Linux kernel parameter tuning: net.ipv4

Others 2020-11-14 10:59:27 views: null

Article Directory

1, network optimization

[wang@c6 ~]# cat a
net.ipv4.tcp_keepalive_time=600  #(10分钟) 默认是2小时7200s
net.ipv4.tcp_keepalive_probes=3  #当探测没有确认, 发送确认包的次数默认9次
net.ipv4.tcp_keepalive_intvl=15  #当探测没有确认,每次发送的时间间隔 默认75s

net.ipv4.tcp_max_syn_backlog=8192 #SYN队列的长度,默认1024,加大以容纳更多等待连接的网络连接
net.ipv4.tcp_syncookies=1 #表示开启,默认关闭;当出现SYN等待队列溢出时,启用cookies来处理,

net.ipv4.tcp_tw_reuse=1 #表示开启重用,默认关闭;允许将TIME-WAIT sockets重新用于新的TCP连接
net.ipv4.tcp_tw_recycle=1 #表示开启,默认关闭;TCP连接中TIME-WAIT 快速回收
net.ipv4.tcp_max_tw_buckets=5000 #同时保持TIME_WAIT套接字的最大数量,如果超过这个数字,TIME_WAIT套接字将被清除

net.ipv4.tcp_fin_timeout=30  #默认60s,修改系默认的 TIMEOUT 时间

#修改配置
[wang@c6 ~]# cat a |grep -v ^$|sed 's/^/sysctl -w /' |bash
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_fin_timeout = 30

#保存配置
[wang@c6 ~]# cat a >> /etc/sysctl.conf
....

2. Tomcat configuration

executor (thread pool) https://tomcat.apache.org/tomcat-8.0-doc/config/executor.html
http connector (receive different protocol requests): https://tomcat.apache.org/tomcat -8.0-doc/config/http.html

a, server.xml

<?xml version="1.0" encoding="UTF-8"?>
<Server port="8005" shutdown="SHUTDOWN">
  <Listener className="org.apache.catalina.startup.VersionLoggerListener" />
  <!-- Security listener. Documentation at /docs/config/listeners.html
  <Listener className="org.apache.catalina.security.SecurityListener" /> -->
  <Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" />
  <Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener" />
  <Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener" />
  <Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener" />

   <GlobalNamingResources>
    <Resource name="UserDatabase" auth="Container"
              type="org.apache.catalina.UserDatabase"
              description="User database that can be updated and saved"
              factory="org.apache.catalina.users.MemoryUserDatabaseFactory"
              pathname="conf/tomcat-users.xml" />
  </GlobalNamingResources>

  <Service name="Catalina">
	<Executor name="tomcatThreadPool"  namePrefix="catalina-exec-"
		maxThreads="500" prestartminSpareThreads="true" minSpareThreads="10" 
		/>

	<Connector executor="tomcatThreadPool" 
	       port="8080" protocol="org.apache.coyote.http11.Http11NioProtocol"  redirectPort="8443" 
	       connectionTimeout="20000" 
	       maxConnections="10000"  acceptCount="100"  acceptorThreadCount="2"
	       maxCookieCount="500"   useSendfile="true"

	       maxKeepAliveRequests="500" processorCache="500" 
	       socketBuffer="9000"  socket.appReadBufSize="8192" socket.appWriteBufSize="8192"
	       socket.bufferPool="500"  socket.processorCache="500" socket.socketWrapperCache="500"
	      
	       URIEncoding="UTF-8" 
	       compression="off" compressionMinSize="1024"
	       compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/javascript,application/json"
	       />

	<!--
	 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true"
		maxThreads="150" scheme="https" secure="true"
		keystoreFile="C:\tomca.keystore"
		keystorePass="123456"
		clientAuth="false" 
		/> 
	
	    <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
		       maxThreads="150" SSLEnabled="true">
		<SSLHostConfig>
		    <Certificate certificateKeystoreFile="conf/localhost-rsa.jks" type="RSA" />
		</SSLHostConfig>

		<SSLHostConfig>
		    <Certificate certificateKeyFile="conf/localhost-rsa-key.pem"
				 certificateFile="conf/localhost-rsa-cert.pem"
				 certificateChainFile="conf/localhost-rsa-chain.pem"
				 type="RSA" />
		</SSLHostConfig>
	    </Connector>
	-->

    <Engine name="Catalina" defaultHost="localhost">
	      <Realm className="org.apache.catalina.realm.LockOutRealm">
		      <Realm className="org.apache.catalina.realm.UserDatabaseRealm" resourceName="UserDatabase"/>
	      </Realm>

	      <Host name="localhost"  appBase="webapps" unpackWARs="true" autoDeploy="true">   
		  <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs"
		       prefix="localhost_access_log" suffix=".txt"
		       pattern="%h %l %u %t &quot;%r&quot; %s %b" />
	      </Host>
    </Engine>
  </Service>
</Server>

b, setenv.sh

[wang@c6 ~]# grep -n setenv.sh /opt/apache-tomcat-8.5.54/bin/catalina.sh
27:#   setenv.sh in CATALINA_BASE/bin to keep your customizations separate.
153:# but allow them to be specified in setenv.sh, in rare case when it is needed.
156:if [ -r "$CATALINA_BASE/bin/setenv.sh" ]; then
157:  . "$CATALINA_BASE/bin/setenv.sh"

[wang@c6 ~]# grep -n setenv.bat /opt/apache-tomcat-8.5.54/bin/catalina.bat
26:rem   setenv.bat in CATALINA_BASE/bin to keep your customizations separate.
31:rem   local customizations made in a CATALINA_BASE/bin/setenv.bat script
172:rem but allow them to be specified in setenv.bat, in rare case when it is needed.
180:if exist "%CATALINA_HOME%\bin\setenv.bat" call "%CATALINA_HOME%\bin\setenv.bat"


[wang@c6 ~]# cat /opt/apache-tomcat-8.5.54/bin/setenv.sh
JAVA_OPTS="$JAVA_OPTS -Djava.security.egd=file:/dev/./urandom \
           -Xms4g -Xmx4g -XX:NewSize=2g -XX:MaxNewSize=2g  -XX:SurvivorRatio=8 \
           -XX:+UseG1GC"

c, monitor page view

[wang@c6 ~]# tail -4 /opt/apache-tomcat-8.5.54/conf/tomcat-users.xml
  <role rolename="manager-gui"/>
  <user username="tomcat" password="tomcat" roles="manager-gui"/>
</tomcat-users>

[wang@c6 ~]# tail -4 /opt/apache-tomcat-8.5.54/conf/Catalina/localhost/manager.xml
<Context privileged="true" antiResourceLocking="false"  docBase="${catalina.home}/webapps/manager">
        <Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="^192.168.*$" />
</Context>

#### 这个文件,可以保持不动 (只需修改以上两个文件)  ####
[wang@c6 ~]# tail -4 /opt/apache-tomcat-8.5.54/webapps/manager/META-INF/context.xml
  <Valve className="org.apache.catalina.valves.RemoteAddrValve"
         allow="127\.\d+\.\d+\.\d+|::1|0:0:0:0:0:0:0:1" />
  <Manager sessionAttributeValueClassNameFilter="java\.lang\.(?:Boolean|Integer|Long|Number|String)|org\.apache\.catalina\.filters\.CsrfPreventionFilter\$LruCache(?:\$1)?|java\.util\.(?:Linked)?HashMap"/>
</Context>

Insert picture description here

d, log retention period

[wang@c6 ~]# grep maxDays  /opt/apache-tomcat-8.5.54/conf/server.xml -A 1
  <Valve className="org.apache.catalina.valves.AccessLogValve" directory="logs" maxDays="1"
    prefix="localhost_access_log" suffix=".txt"


[wang@c6 ~]# grep maxDays  /opt/apache-tomcat-8.5.54/conf/logging.properties
1catalina.org.apache.juli.AsyncFileHandler.maxDays=1
2localhost.org.apache.juli.AsyncFileHandler.maxDays=1
3manager.org.apache.juli.AsyncFileHandler.maxDays=1
4host-manager.org.apache.juli.AsyncFileHandler.maxDays=1

Guess you like

Origin blog.csdn.net/eyeofeagle/article/details/109356516
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com