小谈Web服务器总体优化
#一、文件系统开始
#在fstab里加入noatime,如
#vi /etc/fstab
#LABEL=/home1 /home ext3 noatime,defaults 1 2
#reboot或者重新mount生效
#文件系统开始
cp /etc/fstab /etc/fstab.bak
sed -i 's#LABEL=/home /home ext3 defaults 1 2#LABEL=/home /home ext3 noatime,defaults 1 2#' /etc/fstab
sed -i 's#LABEL=/var /var ext3 defaults 1 2#LABEL=/var /var ext3 noatime,defaults 1 2#' /etc/fstab
#在fstab里加入noatime,如
#vi /etc/fstab
#LABEL=/home1 /home ext3 noatime,defaults 1 2
#reboot或者重新mount生效
#文件系统开始
cp /etc/fstab /etc/fstab.bak
sed -i 's#LABEL=/home /home ext3 defaults 1 2#LABEL=/home /home ext3 noatime,defaults 1 2#' /etc/fstab
sed -i 's#LABEL=/var /var ext3 defaults 1 2#LABEL=/var /var ext3 noatime,defaults 1 2#' /etc/fstab
sed -i 's#Allow from all # Allow from 192.168.1 60.191.228 60.12.160 122.227.0 ' /etc/fstab
#vi /etc/rc.local
#二、Tcp优化开始
#vi /etc/rc.local
#二、Tcp优化开始
#转发开始
#删除刷新缺省表如”filter”, 其它表如”nat”需清楚标明:
## 刷新所有过滤规则和NAT表.
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
#删除所有非缺省的规则链和nat表
/sbin/iptables --table nat --delete-chain
#建立IP转发和伪装
/sbin/iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
## 刷新所有过滤规则和NAT表.
/sbin/iptables --flush
/sbin/iptables --table nat --flush
/sbin/iptables --delete-chain
#删除所有非缺省的规则链和nat表
/sbin/iptables --table nat --delete-chain
#建立IP转发和伪装
/sbin/iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
/sbin/iptables --append FORWARD --in-interface eth0 -j ACCEPT
#转发结束
#优化开始#
######### squid tmpfs use start ##########
#mount tmpfs /cache -t tmpfs -o size=2048m
######### squid tmpfs use end ##########
######### squid tmpfs use start ##########
#mount tmpfs /cache -t tmpfs -o size=2048m
######### squid tmpfs use end ##########
#修改/etc/rc.local 中的打开零时端口数
#默认echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
echo "5000 65535" > /proc/sys/net/ipv4/ip_local_port_range
#修改进程使用内存限制
#默认echo 33554432 > /proc/sys/kernel/shmmax
#centos5.0x86不用设置
#echo 2147483648 > /proc/sys/kernel/shmmax
#修改打开文件句柄数
#默认ulimit=1024
#默认echo 359593 > /proc/sys/fs/file-max
echo 8061540 > /proc/sys/fs/file-max
#ulimit -SHn 65535
#ulimit -n 65535
#ulimit -u 16384
#修改了vi /etc/security/limits.conf
#* soft nofile 65500
#* hard nofile 65500
#修改了vi /etc/profile
#ulimit -SHn 65535 > /dev/null 2>&1
#ulimit -n 65535 > /dev/null 2>&1
##ulimit -u 32634 > /dev/null 2>&1
sysctl -w net.ipv4.neigh.default.gc_thresh1=128000
sysctl -w net.ipv4.neigh.default.gc_thresh2=512000
sysctl -w net.ipv4.neigh.default.gc_thresh3=1024000
echo 1 > /proc/sys/net/ipv4/tcp_retries1
echo 1 > /proc/sys/net/ipv4/tcp_retries2
echo 65500 > /proc/sys/kernel/msgmax
echo 268435456 > /proc/sys/kernel/msgmnb
echo 4096 > /proc/sys/kernel/msgmni
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/tcp_syn_retries
echo 40960 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 262143 > /proc/sys/net/core/rmem_max
echo 262143 > /proc/sys/net/core/rmem_default
#/root/iptest.sh
#优化结束#
#默认echo "32768 61000" > /proc/sys/net/ipv4/ip_local_port_range
echo "5000 65535" > /proc/sys/net/ipv4/ip_local_port_range
#修改进程使用内存限制
#默认echo 33554432 > /proc/sys/kernel/shmmax
#centos5.0x86不用设置
#echo 2147483648 > /proc/sys/kernel/shmmax
#修改打开文件句柄数
#默认ulimit=1024
#默认echo 359593 > /proc/sys/fs/file-max
echo 8061540 > /proc/sys/fs/file-max
#ulimit -SHn 65535
#ulimit -n 65535
#ulimit -u 16384
#修改了vi /etc/security/limits.conf
#* soft nofile 65500
#* hard nofile 65500
#修改了vi /etc/profile
#ulimit -SHn 65535 > /dev/null 2>&1
#ulimit -n 65535 > /dev/null 2>&1
##ulimit -u 32634 > /dev/null 2>&1
sysctl -w net.ipv4.neigh.default.gc_thresh1=128000
sysctl -w net.ipv4.neigh.default.gc_thresh2=512000
sysctl -w net.ipv4.neigh.default.gc_thresh3=1024000
echo 1 > /proc/sys/net/ipv4/tcp_retries1
echo 1 > /proc/sys/net/ipv4/tcp_retries2
echo 65500 > /proc/sys/kernel/msgmax
echo 268435456 > /proc/sys/kernel/msgmnb
echo 4096 > /proc/sys/kernel/msgmni
echo 1 > /proc/sys/net/ipv4/tcp_syncookies
echo 1 > /proc/sys/net/ipv4/tcp_syn_retries
echo 40960 > /proc/sys/net/ipv4/tcp_max_syn_backlog
echo 262143 > /proc/sys/net/core/rmem_max
echo 262143 > /proc/sys/net/core/rmem_default
#/root/iptest.sh
#优化结束#
#vi /etc/sysctl.conf
#Tcp优化开始
kernel.threads-max = 65500
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 3
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
#Tcp优化结束
kernel.shmmax = 134217728
kernel.threads-max = 65500
net.ipv4.conf.all.send_redirects = 1
net.ipv4.conf.default.send_redirects = 1
net.ipv4.conf.eth0.send_redirects = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.netfilter.ip_conntrack_tcp_timeout_syn_recv = 3
net.ipv4.tcp_window_scaling = 0
net.ipv4.tcp_sack = 0
net.ipv4.tcp_timestamps = 0
#Tcp优化结束
kernel.shmmax = 134217728
#修改了vi /etc/profile
ulimit -SHn 65535 > /dev/null 2>&1
ulimit -n 65535 > /dev/null 2>&1
#ulimit -u 32634 > /dev/null 2>&1
ulimit -SHn 65535 > /dev/null 2>&1
ulimit -n 65535 > /dev/null 2>&1
#ulimit -u 32634 > /dev/null 2>&1
#取消ipv6
#[root@W-CS5x-02 ~]# vi /etc/modprobe.conf
alias net-pf-10 off
alias ipv6 off
#[root@W-CS5x-02 ~]# vi /etc/modprobe.conf
alias net-pf-10 off
alias ipv6 off
#修改了vi /etc/security/limits.conf
* soft nofile 65500
* hard nofile 65500
* soft nproc 65500
* hard nproc 65500
#时间同步crontab -e
1 * * * * rdate -s time-b.nist.gov > /dev/null 2>&1
1 * * * * rdate -s stdtime.gov.hk > /dev/null 2>&1
30 02 * * * /usr/bin/rdate -s rdate.darkorb.net > /dev/null 2>&1
30 06 * * * /usr/bin/rdate -s 202.106.196.19 > /dev/null 2>&1
30 09 * * * /usr/bin/rdate -s rdate.darkorb.net > /dev/null 2>&1
30 12 * * * /usr/bin/rdate -s 202.106.196.19 > /dev/null 2>&1
#写入cmos
date && rdate -s time-b.nist.gov && date && clock -w
1 * * * * rdate -s time-b.nist.gov > /dev/null 2>&1
1 * * * * rdate -s stdtime.gov.hk > /dev/null 2>&1
30 02 * * * /usr/bin/rdate -s rdate.darkorb.net > /dev/null 2>&1
30 06 * * * /usr/bin/rdate -s 202.106.196.19 > /dev/null 2>&1
30 09 * * * /usr/bin/rdate -s rdate.darkorb.net > /dev/null 2>&1
30 12 * * * /usr/bin/rdate -s 202.106.196.19 > /dev/null 2>&1
#写入cmos
date && rdate -s time-b.nist.gov && date && clock -w
#三、I/O调度器开始
#vi /boot/grub/grub.conf
#在grub.conf的相应启动选项里加入elevator=deadline,如:
#kernel /vmlinuz-2.6.18-53.1.21.el5 ro root=LABEL=/ elevator=deadline
#这里用了Deadline的I/O调度器,它比系统默认的AnticipatoryI/O调度器更为小巧,在数据吞吐量非常大的数据库系统中表现得更有优势。
#I/O调度器结束
#四、内核源代码参数修改开始
#vi /usr/src/kernels/2.6.9-42.EL-smp-x86_64/include/linux/posix_types.h (rhas4 up4)
#vi /usr/src/kernels/2.6.18-53.1.21.el5-x86_64/include/linux/posix_types.h
#vi /usr/src/kernels/2.6.9-67.0.22.EL-smp-x86_64/include/linux images server
##define __FD_SETSIZE 65500
#四、内核源代码参数修改结束
#五、设置fd_set支持的最大数量
#vi /usr/src/kernels/2.6.9-42.EL-smp-x86_64/include/linux/fs.h (rhas4 up4)
#vi /usr/src/kernels/2.6.9-67.0.22.EL-smp-x86_64/include/linux/fs.h (centos 4.6有)
#修改vi /usr/src/kernels/2.6.18-53.1.21.el5-x86_64/include/linux/fs.h
#define INR_OPEN 1024 > 65500
#define NR_FILE 8192 > 65500
#没有这个#define NR_RESERVED_FILES 10 > 128 (rhas4 up4) (centos 4.6有)
#六、设置最大打开文件数量(TCP连接数量)
#vi /usr/src/kernels/2.6.9-42.EL-smp-x86_64/include/net/tcp.h (rhas4 up4)
#修改vi /usr/src/kernels/2.6.18-53.1.21.el5-x86_64/include/net/tcp.h
#define TCP_TIMEWAIT_LEN (60*HZ) > 1*HZ
#define TCP_SYNACK_RETRIES 5 > 3
#设置在backlog队列里的半连接的重试次数,每次都会花相应的时间,本质上
#也是减少重试时间
#vi /usr/src/kernels/2.6.9-42.EL-smp-x86_64/include/net/tcp.h (rhas4 up4)
#修改vi /usr/src/kernels/2.6.18-53.1.21.el5-x86_64/include/net/tcp.h
#define TCP_TIMEWAIT_LEN (60*HZ) > 1*HZ
#define TCP_SYNACK_RETRIES 5 > 3
#设置在backlog队列里的半连接的重试次数,每次都会花相应的时间,本质上
#也是减少重试时间
#七、设置打开进程数(TCP连接数量)
#vi /usr/src/kernels/2.6.9-42.EL-smp-x86_64/include/linux/limits.h (rhas4 up4)
#修改vi /usr/src/kernels/2.6.9-67.0.22.EL-smp-x86_64/include/linux/limits.h (centos4.2.6 up4)
#修改 vi /usr/src/kernels/2.6.9-42.EL-smp-i686/include/linux/limits.h (centos4.2.6 up4)
#vi /usr/src/kernels/2.6.9-67.0.22.EL-smp-x86_64/include/linux/limits.h
#define NR_OPEN 1024 > 65500
#define OPEN_MAX 255 > 65500
make menuconfig中,去掉没用的选项,打开以下选项的开关:
High Memory Support (支持4GB以上内存)
Symmetric multi-processing support (支持多CPU)
TCP syncookie support (可以防DOS)
设置文件打开数等的其他方法(好处就是可以不重新编译内核)
在 /etc/init.d/sshd里加入(统一加在. /etc/rc.d/init.d/functions行后面)
ulimit -n 65535 >;/dev/null 2>;&1
ulimit -u 16384 >;/dev/null 2>;&1
重起sshd:nohup /etc/init.d/sshd restart &
BTW:其实limits.conf不好,因为他需要root su - user遗传给普通用户
如果直接远程登陆是没效果的
六、apache
1、安装:采用worker线程工作模式
./configure --prefix=/prefix
--enable-mods-shared=all
--enable-deflate
--with-mpm=worker
chmod +s /prefix/bin/httpd #允许普通用户也可以启动apache
2、配置:httpd.conf
Timeout 60
KeepAlive On
MaxKeepAliveRequests 150
KeepAliveTimeout 5
StartServers 3
MaxClients 3200 #支持3200个客户端哦
ServerLimit 32
MinSpareThreads 50
MaxSpareThreads 250
ThreadLimit 200
ThreadsPerChild 100
MaxRequestsPerChild 0
#上面的几个参数对机器要求比较高,如果是比较差的机器,每台机1000个连接最多了,你可能要重新设置参数,我的机器是DELL 2850
UseCanonicalName Off
HostnameLookups Off
ServerSignature Off
High Memory Support (支持4GB以上内存)
Symmetric multi-processing support (支持多CPU)
TCP syncookie support (可以防DOS)
设置文件打开数等的其他方法(好处就是可以不重新编译内核)
在 /etc/init.d/sshd里加入(统一加在. /etc/rc.d/init.d/functions行后面)
ulimit -n 65535 >;/dev/null 2>;&1
ulimit -u 16384 >;/dev/null 2>;&1
重起sshd:nohup /etc/init.d/sshd restart &
BTW:其实limits.conf不好,因为他需要root su - user遗传给普通用户
如果直接远程登陆是没效果的
六、apache
1、安装:采用worker线程工作模式
./configure --prefix=/prefix
--enable-mods-shared=all
--enable-deflate
--with-mpm=worker
chmod +s /prefix/bin/httpd #允许普通用户也可以启动apache
2、配置:httpd.conf
Timeout 60
KeepAlive On
MaxKeepAliveRequests 150
KeepAliveTimeout 5
StartServers 3
MaxClients 3200 #支持3200个客户端哦
ServerLimit 32
MinSpareThreads 50
MaxSpareThreads 250
ThreadLimit 200
ThreadsPerChild 100
MaxRequestsPerChild 0
#上面的几个参数对机器要求比较高,如果是比较差的机器,每台机1000个连接最多了,你可能要重新设置参数,我的机器是DELL 2850
UseCanonicalName Off
HostnameLookups Off
ServerSignature Off