How to optimize the Linux kernel of high-concurrency nginx server-Nginx-php.cn

Home

Operation and Maintenance

Nginx

How to optimize the Linux kernel of high-concurrency nginx server

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

May 15, 2023 pm 12:10 PM

linuxnginx

The code is as follows:

# controls the use of tcp syncookies

#表示开启重用。允许将time-wait sockets重新用于新的tcp连接，默认为0，表示关闭；
net.ipv4.tcp_syncookies = 1

#一个布尔类型的标志，控制着当有很多的连接请求时内核的行为。启用的话，如果服务超载，内核将主动地发送rst包。
net.ipv4.tcp_abort_on_overflow = 1

#表示系统同时保持time_wait的最大数量，如果超过这个数字，time_wait将立刻被清除并打印警告信息。
#默认为180000，改为6000。对于apache、nginx等服务器，此项参数可以控制time_wait的最大数量,服务器被大量的time_wait拖死
net.ipv4.tcp_max_tw_buckets = 6000

#有选择的应答
net.ipv4.tcp_sack = 1

#该文件表示设置tcp/ip会话的滑动窗口大小是否可变。参数值为布尔值，为1时表示可变，为0时表示不可变。tcp/ip通常使用的窗口最大可达到65535 字节，对于高速网络.
#该值可能太小，这时候如果启用了该功能，可以使tcp/ip滑动窗口大小增大数个数量级，从而提高数据传输的能力。
net.ipv4.tcp_window_scaling = 1

#tcp接收缓冲区
net.ipv4.tcp_rmem = 4096    87380  4194304

#tcp发送缓冲区
net.ipv4.tcp_wmem = 4096    66384  4194304

# # out of socket memory
net.ipv4.tcp_mem = 94500000 915000000 927000000

#该文件表示每个套接字所允许的最大缓冲区的大小。
net.core.optmem_max = 81920

#该文件指定了发送套接字缓冲区大小的缺省值（以字节为单位）。
net.core.wmem_default = 8388608

#指定了发送套接字缓冲区大小的最大值（以字节为单位）。
net.core.wmem_max = 16777216

#指定了接收套接字缓冲区大小的缺省值（以字节为单位）。
net.core.rmem_default = 8388608

#指定了接收套接字缓冲区大小的最大值（以字节为单位）。
net.core.rmem_max = 16777216

#表示syn队列的长度,默认为1024,加大队列长度为10200000,可以容纳更多等待连接的网络连接数。

net.ipv4.tcp_max_syn_backlog = 1020000

#每个网络接口接收数据包的速率比内核处理这些包的速率快时，允许送到队列的数据包的最大数目。
net.core.netdev_max_backlog = 862144

#web 应用中listen 函数的backlog 默认会给我们内核参数的net.core.somaxconn 限制到128，而nginx 定义的ngx_listen_backlog 默认为511，所以有必要调整这个值。
net.core.somaxconn = 262144

#系统中最多有多少个tcp 套接字不被关联到任何一个用户文件句柄上。如果超过这个数字，孤儿连接将即刻被复位并打印出警告信息。


#这个限制仅仅是为了防止简单的dos 攻击，不能过分依靠它或者人为地减小这个值，更应该增加这个
net.ipv4.tcp_max_orphans = 327680

#时间戳可以避免序列号的卷绕。一个1gbps 的链路肯定会遇到以前用过的序列号。时间戳能够让内核接受这种“异常”的数据包。这里需要将其关掉。
net.ipv4.tcp_timestamps = 0

#为了打开对端的连接，内核需要发送一个syn 并附带一个回应前面一个syn 的ack。也就是所谓三次握手中的第二次握手。这个设置决定了内核放弃连接之前发送syn+ack 包的数量。
net.ipv4.tcp_synack_retries = 1

#在内核放弃建立连接之前发送syn 包的数量。www.jb51.net
net.ipv4.tcp_syn_retries = 1

#表示开启tcp连接中time-wait sockets的快速回收，默认为0，表示关闭；
net.ipv4.tcp_tw_recycle = 1

#表示开启重用。允许将time-wait sockets重新用于新的tcp连接，默认为0，表示关闭；
net.ipv4.tcp_tw_reuse = 1

#修改系統默认的 timeout 时间。
net.ipv4.tcp_fin_timeout = 15

#表示当keepalive起用的时候，tcp发送keepalive消息的频度。缺省是2小时，建议改为20分钟。
net.ipv4.tcp_keepalive_time = 30

#表示用于向外连接的端口范围。缺省情况下很小：32768到61000，改为10000到65000。（注意：这里不要将最低值设的太低，否则可能会占用掉正常的端口！）
net.ipv4.ip_local_port_range = 1024  65000

#以下可能需要加载ip_conntrack模块 modprobe ip_conntrack ,有文档说防火墙开启情况下此模块失效

#縮短established的超時時間
net.netfilter.nf_conntrack_tcp_timeout_established = 180

#conntrack_max 允许的最大跟踪连接条目，是在内核内存中netfilter可以同时处理的“任务”（连接跟踪条目）
net.netfilter.nf_conntrack_max = 1048576
net.nf_conntrack_max = 1048576

The above is the detailed content of How to optimize the Linux kernel of high-concurrency nginx server. For more information, please follow other related articles on the PHP Chinese website!

Statement

This article is reproduced at:亿速云. If there is any infringement, please contact admin@php.cn delete

The Ultimate Showdown: NGINX vs. ApacheApr 18, 2025 am 12:02 AM

NGINX is suitable for handling high concurrent requests, while Apache is suitable for scenarios where complex configurations and functional extensions are required. 1.NGINX adopts an event-driven, non-blocking architecture, and is suitable for high concurrency environments. 2. Apache adopts process or thread model to provide a rich module ecosystem that is suitable for complex configuration needs.

NGINX in Action: Examples and Real-World ApplicationsApr 17, 2025 am 12:18 AM

NGINX can be used to improve website performance, security, and scalability. 1) As a reverse proxy and load balancer, NGINX can optimize back-end services and share traffic. 2) Through event-driven and asynchronous architecture, NGINX efficiently handles high concurrent connections. 3) Configuration files allow flexible definition of rules, such as static file service and load balancing. 4) Optimization suggestions include enabling Gzip compression, using cache and tuning the worker process.

NGINX Unit: Supporting Different Programming LanguagesApr 16, 2025 am 12:15 AM

NGINXUnit supports multiple programming languages and is implemented through modular design. 1. Loading language module: Load the corresponding module according to the configuration file. 2. Application startup: Execute application code when the calling language runs. 3. Request processing: forward the request to the application instance. 4. Response return: Return the processed response to the client.

Choosing Between NGINX and Apache: The Right Fit for Your NeedsApr 15, 2025 am 12:04 AM

NGINX and Apache have their own advantages and disadvantages and are suitable for different scenarios. 1.NGINX is suitable for high concurrency and low resource consumption scenarios. 2. Apache is suitable for scenarios where complex configurations and rich modules are required. By comparing their core features, performance differences, and best practices, you can help you choose the server software that best suits your needs.

How to start nginxApr 14, 2025 pm 01:06 PM

Question: How to start Nginx? Answer: Install Nginx Startup Nginx Verification Nginx Is Nginx Started Explore other startup options Automatically start Nginx

How to check whether nginx is startedApr 14, 2025 pm 01:03 PM

How to confirm whether Nginx is started: 1. Use the command line: systemctl status nginx (Linux/Unix), netstat -ano | findstr 80 (Windows); 2. Check whether port 80 is open; 3. Check the Nginx startup message in the system log; 4. Use third-party tools, such as Nagios, Zabbix, and Icinga.

How to close nginxApr 14, 2025 pm 01:00 PM

To shut down the Nginx service, follow these steps: Determine the installation type: Red Hat/CentOS (systemctl status nginx) or Debian/Ubuntu (service nginx status) Stop the service: Red Hat/CentOS (systemctl stop nginx) or Debian/Ubuntu (service nginx stop) Disable automatic startup (optional): Red Hat/CentOS (systemctl disabled nginx) or Debian/Ubuntu (syst

How to configure nginx in WindowsApr 14, 2025 pm 12:57 PM

How to configure Nginx in Windows? Install Nginx and create a virtual host configuration. Modify the main configuration file and include the virtual host configuration. Start or reload Nginx. Test the configuration and view the website. Selectively enable SSL and configure SSL certificates. Selectively set the firewall to allow port 80 and 443 traffic.

See all articles

Hot AI Tools

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress images for free

Clothoff.io

AI clothes remover

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

R.E.P.O. Best Graphic Settings

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Assassin's Creed Shadows: Seashell Riddle Solution

3 weeks agoByDDD

What's New in Windows 11 KB5054979 & How to Fix Update Issues

2 weeks agoByDDD

Will R.E.P.O. Have Crossplay?

1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

MinGW - Minimalist GNU for Windows

This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.