Nginx
Nginx 是一个高性能的HTTP和反向代理web服务器,同时也提供了IMAP/POP3/SMTP服务,在本项目中,Nginx作为web门户、小程序、APP端对外统一接入
一、操作系统优化
-
查看是否关闭了防火墙(systemctl status firewalld)
上面的意思是已经关闭,如若没有关闭,执行(service iptables stop) -
查看是否关闭了selinux
sed -i -e “s/=enforcing/=disabled/g” /etc/selinux/config
setenforce 0
如若出现以上提示,说明这个已经被彻底关闭了,不需要再关闭了 -
增大文件描述符
vi /etc/security/limits.conf
将里面的内容改为如下所示:
-
系统内核优化
vi /etc/sysctl.conf
将里面的内容改为
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
# For more information, see sysctl.conf(5) and sysctl.d(5).
#系统优化参数
#-----关闭 ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#-----避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1
#-----开启恶意 icmp 错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1
#-----关闭路由转发
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
#-----开启反向路径过滤
net.ipv4.conf.all.rp_filter = 1
Nginx+Keepalived 部署手册 10 / 35
net.ipv4.conf.default.rp_filter = 1
#-----处理无源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#-----关闭 sysrq 功能
kernel.sysrq = 0
#-----core 文件名中添加 pid 作为扩展名
kernel.core_uses_pid = 1
#-----开启 SYN 洪水攻击保护
net.ipv4.tcp_syncookies = 1
#-----修改消息队列长度
kernel.msgmnb = 65536
kernel.msgmax = 65536
#-----设置最大内存共享段大小 bytes
kernel.shmmax = 68719476736
kernel.shmall = 4294967296
#-----timewait 的数量,默认 180000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
#-----每个网络接口接收数据包的速率比内核处理这些包的速率快时,
#-----允许送到队列的数据包的最大数目
net.core.netdev_max_backlog = 26