1、nano /etc/security/limits.conf # 解决ulimit -n
* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535

2、nano /etc/pam.d/login
session required /lib64/security/pam_limits.so

3、nano /etc/sysctl.conf
添加:
fs.file-max = 2097152

# 减少交换内存使用,默认60,建议10-30
vm.swappiness=10

net.ipv4.tcp_no_metrics_save = 1

# 禁用 sysrq 功能
kernel.sysrq = 0

# 设置为1,防止 SYNC FLOOD 攻击
net.ipv4.tcp_syncookies = 1

# 消息队列的最大消息大小,默认8k,建议64kb
kernel.msgmax = 65536

# 消息队列存放消息的总字节数
kernel.msgmnb = 163840

# TIME_WAIT socket的最大数目,不宜太大或者太小,nginx反向代理必备
net.ipv4.tcp_max_tw_buckets = 50000

# 打开 SACK 选项,设置为1
net.ipv4.tcp_sack = 1

# 激活窗口扩充因子,支持64kb以上数据传输
net.ipv4.tcp_window_scaling = 1

# TCP 缓冲区内存,连接数达到非常高时候需要配置好
net.ipv4.tcp_mem = 786432 2097152 3145728  
net.ipv4.tcp_rmem = 4096 4096 16777216
net.ipv4.tcp_wmem = 4096 4096 16777216

# socket缓冲区默认值和最大值
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

# ACCEPT等待队列长度,适当,太大了堆积也无用 
net.core.netdev_max_backlog = 65535

# 允许最大并发连接数,重要
net.core.somaxconn = 65535

# 不属于任何进程的socket数目,不宜太大,防止攻击
net.ipv4.tcp_max_orphans = 65535

# SYNC等待队列长度,适当,太大了排队也没用
net.ipv4.tcp_max_syn_backlog = 65535

# 禁用timestamp,重要,高并发下设置为0
net.ipv4.tcp_timestamps = 0

# 发送 SYNC+ACK 的重试次数,不宜太大,5以内
net.ipv4.tcp_synack_retries = 1
# 发送SYNC的重试次数,不宜太大,5以内
net.ipv4.tcp_syn_retries = 1

# 允许回收TCP连接,重要,必须为1
net.ipv4.tcp_tw_recycle = 1
 
 # 允许重用TCP连接,重要,必须为1
net.ipv4.tcp_tw_reuse = 1

# 服务端主动关闭后,客户端释放连接的超时,重要,<30
net.ipv4.tcp_fin_timeout = 5

# 允许TCP保持的空闲keepalive时长,不需要太长
net.ipv4.tcp_keepalive_time = 30

# 系统作为TCP客户端连接自动使用的端口(start,end),可发起并发连接数为end-start
net.ipv4.ip_local_port_range = 10240 65535

# NAT转发
net.ipv4.ip_forward=1

# 防止不正确的udp包的攻击
net.inet.udp.checksum=1

# 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses=1

# 避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1

# 关闭tcp的连接传输的慢启动,即先休止一段时间,再初始化拥塞窗口
net.ipv4.tcp_slow_start_after_idle = 0

sysctl -p

4、nano /etc/pam.d/common-session 加入:
session required pam_limits.so

5、nano /etc/profile 加入:
ulimit -SHn 65535
Last modification:July 21st, 2020 at 09:56 am
如果觉得我的文章对你有用,请随意赞赏