Modify /etc/sysctl.conf file
net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_timestamps = 0 net.ipv4.ip_local_port_range = 1024 65000 fs.file-max=655360 net.netfilter.nf_conntrack_max = 798641
The above parameters exist in the corresponding directory under /proc/sys/
quote
At present, most ip_conntrack_* have been replaced by nf_conntrack_*, many ip_conntrack_* are just aliases, the original ip_conntrack /proc/sys/net/ipv4/netfilter/ still exists, but the new nf_conntrack is in /proc/sys/net/netfilter / middle
quote
file-max is to set the number of files that can be opened by all processes in the system
/proc/sys/fs/file-max
/proc/sys/fs/file-max
quote
ip_conntrack is a module for tracking connection entries in Linux NAT. It records the allowed tracking connection entries. The ip_conntrack module will record the established connection records of the tcp communication protocol, and the preset timeout time is up to five days (432,000 seconds). Therefore, when someone uses p2p in the local area network Such software can easily make ip_conntrack reach the maximum value...and this is the reason.
echo "3600" > /proc/sys/net/netfilter/nf_conntrack_tcp_timeout_established
/etc/security/limits.conf
* soft nofile 1000000 * hard nofile 1000000
quote
The role of ulimit: that is, to set the resource limit of the current shell and the process started by it
quote
1. Verify the limit of a process
# ps -ef |grep nginx
will bring the obtained PID XXX into the following
#cat /proc/XXX/limits to
view the line of Max open files
2. Verify the system level limit
# ulimit -n
3 .Verify kernel level limit
#cat /proc/sys/fs/file-max