Shulou(Shulou.com)06/02 Report--

Since the default linux kernel parameters consider the most common scenario, which obviously does not meet the definition of a Web server that supports high concurrent access, it is necessary to modify the Linux kernel parameters so that Nginx can have higher performance.

There are many things that can be done when optimizing the kernel, but we usually adjust it according to business characteristics. When Nginx is used as a static web content server, a reverse proxy or a server that provides a compression server, the adjustment of kernel parameters during the period is different. Here is a simple configuration for the most general TCP network parameters that make Nginx support more concurrent requests.

The following optimized configuration of the kernel of the linux system has been tested by the online business system, and about 100000 of the servers are running well. It took some time to organize. Now I would like to share with you. If that senior person sees a problem with the configuration, please point it out!

# Controls the use of TCP syncookies# means to enable reuse. Allow TIME-WAIT sockets to be reused for new TCP connections, which defaults to 0, which means off; net.ipv4.tcp_syncookies = "A Boolean flag that controls the behavior of the kernel when there are many connection requests. If enabled, the kernel will actively send RST packets if the service is overloaded. Net.ipv4.tcp_abort_on_overflow = warning indicates that the system maintains the maximum number of TIME_WAIT at the same time, and if this number is exceeded, the TIME_WAIT will be cleared immediately and a warning message will be printed. # default is 180000, which is changed to 6000. For servers such as Apache and Nginx, this parameter controls the maximum number of TIME_WAIT, and the server is dragged to death by a large number of TIME_WAIT net.ipv4.tcp _ max_tw_buckets = 600. this file indicates whether the sliding window size of the tcp/ip session is variable. The parameter value is a Boolean value, a value of 1 means variable, and a value of 0 means immutable. Tcp/ip usually uses windows up to 65535 bytes, which may be too small for high-speed networks. At this time, if this feature is enabled, the sliding window size of tcp/ip can be increased by several orders of magnitude, thus improving the ability of data transmission. Net.ipv4.tcp_window_scaling = 1#TCP receive buffer net.ipv4.tcp_rmem = 4096 87380 4194304#TCP send buffer net.ipv4.tcp_wmem = 4096 66384 419430 buffer # Out of socket memorynet.ipv4.tcp_mem = 94500000 915000000927000000.This file represents the maximum buffer size allowed per socket. Net.core.optmem_max = 8192 this file specifies the default (in bytes) for the buffer size of the send socket. Net.core.wmem_default = 838860 bytes specifies the maximum send socket buffer size in bytes. Net.core.wmem_max = 167772bytes specifies the default value (in bytes) of the receive socket buffer size. Net.core.rmem_default = 838860 bytes specifies the maximum receive socket buffer size in bytes. Net.core.rmem_max = 167772 indicates the length of the SYN queue, which defaults to 1024, and increases the queue length to 10200000 to accommodate more network connections waiting for connections. Net.ipv4.tcp_max_syn_backlog = 102000 the maximum number of packets allowed to be sent to the queue when each network interface receives packets faster than the kernel processes them. Net.core.netdev_max_backlog = the backlog of the listen function in the 862144#web application limits the net.core.somaxconn of our kernel parameters to 128 by default, while the NGX_LISTEN_BACKLOG defined by nginx defaults to 511, so it is necessary to adjust this value. Net.core.somaxconn = 26214 the maximum number of TCP sockets in the system is not associated with any one of the user file handles. If this number is exceeded, the orphan connection will be immediately reset and a warning message will be printed. # this restriction is only to prevent simple DoS attacks, can not rely too much on it or artificially reduce this value, but should increase the net.ipv4.tcp_max_orphans = 32768 timestamp to avoid the winding of sequence numbers. A 1Gbps link is sure to encounter a sequence number that has been used before. Timestamps allow the kernel to accept such "abnormal" packets. It needs to be turned off here. Net.ipv4.tcp_timestamps = connection to open a peer-to-peer connection, the kernel needs to send a SYN with an ACK that responds to the previous SYN. It is the second handshake in the so-called three-way handshake. This setting determines the number of SYN+ACK packets sent by the kernel before the connection is abandoned. Net.ipv4.tcp_synack_retries = the number of SYN packets sent before the kernel abandons establishing a connection. Www.jb51.netnet.ipv4.tcp_syn_retries = disabled means to enable fast recycling of TIME-WAIT sockets in TCP connections. Default is 0, which means disabled; net.ipv4.tcp_tw_recycle = disabled means to enable reuse. Allow TIME-WAIT sockets to be reused for new TCP connections. The default is 0, which means off; net.ipv4.tcp_tw_reuse = modify the system default TIMEOUT time. Net.ipv4.tcp_fin_timeout = messages indicates how often TCP sends keepalive messages when keepalive is enabled. The default is 2 hours and it is recommended to change it to 20 minutes. Net.ipv4.tcp_keepalive_time = 3 ports indicates the range of ports used for outbound connections. Small by default: 32768 to 61000, changed to 10000 to 65000. (note: do not set the minimum value too low here, or it may occupy the normal port! ) net.ipv4.ip_local_port_range = 1024 650000may need to load ip_conntrack module modprobe ip_conntrack. It is documented that this module fails when the firewall is turned on. # the timeout of short established net.netfilter.nf_conntrack_tcp_timeout_established = the maximum tracking connection entry allowed by 180#CONNTRACK_MAX Is a "task" (connection tracking entry) that netfilter can handle at the same time in kernel memory net.netfilter.nf_conntrack_max = 1048576net.nf_conntrack_max = 1048576

Summary

The above is the whole content of this article. I hope the content of this article has a certain reference and learning value for everyone's study or work. Thank you for your support. If you want to know more about it, please see the relevant links below.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.