cat >> /etc/security/limits.conf <<EOF root soft nofile 40960 root hard nofile 65536 nobody soft nofile 40960 nobody hard nofile 65536 nginx soft nofile 40960 nginx hard nofile 65536 EOF cat >> /etc/security/limits.conf <<EOF * soft nofile 1050000 * hard nofile 1050000 EOF cat >> /etc/sysctl.conf <<EOF net.core.rmem_default = 10000000 net.core.rmem_max = 32949076 net.core.wmem_default = 10000000 net.core.wmem_max = 32949076 net.core.optmem_max = 32949076 net.core.somaxconn = 1024 net.ipv4.ip_local_port_range = 1024 65500 net.ipv4.tcp_sack = 0 net.ipv4.tcp_syncookies = 0 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 60 net.ipv4.tcp_keepalive_time = 1200 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_max_tw_buckets = 10240 EOF /sbin/sysctl -p
net.ipv4.tcp_syncookies = 0必须禁用
net.ipv4.tcp_max_tw_buckets 尽可能大,增加TIME_WAIT列队长度
如果是WEB服务器,开启状态监视
location /nginx_status {
stub_status on;
access_log on;
}
测试客户端
cat >> /etc/security/limits.conf <<EOF nginx soft nofile 1000000 nginx hard nofile 1000000 EOF or ulimit -SHn 1090000
观察TCP状态
# cat tcp.sh
netstat -n | awk '/^tcp/ {++state[$NF]} END {for(key in state) print key,"\t",state[key]}'
# watch ./tcp.sh
原文出处:Netkiller 系列 手札
本文作者:陈景峯
转载请与作者联系,同时请务必标明文章原始出处和作者信息及本声明。