系统内核优化参数

物理机参数优化，连接数及文件打开数为1000万

https://zhuanlan.zhihu.com/p/29334504 time out https://www.unixso.com/Linux/CentOS-TIME_WAIT.html

https://moonbingbing.gitbooks.io/openresty-best-practices/content/ngx_lua/lua-limit.html openresty 最佳实践

# !/bin/bash # 一个任务最多可以同时打开的文件数设置为1000W sed -i '/[soft|hard] *nofile */d' /etc/security/limits.conf echo -e '* soft nofile 10000000\n* hard nofile 10000000' >> /etc/security/limits.conf # 当前用户同时打开的进程（包括线程）的最大个数设置为102400。 if [ -f /etc/security/limits.d/20-nproc.conf ];then grep -w '102400' /etc/security/limits.d/20-nproc.conf || sed -i 's/4096$/102400/' /etc/security/limits.d/20-nproc.conf else echo '* soft nproc 102400' > /etc/security/limits.d/20-nproc.conf echo 'root soft nproc unlimited' >> /etc/security/limits.d/20-nproc.conf fi # systemd处理,limits.conf只添加资源限制参数，会被覆盖 [ -d /etc/systemd/system.conf.d/ ] || mkdir /etc/systemd/system.conf.d/ cd /etc/systemd/system.conf.d/ echo -e "[Manager]\nDefaultLimitCORE=infinity\nDefaultLimitNOFILE=10000000\nDefaultLimitNPROC=10000000" > limits.conf systemctl daemon-reload # 网络连接优化。net.core.somaxconn--centos7中的最大数不能超过65535. # 先删除之前存在的参数 cat > /etc/sysctl.conf <<EOF # sysctl settings are defined through files in # /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/. # # Vendors settings live in /usr/lib/sysctl.d/. # To override a whole file, create a new file with the same in # /etc/sysctl.d/ and put new settings there. To override # only specific settings, add a file with a lexically later # name in /etc/sysctl.d/ and put new settings there. # # For more information, see sysctl.conf(5) and sysctl.d(5). net.ipv4.neigh.default.gc_thresh1=512 net.ipv4.neigh.default.gc_thresh2=2048 net.ipv4.neigh.default.gc_thresh3=4096 fs.file-max=10000000 fs.nr_open=10000000 net.ipv4.tcp_tw_reuse=1 net.ipv4.tcp_tw_recycle=1 net.ipv4.tcp_fin_timeout=30 net.ipv4.tcp_keepalive_time=1200 net.ipv4.ip_local_port_range=10000 65000 net.ipv4.tcp_max_syn_backlog=204800 net.ipv4.tcp_max_tw_buckets=204800 net.ipv4.tcp_max_orphans=204800 net.core.netdev_max_backlog=204800 net.core.somaxconn=65000 vm.swappiness=0 net.ipv4.ip_nonlocal_bind=1 net.unix.max_dgram_qlen=128 net.ipv4.ip_forward=0 net.bridge.bridge-nf-call-iptables=0 net.bridge.bridge-nf-call-ip6tables=0 net.bridge.bridge-nf-call-arptables=0 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0 net.ipv4.conf.all.accept_source_route=0 net.ipv4.conf.default.accept_source_route=0 EOF /sbin/sysctl -p /etc/sysctl.conf ulimit -n 10000000 # 优化网络 echo 1250000 > /sys/module/nf_conntrack/parameters/hashsize echo "options nf_conntrack hashsize=1250000" > /etc/modprobe.d/nf_conntrack.conf sysctl -w net.netfilter.nf_conntrack_max=10000000