优化Linux内核参数及防DDOS

优化Linux内核参数
vi /etc/sysctl.conf
在末尾增加如下文本
net.core.netdev_max_backlog =  32768
net.core.somaxconn = 32768
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216

net.ipv4.tcp_max_syn_backlog = 65536
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3276800
net.ipv4.ip_local_port_range = 1024  65535使配置立即生效：
/sbin/sysctl -p

防ddos***

Sysctl 修改
vi /etc/rc.local
加入如下文本
sysctl kern.ipc.maxsockets=100000  ##增加并发的socket，对

于ddos很有用
sysctl kern.ipc.somaxconn=65535  ##打开文件数
sysctl net.inet.tcp.msl=2500   ##timeout时间
Linux内核参数

http://www.excms.cn/manual/install-centos-nginx.html

转载于:https://blog.51cto.com/guailele/944380