net.ipv4.tcp_keepalive_time = 1200
#redis设置
net.core.somaxconn = 262144
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_timestamps = 0
#参数的值决定了内核放弃连接之前发送SYN+ACK包的数量
net.ipv4.tcp_synack_retries = 2
#在内核放弃建立连接之前发送SYN包的数量
net.ipv4.tcp_syn_retries = 2
#启用timewait快速回收
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
#系统中最多有多少个TCP套接字不被关联到任何一个用户文件句柄上。这个限制仅仅是为了防止简单的DoS攻击,不能过分依靠它或者人为地减小这个值,更应该增加这个值(如果增加了内存之后)
net.ipv4.tcp_max_orphans = 3276800
#允许系统打开的端口范围
net.ipv4.ip_local_port_range = 1024 65535
#增加系统文件描述符限制
fs.file-max = 65535
#允许更多的PIDs (减少滚动翻转问题); may break some programs 32768
kernel.pid_max = 65536
# 增加TCP最大缓冲区大小
net.ipv4.tcp_rmem = 4096 4096 16777216
net.ipv4.tcp_wmem = 4096 4096 16777216
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.eth0.send_redirects = 0
net.ipv4.conf.all.send_redirects = 0
#2012-8-30
#net.ipv4.ip_conntrack_max=1048576
#net.ipv4.netfilter.ip_conntrack_max=1048576
net.ipv4.netfilter.ip_conntrack_tcp_timeout_time_wait=120
net.ipv4.netfilter.ip_conntrack_tcp_timeout_close_wait=60
net.ipv4.netfilter.ip_conntrack_tcp_timeout_fin_wait=120
net.ipv4.neigh.default.gc_thresh1=10240
net.ipv4.neigh.default.gc_thresh2=40960
net.ipv4.neigh.default.gc_thresh3=81920
#timewait的数量
net.ipv4.tcp_max_tw_buckets =6000
EOF
#刷新sysctl.conf
/sbin/sysctl -p
#禁用ipv6
echo -ne "alias net-pf-10 offnoptions ipv6 disable=1" >>/etc/modprobe.conf
/sbin/chkconfig --level 35 ip6tables off
#关闭 selinux
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
#将同步好的时间写到CMOS里
sed -i 's#SYNC_HWCLOCK=no#SYNC_HWCLOCK=yes#' /etc/sysconfig/ntpd
#设置同步时间
echo "0 6 * * * /usr/sbin/ntpdate 192.168.0.172;/sbin/hwclock -w; >/dev/null 2>&1" >>/var/spool/cron/root
service crond restart
#修改系统启动级别
sed -i 's/id:5:initdefault:/id:3:initdefault:/g' /etc/inittab
#禁止ctrl+alt+del
sed -i "s/ca::ctrlaltdel:/sbin/shutdown -t3 -r now/#ca::ctrlaltdel:/sbin/shutdown -t3 -r now/" /etc/inittab
二:
获取相关开源程序:
Nginx 官方当前稳定版为 nginx-1.2.4 ,我测试环境使用版本为nginx-1.3.3
pcre-8.31
nginx_upstream_check_module
ngx_cache_purge-1.6
