I share optimization centos7 script for everyone, it is recommended immediately after the installation server performs the following optimization script friends
[root@test2 yum.repos.d]# cat centos7.sh
#!/bin/bash
#author junxi by
#this script is only for CentOS 7.x
#check the OS
platform
=`uname -i`
if[
$platform
!=
"x86_64"
];then
echo"this script is only for 64bit Operating System !"
exit 1
be
echo"the platform is ok"
cat<<
EOF
+---------------------------------------+
| your system is CentOS 7 x86_64 |
| start optimizing....... |
+---------------------------------------+
EOF
# Add a public DNS address
cat>>
/etc/resolv.conf
<<EOF
nameserver 223.6.6.6
EOF
#Yum source replacement for domestic source Ali
yum
installwget
-y
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
# Add Ali epel source
#add the warm
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
#yum re-establish buffer
yum clean all
yum makecache
#synchronised time
yum -y
installntp
/usr/sbin/ntpdate ntp1.aliyun.com
echo"* 4 * * * /usr/sbin/ntpdate ntp1.aliyun.com > /dev/null 2>&1"
>>
/var/spool/cron/root
systemctl restart crond.service
# Set the host name
hostnamectl set-hostname qiuyuetao
# Character Set
# Set the maximum number of open file descriptors
echo"ulimit -SHn 102400"
>>
/etc/rc.local
cat>>
/etc/security/limits.conf
<<EOF
* Soft nofile 655350
* Hard nofile 655350
EOF
# Disable selinux
sed-i
's/SELINUX=enforcing/SELINUX=disabled/'/etc/selinux/config
setenforce 0
# Turn off the firewall
systemctl disable firewalld.service
systemctl stop firewalld.service
#set ssh
sed-i
's/^GSSAPIAuthentication yes$/GSSAPIAuthentication no/'/etc/ssh/sshd_config
sed-i
's/#UseDNS yes/UseDNS no/'/etc/ssh/sshd_config
systemctl restart sshd.service
# Kernel parameter optimization
cat>>
/etc/sysctl.conf
<<EOF
#CTCDN system tuning parameters
# Ipv6 Close
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
# Neighbor decided to check how long expired entries
net.ipv4.neigh.default.gc_stale_time=120
# Use arp_announce / arp_ignore solve the ARP problem
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2
# Prevent amplification attacks
net.ipv4.icmp_echo_ignore_broadcasts = 1
# Open a malicious icmp error message protection
net.ipv4.icmp_ignore_bogus_error_responses = 1
# Turn off Route Forwarding
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
# Enable reverse path filtering
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Passive routing of packet processing
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
# Disable function sysrq
kernel.sysrq = 0
#core add the file name extension as the pid
kernel.core_uses_pid = 1
# Enable SYN flood attack protection
net.ipv4.tcp_syncookies = 1
# Modify the message queue length
kernel.msgmnb = 65536
kernel.msgmax = 65536
# Set the maximum shared memory segment size bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
#Timewait number of default 180 000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
When fast rate # of each network interface to receive packets rate than the core processing of these packages, the maximum allowed number of packets to the queue
net.core.netdev_max_backlog = 262144
# Restrictions only to prevent simple DoS attacks
net.ipv4.tcp_max_orphans = 3276800
# Client acknowledgment is not received connection information request maximum
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
# Kernel to give up the number of established connection before sending packets SYNACK
net.ipv4.tcp_synack_retries = 1
# Kernel abandon establish the number of SYN packets sent before the connection
net.ipv4.tcp_syn_retries = 1
# Enable rapid recovery timewait
net.ipv4.tcp_tw_recycle = 0
# Enable reuse. TIME-WAIT sockets allow for new TCP connection re
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
When the only use of keepalive #, TCP transmission frequency of keepalive messages. The default is 2 hours
net.ipv4.tcp_keepalive_time = 1800
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 15
# Allow the system to open a range of ports
net.ipv4.ip_local_port_range = 1024 65000
# Modify the firewall table size, default 65536
net.netfilter.nf_conntrack_max=655350
net.netfilter.nf_conntrack_tcp_timeout_established=1200
# Ensure that no one can modify the routing table
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
EOF
/sbin/sysctl -p
#vim definition of backspace key to delete the last character type
Echo'other force equal force "
>>
/etc/profile
echo'stty erase ^H'
>>
/etc/profile
echo'curl ip.6655.com/ip.aspx&&echo'
>>
/etc/profile
cat>>
/root/.vimrc
<<EOF
set tabstop=4
set shiftwidth=4
set expandtab
syntax on
"set number
EOF
#update soft
yum -y update
cat<<
EOF
+------------------------------------------------+
| Optimization has been completed |
| After 5s restart this server! |
+------------------------------------------------+
EOF
sleep 5
reboot
## restart to load kernel modifications
The script did not mention 内核升级
, if you need to upgrade to 4.10, execute the command
rpm --import https://www.elrepo.org/RPM-GPG-KEY-elrepo.org
rpm -Uvh http://www.elrepo.org/elrepo-release-7.0-2.el7.elrepo.noarch.rpm
yum --enablerepo
=elrepo-kernel
installkernel-ml -y
&&
but-i s/saved/0/g /etc/default/grub
&&
grub2-mkconfig -o /boot/grub2/grub.cfg
&&reboot
# Does not take effect without rebooting!