×ðÁú¿­Ê±

CentOS´î½¨webЧÀÍÆ÷ʱµÄÍøÂçÓÅ»¯Óëµ÷У¼¼ÇÉ

CentOS´î½¨WebЧÀÍÆ÷ʱµÄÍøÂçÓÅ»¯Óëµ÷У¼¼ÇÉ

Ëæ×Å»¥ÁªÍøµÄÉú³¤ £¬WebЧÀÍÆ÷µÄ´î½¨±äµÃÔ½À´Ô½Ö÷Òª¡£CentOS×÷Ϊһ¿î³£ÓõIJÙ×÷ϵͳ £¬±»ÆÕ±éÓÃÓڴWebЧÀÍÆ÷¡£ÎªÁËÌá¸ßЧÀÍÆ÷µÄÐÔÄܺÍÎȹÌÐÔ £¬ÍøÂçÓÅ»¯Óëµ÷У¼¼ÇɳÉΪ±Ø²»¿ÉÉÙµÄÒ»»·¡£±¾ÎĽ«ÏÈÈÝһЩCentOS´î½¨WebЧÀÍÆ÷ʱµÄÍøÂçÓÅ»¯Óëµ÷У¼¼ÇÉ £¬²¢¸½ÉÏ´úÂëʾÀý¡£

TCP/IPÕ»ÓÅ»¯

TCP/IPЭÒéÊÇÍøÂçͨѶµÄ½¹µã £¬ÓÅ»¯TCP/IPÕ»¿ÉÒÔÌá¸ßЧÀÍÆ÷µÄÍøÂçÐÔÄÜ¡£ÔÚCentOSÖÐ £¬¿ÉÒÔͨ¹ýÐÞ¸Äϵͳ²ÎÊýÀ´ÓÅ»¯TCP/IPÕ»¡£ÏÂÃæÊÇһЩ³£ÓõÄTCP/IPÕ»ÓÅ»¯²ÎÊý£º

1.1. Ìá¸ßTCPÅþÁ¬µÄ×î´óÊýÄ¿

ͨ¹ýÐÞ¸Ä/sys/…/net/ipv4/tcp_max_syn_backlogºÍ/sys/…/net/core/somaxconn²ÎÊý £¬¿ÉÒÔÌá¸ßTCPÅþÁ¬µÄ×î´óÊýÄ¿¡£

ʾÀý´úÂ룺

# ÐÞ¸Ä/sys/.../net/ipv4/tcp_max_syn_backlog²ÎÊý
echo "1000000" > /sys/.../net/ipv4/tcp_max_syn_backlog

# ÐÞ¸Ä/sys/.../net/core/somaxconn²ÎÊý
echo "1000000" > /sys/.../net/core/somaxconn

µÇ¼ºó¸´ÖÆ

1.2. Ìá¸ßTCPÅþÁ¬µÄ³¬Ê±Ê±¼ä

ͨ¹ýÐÞ¸Ä/sys/…/net/ipv4/tcp_fin_timeout²ÎÊý £¬¿ÉÒÔÌá¸ßTCPÅþÁ¬µÄ³¬Ê±Ê±¼ä¡£

ʾÀý´úÂ룺

# ÐÞ¸Ä/sys/.../net/ipv4/tcp_fin_timeout²ÎÊý
echo "30" > /sys/.../net/ipv4/tcp_fin_timeout

µÇ¼ºó¸´ÖÆ

1.3. ¿ªÆôTCP¿ìËÙ·­¿ª£¨TCP Fast Open£©

TCP¿ìËÙ·­¿ªÊÇÒ»ÖÖÓÅ»¯ÊÖÒÕ £¬Í¨¹ýÔÚÎÕÊֽ׶η¢ËÍÊý¾Ý £¬ïÔÌ­ÍøÂçÑÓ³Ù¡£ÔÚCentOSÖÐ £¬¿ÉÒÔͨ¹ýÐÞ¸Ä/sys/…/net/ipv4/tcp_fastopen²ÎÊýÀ´¿ªÆôTCP¿ìËÙ·­¿ª¡£

ʾÀý´úÂ룺

# ¿ªÆôTCP¿ìËÙ·­¿ª
echo "3" > /sys/.../net/ipv4/tcp_fastopen

µÇ¼ºó¸´ÖÆ

Keepalive¼°TimeoutÉèÖÃ

KeepaliveÊÇÒ»ÖÖ¼á³ÖTCPÅþÁ¬»îÔ¾µÄ»úÖÆ £¬TimeoutÊÇÖ¸ÔÚһ׼ʱ¼äÄÚÎÞÏìÓ¦ºó¹Ø±ÕÅþÁ¬¡£ÔÚCentOSÖÐ £¬¿ÉÒÔͨ¹ýÐÞ¸Ä/etc/…/sysctl.confÎļþÀ´ÉèÖÃKeepaliveºÍTimeout¡£

ʾÀý´úÂ룺

# ÉèÖÃKeepalive
echo "net.ipv4.tcp_keepalive_time = 1200" >> /etc/.../sysctl.conf
echo "net.ipv4.tcp_keepalive_intvl = 10" >> /etc/.../sysctl.conf
echo "net.ipv4.tcp_keepalive_probes = 6" >> /etc/.../sysctl.conf

# ÉèÖÃTimeout
echo "net.ipv4.tcp_syn_retries = 2" >> /etc/.../sysctl.conf
echo "net.ipv4.tcp_synack_retries = 2" >> /etc/.../sysctl.conf
echo "net.ipv4.tcp_retries2 = 5" >> /etc/.../sysctl.conf

µÇ¼ºó¸´ÖÆ

¿ªÆôSYN Cookie£¨¿ÉÑ¡£©

SYN CookieÊÇÒ»ÖÖµÖÓùSYN Flood¹¥»÷µÄÊÖÒÕ¡£ÔÚCentOSÖÐ £¬¿ÉÒÔͨ¹ýÐÞ¸Ä/sys/…/net/ipv4/tcp_syncookies²ÎÊýÀ´¿ªÆôSYN Cookie¡£

ʾÀý´úÂ룺

# ¿ªÆôSYN Cookie
echo "1" > /sys/.../net/ipv4/tcp_syncookies

µÇ¼ºó¸´ÖÆ

µ÷½âÎļþÐÎò·ûÏÞÖÆ

WebЧÀÍÆ÷´¦Öóͷ£´ó×ÚµÄHTTPÇëÇó £¬ÐèÒª·­¿ª´ó×ÚµÄÎļþÐÎò·û¡£ÔÚCentOSÖÐ £¬¿ÉÒÔͨ¹ýÐÞ¸Ä/etc/security/…/limits.confÎļþÀ´µ÷½âÎļþÐÎò·ûÏÞÖÆ¡£

ʾÀý´úÂ룺

# µ÷½âÎļþÐÎò·ûÏÞÖÆ
echo "www-data soft nofile 65536" >> /etc/security/.../limits.conf
echo "www-data hard nofile 65536" >> /etc/security/.../limits.conf

µÇ¼ºó¸´ÖÆ

¿ªÆôTCPÓµÈû¿ØÖÆËã·¨£¨CUBIC£©

CUBICÊÇÒ»ÖÖTCPÓµÈû¿ØÖÆËã·¨ £¬¿ÉÒÔÌá¸ßЧÀÍÆ÷µÄÍøÂçÐÔÄÜ¡£ÔÚCentOSÖÐ £¬¿ÉÒÔͨ¹ýÐÞ¸Ä/sys/…/net/ipv4/tcp_congestion_control²ÎÊýÀ´¿ªÆôCUBIC¡£

ʾÀý´úÂ룺

# ¿ªÆôCUBIC
echo "cubic" > /sys/.../net/ipv4/tcp_congestion_control

µÇ¼ºó¸´ÖÆ

×ܽ᣺

ͨ¹ýÓÅ»¯TCP/IPÕ»¡¢ÉèÖÃKeepalive¼°Timeout¡¢¿ªÆôSYN Cookie¡¢µ÷½âÎļþÐÎò·ûÏÞÖÆÒÔ¼°¿ªÆôTCPÓµÈû¿ØÖÆËã·¨ £¬¿ÉÒÔÌá¸ßCentOS´î½¨µÄWebЧÀÍÆ÷µÄÍøÂçÐÔÄܺÍÎȹÌÐÔ¡£ÉÏÊöµÄ´úÂëʾÀý¿ÉÒÔʹ¶ÁÕ߸üºÃµØÃ÷È·ÔõÑùʵÑéÕâЩ¼¼ÇÉ £¬´Ó¶øÓÐÓÃÓÅ»¯Ð§ÀÍÆ÷µÄÍøÂçÐÔÄÜ¡£Ï£Íû±¾ÎĶÔÄú´î½¨CentOS WebЧÀÍÆ÷ʱµÄÍøÂçÓÅ»¯Óëµ÷УÓÐËù×ÊÖú¡£

ÒÔÉϾÍÊÇCentOS´î½¨webЧÀÍÆ÷ʱµÄÍøÂçÓÅ»¯Óëµ÷У¼¼ÇɵÄÏêϸÄÚÈÝ £¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡

ÃâÔð˵Ã÷£ºÒÔÉÏչʾÄÚÈÝȪԴÓÚÏàÖúýÌå¡¢ÆóÒµ»ú¹¹¡¢ÍøÓÑÌṩ»òÍøÂçÍøÂçÕûÀí £¬°æȨÕùÒéÓë±¾Õ¾ÎÞ¹Ø £¬ÎÄÕÂÉæ¼°¿´·¨Óë¿´·¨²»´ú±í×ðÁú¿­Ê±ÂËÓÍ»úÍø¹Ù·½Ì¬¶È £¬Çë¶ÁÕß½ö×ö²Î¿¼¡£±¾ÎĽӴýתÔØ £¬×ªÔØÇë˵Ã÷À´ÓÉ¡£ÈôÄúÒÔΪ±¾ÎÄÇÖÕ¼ÁËÄúµÄ°æȨÐÅÏ¢ £¬»òÄú·¢Ã÷¸ÃÄÚÈÝÓÐÈκÎÉæ¼°ÓÐÎ¥¹«µÂ¡¢Ã°·¸Ö´·¨µÈÎ¥·¨ÐÅÏ¢ £¬ÇëÄúÁ¬Ã¦ÁªÏµ×ðÁú¿­Ê±ÊµÊ±ÐÞÕý»òɾ³ý¡£

Ïà¹ØÐÂÎÅ

ÁªÏµ×ðÁú¿­Ê±

18523999891

¿É΢ÐÅÔÚÏß×Éѯ

ÊÂÇéʱ¼ä£ºÖÜÒ»ÖÁÖÜÎå £¬9:30-18:30 £¬½ÚãåÈÕÐÝÏ¢

QR code
¡¾ÍøÕ¾µØͼ¡¿¡¾sitemap¡¿