Linux & Nginx performance parameter tuning

Mainly for linux file handles and network card parameter tuning

Modify
the maximum number of file handles in linux and execute
ulimit -a to
view the open files parameters.

Modify the linux system parameters. vi /etc/security/limits.conf Add

* soft nofile 65536

* hard nofile 65536

to save after modification, log out of the current user, log in again, execute ulimit -a ,ok , the parameters take effect

nginx

1. use epoll; use epoll's I/ O model such as:

events
{
   use epoll;
   worker_connections XXXX;
}


2. worker_processes 8; The

number of nginx processes, it is recommended to specify according to the number of cpus, generally a multiple of it (for example, 2 quad-core cpus are counted as 8).

3. worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;

assign a cpu to each process. In the above example, 8 processes are assigned to 8 cpus. Of course, multiple cpus can be written, or
one process can be assigned to multiple cpus.

4. worker_rlimit_nofile 65535;



5. worker_connections 65535;

the maximum number of connections allowed per process, theoretically the maximum number of connections per nginx server is worker_processes*worker_connections.

6. keepalive_timeout 60;

keepalive timeout.

7. client_header_buffer_size 4k;

the buffer size of the client request header, this can be set according to your system paging size, generally the size of a request header will not exceed 1k, but since the general system paging should be larger than 1k, so set here is the page size.


8.open_file_cache max=65535 inactive=20s;


This will specify the cache for open files, which is not enabled by default, max specifies the number of caches, it is recommended to be consistent with the number of open files, inactive refers to how long the file has not been requested and deleted cache.

9.open_file_cache_valid 30s;


This refers to how often to check the valid information of the cache.

10.open_file_cache_min_uses 1;


11.The minimum number of times the file is used during the inactive parameter time in the open_file_cache command. If it exceeds this number, the file descriptor will always be opened in the cache. As in the above example, if a file is not used once in the inactive time is used, it will be removed Optimization


about

Linux kernel parameters: vi /etc/sysctl.conf

net.ipv4.tcp_max_tw_buckets = 6000

The number of timewaits, the default is 180000.

net.ipv4.ip_local_port_range=1024 65000

The range of ports that the system is allowed to open.

net.ipv4.tcp_tw_recycle=1

enables timewait fast recycling.

net.ipv4.tcp_tw_reuse = 1 enables

reuse. Allow TIME-WAIT sockets to be reused for new TCP connections.

net.ipv4.tcp_syncookies = 1

enables SYN Cookies. When the SYN waiting queue overflows, enable cookies to process.

net.core.somaxconn = 262144

The backlog of the listen function in the web application will limit the net.core.somaxconn of the kernel parameter to 128 by default, and the NGX_LISTEN_BACKLOG defined by nginx defaults to 511, so it is necessary to adjust this value.

net.core.netdev_max_backlog = 262144

The maximum number of packets allowed to be sent to the queue when each network interface is receiving packets faster than the kernel can process them.

net.ipv4.tcp_max_orphans = 262144

The maximum number of TCP sockets in the system that are not associated with any user file handle. If this number is exceeded, the orphan connection will be reset immediately and a warning message will be printed. This limit is only to prevent simple DoS attacks, you can't rely too much on it or artificially reduce this value, but should increase this value (if you increase the memory).

net.ipv4.tcp_max_syn_backlog = 262144

The maximum number of connection requests that have not yet received client acknowledgment. For systems with 128M memory, the default value is 1024, and for systems with small memory it is 128.

net.ipv4.tcp_timestamps = 0

timestamps avoid serial number wrapping. A 1Gbps link will definitely encounter previously used serial numbers. Timestamps allow the kernel to accept such "abnormal" packets. It needs to be turned off here.

net.ipv4.tcp_synack_retries = 1

In order to open the peer connection, the kernel needs to send a SYN with an ACK in response to the previous SYN. This is the second handshake in the so-called three-way handshake. This setting determines how many SYN+ACK packets the kernel sends before giving up the connection.

net.ipv4.tcp_syn_retries = 1

The number of SYN packets sent before the kernel gives up on establishing a connection.

net.ipv4.tcp_fin_timeout = 1

If the socket is requested to be closed by the local end, this parameter determines how long it will remain in the FIN-WAIT-2 state. The peer can fail and never close the connection, or even crash unexpectedly. The default value is 60 seconds. The usual value for 2.2 kernels is 180 seconds, 3 you can press this setting, but keep in mind that even if your machine is a lightly loaded web server, there is a risk of memory overflow due to a large number of dead sockets, FIN - WAIT-2 is less dangerous than FIN-WAIT-1 because it can only eat up to 1.5K memory, but they have a longer lifetime.

net.ipv4.tcp_keepalive_time = 30

How often TCP sends keepalive messages when keepalive is enabled. The default is 2 hours.