off

The chkconfig command shuts down services at levels 3 and 5.

7. Stop ipv6

The vast majority of online Linux servers are 64-bit CentOS. By default, CentOS, ipv6 is enabled. Because we don't use ipv6, stopping ipv6 can guarantee security and speed with a * * limit.

Vim / etc/modprobe.conf

Modify this configuration file by adding the following line to the end of the text:

Alias net-pf-10 off alias ipv6 off echo "IPV6INIT=no" > > / etc/sysconfig/network-scripts/ifcfg-eth0

8. Enable the network card activation mode of RHEL

If the server's system is RHEL, you need to enable RHEL with ONBOOT as the default Nic activation mode. Feel that this is also a small bug of RHEL: the author maintains a RHEL application server for customers, unexpectedly six network cards, when the ONBOOT is shut down, some start, some do not start, sweat Oh. I also specifically asked the customer this question, the customer replied: buy too much.

Vim / etc/sysconfig/network-scripts/ifcfg-eth0,eth2

Eth2 is the second network card, and others are extrapolated accordingly.

ONBOOT=YES

Then restart the network service to take effect.

Service network restart

IX. Linux memory management

Linux memory management mode is different from windows, its principle is to use as much as you have. Many Linux novices like to use the command free-m to observe and find that free has nothing left to find a way to optimize memory; in fact, walked into a misunderstanding, linux itself memory mode is very good, in order to improve disk access efficiency, Linux made some careful design, in addition to caching dentry (for VFS, accelerate file path name to inode conversion), but also adopted two main Cache methods: Buffer Cache and Page Cache. The former is for the read and write of disk blocks, and the latter is for the read and write of file inode. These Cache effectively shorten the time it takes to make system calls such as read,write,getdents.

At this point, the study on "how to optimize the Linux production server" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.