#!/usr/bin/env bash PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin:~/bin export PATH sed -i '/fs.file-max/d' /etc/sysctl.conf sed -i '/net.core.rmem_max/d' /etc/sysctl.conf sed -i '/net.core.wmem_max/d' /etc/sysctl.conf sed -i '/net.core.rmem_default/d' /etc/sysctl.conf sed -i '/net.core.wmem_default/d' /etc/sysctl.conf sed -i '/net.core.netdev_max_backlog/d' /etc/sysctl.conf sed -i '/net.core.somaxconn/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_syncookies/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_tw_reuse/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_tw_recycle/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_fin_timeout/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_keepalive_time/d' /etc/sysctl.conf sed -i '/net.ipv4.ip_local_port_range/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_max_syn_backlog/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_max_tw_buckets/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_rmem/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_wmem/d' /etc/sysctl.conf sed -i '/net.ipv4.tcp_mtu_probing/d' /etc/sysctl.conf sed -i '/net.ipv4.ip_forward/d' /etc/sysctl.conf echo "net.ipv4.tcp_fin_timeout = 120 # fin_wait_2超时时间 net.ipv4.tcp_tw_reuse = 1 # 允许重用time_wait的tcp端口 net.ipv4.tcp_tw_recycle = 0 # 启用time_wait快速回收机制 net.ipv4.tcp_syncookies = 1 # 启用syncookies, 可防范少量syn攻击 net.ipv4.tcp_keepalive_time = 120 # keepalive idle空闲时间 net.ipv4.tcp_keepalive_intvl = 30 # keepalive intvl间隔时间 net.ipv4.tcp_keepalive_probes = 3 # keepalive probes最大探测次数 net.ipv4.tcp_max_syn_backlog = 10240 # syn队列长度 net.ipv4.tcp_max_tw_buckets = 5000 # time_wait套接字最大数量,高于该值系统会立即清理并打印警告信息 net.ipv4.route.gc_timeout = 100 net.ipv4.tcp_syn_retries = 2 # 放弃建立连接前内核发送syn包的数量 net.ipv4.tcp_synack_retries = 2 # 放弃连接前内核发送syn+ack包的数量 net.core.somaxconn = 10240 # listen()的默认参数, 等待请求的最大数量 net.core.netdev_max_backlog = 10240 # 最大设备队列长度 net.ipv4.tcp_max_orphans = 10240 # 设定最多有多少个套接字不被关联到任何一个用户文件句柄上 net.nf_conntrack_max = 25000000 #net.netfilter.nf_conntrack_max = 25000000 #net.netfilter.nf_conntrack_tcp_timeout_established = 180 #net.netfilter.nf_conntrack_tcp_timeout_time_wait = 120 #net.netfilter.nf_conntrack_tcp_timeout_close_wait = 60 #net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 120kernel.pid_max = 65535 net.core.rmem_default = 8388608 # socket默认读buffer大小 net.core.wmem_default = 8388608 # socket默认写buffer大小 net.core.rmem_max = 16777216 # socket最大读buffer大小 net.core.wmem_max = 16777216 # socket最大写buffer大小 net.ipv4.tcp_rmem = 32768 436600 873200 # tcp_socket读buffer大小 net.ipv4.tcp_wmem = 8192 436600 873200 # tcp_socket写buffer大小 net.ipv4.tcp_mem = 177945 216076 254208 # 确定tcp栈应该如何反映内存使用 net.ipv4.tcp_fastopen = 3 # 开启tcp_fastopen(内核 3.7 +) fs.file-max = 500000000 # 最大允许的文件描述符数量 net.ipv4.ip_forward = 1 # 1允许网卡之间的数据包转发 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 kernel.sysrq = 0 kernel.core_uses_pid = 1 kernel.msgmnb = 65536 kernel.msgmax = 65536 kernel.shmmax = 68719476736 kernel.shmall = 4294967296 net.ipv4.tcp_sack = 1 net.ipv4.tcp_window_scaling = 1 # turn on path MTU discovery net.ipv4.tcp_mtu_probing = 1 net.ipv4.tcp_timestamps = 1 net.ipv4.ip_local_port_range = 1024 65000 # 动态分配端口的范围 ## net/ipv4/tcp_mem 解释 #net.ipv4.tcp_mem = 94500000 915000000 927000000 #net.ipv4.tcp_mem[0]: 低于此值,TCP没有内存压力 # 80% of Memory #net.ipv4.tcp_mem[1]: 在此值下,进入内存压力阶段 # 90% of Memory #net.ipv4.tcp_mem[2]: 高于此值,TCP拒绝分配socket # 100% of Memory # 内存单位是页(1页=4kb),可根据物理内存大小进行调整,如果内存足够大的话,可适当往上调 #1G内存 #net.ipv4.tcp_congestion_control = bbr # 禁用整个系统所有接口的IPv6 net.ipv6.conf.all.disable_ipv6 = 1 # 禁用某一个指定接口的IPv6(例如:eth0, lo) #net.ipv6.conf.lo.disable_ipv6 = 1 #net.ipv6.conf.eth0.disable_ipv6 = 1">>/etc/sysctl.conf sysctl -p echo "* soft nofile 512000 * hard nofile 1024000">/etc/security/limits.conf echo "session required pam_limits.so">>/etc/pam.d/common-session echo "ulimit -SHn 1024000">>/etc/profile