Skip to content

Instantly share code, notes, and snippets.

@ylx2016

ylx2016/CentOS-Base.repo

Last active June 4, 2020 10:29
Show Gist options
  • Save ylx2016/0c1b0dd03ea4b83e8f884f2878955b53 to your computer and use it in GitHub Desktop.
Save ylx2016/0c1b0dd03ea4b83e8f884f2878955b53 to your computer and use it in GitHub Desktop.
Download ZIP
linux_tcp
Raw
CentOS-Base.repo
[base]
name=CentOS-5 - Base
baseurl=http://vault.centos.org/5.11/os/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
[updates]
name=CentOS-5 - Updates
baseurl=http://vault.centos.org/5.11/updates/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
[extras]
name=CentOS-5 - Extras
baseurl=http://vault.centos.org/5.11/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
[centosplus]
name=CentOS-5 - Plus
baseurl=http://vault.centos.org/5.11/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
[contrib]
name=CentOS-5 - Contrib
baseurl=http://vault.centos.org/5.11/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
Raw
linux_tcp.sh
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
sed -i '/fs.file-max/d' /etc/sysctl.conf
sed -i '/net.core.rmem_max/d' /etc/sysctl.conf
sed -i '/net.core.wmem_max/d' /etc/sysctl.conf
sed -i '/net.core.rmem_default/d' /etc/sysctl.conf
sed -i '/net.core.wmem_default/d' /etc/sysctl.conf
sed -i '/net.core.netdev_max_backlog/d' /etc/sysctl.conf
sed -i '/net.core.somaxconn/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_syncookies/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_tw_reuse/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_tw_recycle/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_fin_timeout/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_keepalive_time/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_local_port_range/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_syn_backlog/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_tw_buckets/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_rmem/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_wmem/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_mtu_probing/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
echo "# max open files
fs.file-max = 1024000
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096
# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1
# forward ipv4
net.ipv4.ip_forward = 1">>/etc/sysctl.conf
sysctl -p
echo "* soft nofile 512000
* hard nofile 1024000">/etc/security/limits.conf
echo "session required pam_limits.so">>/etc/pam.d/common-session
echo "ulimit -SHn 1024000">>/etc/profile
Raw
tcp.sh
#!/usr/bin/env bash
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin
export PATH
sed -i '/fs.file-max/d' /etc/sysctl.conf
sed -i '/net.core.rmem_max/d' /etc/sysctl.conf
sed -i '/net.core.wmem_max/d' /etc/sysctl.conf
sed -i '/net.core.rmem_default/d' /etc/sysctl.conf
sed -i '/net.core.wmem_default/d' /etc/sysctl.conf
sed -i '/net.core.netdev_max_backlog/d' /etc/sysctl.conf
sed -i '/net.core.somaxconn/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_syncookies/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_tw_reuse/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_tw_recycle/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_fin_timeout/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_keepalive_time/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_local_port_range/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_syn_backlog/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_max_tw_buckets/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_rmem/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_wmem/d' /etc/sysctl.conf
sed -i '/net.ipv4.tcp_mtu_probing/d' /etc/sysctl.conf
sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf
echo "net.ipv4.tcp_fin_timeout = 120
# fin_wait_2超时时间
net.ipv4.tcp_tw_reuse = 1
# 允许重用time_wait的tcp端口
net.ipv4.tcp_tw_recycle = 0
# 启用time_wait快速回收机制
net.ipv4.tcp_syncookies = 1
# 启用syncookies, 可防范少量syn攻击
net.ipv4.tcp_keepalive_time = 120
# keepalive idle空闲时间
net.ipv4.tcp_keepalive_intvl = 30
# keepalive intvl间隔时间
net.ipv4.tcp_keepalive_probes = 3
# keepalive probes最大探测次数
net.ipv4.tcp_max_syn_backlog = 10240
# syn队列长度
net.ipv4.tcp_max_tw_buckets = 5000
# time_wait套接字最大数量,高于该值系统会立即清理并打印警告信息
net.ipv4.route.gc_timeout = 100
net.ipv4.tcp_syn_retries = 2
# 放弃建立连接前内核发送syn包的数量
net.ipv4.tcp_synack_retries = 2
# 放弃连接前内核发送syn+ack包的数量
net.core.somaxconn = 10240
# listen()的默认参数, 等待请求的最大数量
net.core.netdev_max_backlog = 10240
# 最大设备队列长度
net.ipv4.tcp_max_orphans = 10240
# 设定最多有多少个套接字不被关联到任何一个用户文件句柄上
net.nf_conntrack_max = 25000000
#net.netfilter.nf_conntrack_max = 25000000
#net.netfilter.nf_conntrack_tcp_timeout_established = 180
#net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120
#net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60
#net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120kernel.pid_max = 65535
net.core.rmem_default = 8388608
# socket默认读buffer大小
net.core.wmem_default = 8388608
# socket默认写buffer大小
net.core.rmem_max = 16777216
# socket最大读buffer大小
net.core.wmem_max = 16777216
# socket最大写buffer大小
net.ipv4.tcp_rmem = 32768 436600 873200
# tcp_socket读buffer大小
net.ipv4.tcp_wmem = 8192 436600 873200
# tcp_socket写buffer大小
net.ipv4.tcp_mem = 177945 216076 254208
# 确定tcp栈应该如何反映内存使用
net.ipv4.tcp_fastopen = 3
# 开启tcp_fastopen(内核 3.7 +)
fs.file-max = 500000000
# 最大允许的文件描述符数量
net.ipv4.ip_forward = 1
# 1允许网卡之间的数据包转发
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.ip_local_port_range = 1024 65000
# 动态分配端口的范围
## net/ipv4/tcp_mem 解释
#net.ipv4.tcp_mem = 94500000 915000000 927000000
#net.ipv4.tcp_mem[0]: 低于此值,TCP没有内存压力
# 80% of Memory
#net.ipv4.tcp_mem[1]: 在此值下,进入内存压力阶段
# 90% of Memory
#net.ipv4.tcp_mem[2]: 高于此值,TCP拒绝分配socket
# 100% of Memory
# 内存单位是页(1页=4kb),可根据物理内存大小进行调整,如果内存足够大的话,可适当往上调
#1G内存
#net.ipv4.tcp_congestion_control = bbr
# 禁用整个系统所有接口的IPv6
net.ipv6.conf.all.disable_ipv6 = 1
# 禁用某一个指定接口的IPv6(例如:eth0, lo)
#net.ipv6.conf.lo.disable_ipv6 = 1
#net.ipv6.conf.eth0.disable_ipv6 = 1">>/etc/sysctl.conf
sysctl -p
echo "* soft nofile 512000
* hard nofile 1024000">/etc/security/limits.conf
echo "session required pam_limits.so">>/etc/pam.d/common-session
echo "ulimit -SHn 1024000">>/etc/profile
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment