nano /etc/sysctl.d/98-overide.conf
# /etc/sysctl.d/90-overide.conf additional system variables # See /etc/sysctl.conf (5) for information. # net.ipv4.tcp_congestion_control=bbr net.core.default_qdisc = fq #net.ipv4.tcp_ecn = 1 #net.ipv4.tcp_ecn_fallback = 1 net.ipv4.tcp_fack = 1 net.core.somaxconn = 8192 net.ipv4.tcp_fastopen = 3 # Timewait net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 30 net.ipv4.tcp_max_tw_buckets = 120000 net.ipv4.ip_local_port_range = 1025 61000 # The maximum size of the receive queue net.core.netdev_max_backlog = 16384 # Optimizing HTTP/2 prioritization # https://blog.cloudflare.com/http-2-prioritization-with-nginx/ net.ipv4.tcp_notsent_lowat = 131072 # Ensure slow start is disabled # https://github.com/ton31337/tools/wiki/tcp_slow_start_after_idle---tcp_no_metrics_save-performance net.ipv4.tcp_slow_start_after_idle = 0 # net.ipv4.tcp_no_metrics_save = 0 # TCP keepalive net.ipv4.tcp_keepalive_time = 600 net.ipv4.tcp_keepalive_intvl = 10 net.ipv4.tcp_keepalive_probes = 3 # Ensure slow start is disabled # https://github.com/ton31337/tools/wiki/tcp_slow_start_after_idle---tcp_no_metrics_save-performance net.ipv4.tcp_slow_start_after_idle = 0 #net.ipv4.tcp_no_metrics_save = 0 # 256KB / 24M/16MB net.core.rmem_default = 262144 net.core.wmem_default = 262144 net.core.rmem_max = 25165824 net.core.wmem_max = 16777216 net.core.optmem_max = 40960 # 256MB / 512MB / 1024MB (TCP可用内存大小) net.ipv4.tcp_mem = 65536 131072 262144 # 4KB / 128KB / 24M/16M net.ipv4.tcp_rmem = 4096 131072 25165824 net.ipv4.tcp_wmem = 4096 16384 16777216 # MTU Discovery net.ipv4.tcp_mtu_probing = 1 net.ipv4.tcp_base_mss = 1024 # 防御SYN攻击 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_synack_retries = 2 # for server net.ipv4.tcp_syn_retries = 6 net.ipv4.tcp_max_syn_backlog = 65535 # Implement RFC 1337 fix net.ipv4.tcp_rfc1337 = 1 # Enable Hugepages vm.nr_hugepages = 128 # Swap vm.vfs_cache_pressure = 50 vm.swappiness = 10
nano /etc/security/limits.d/98-nofile.conf
# /etc/security/limits.d/98-nofile.conf # #This file sets the resource limits for the users logged in via PAM. #It does not affect resource limits of the system services. # #Also note that configuration files in /etc/security/limits.d directory, #which are read in alphabetical order, override the settings in this #file in case the domain is the same or more specific. #That means, for example, that setting a limit for wildcard domain here #can be overridden with a wildcard setting in a config file in the #subdirectory, but a user specific setting here can be overridden only #with a user specific setting in the subdirectory. # * soft nofile 512000 root soft nofile 512000