{"id":11278,"date":"2023-04-01T02:06:43","date_gmt":"2023-04-01T09:06:43","guid":{"rendered":"https:\/\/www.xh86.me\/?p=11278"},"modified":"2023-04-01T02:06:43","modified_gmt":"2023-04-01T09:06:43","slug":"linux%e5%86%85%e6%a0%b8%e4%bc%98%e5%8c%96%e8%84%9a%e6%9c%ac","status":"publish","type":"post","link":"https:\/\/www.xh86.me\/?p=11278","title":{"rendered":"Linux\u5185\u6838\u4f18\u5316\u811a\u672c"},"content":{"rendered":"<p>#!\/bin\/bash<\/p>\n<p># \u521b\u5efa\u5185\u6838\u53c2\u6570\u4f18\u5316\u914d\u7f6e\u6587\u4ef6<br \/>\ncat &lt;&lt;EOF &gt; \/etc\/sysctl.d\/99-kernel-optimization.conf<\/p>\n<p># \u542f\u7528IP\u8f6c\u53d1<\/p>\n<p>net.ipv4.ip_forward = 1<\/p>\n<p>net.ipv6.conf.all.forwarding = 1<\/p>\n<p># TCP\u5185\u5b58\u5206\u914d\u4f18\u5316<\/p>\n<p>net.core.wmem_max = 16777216<\/p>\n<p>net.core.rmem_max = 16777216<\/p>\n<p>net.ipv4.tcp_rmem = 4096 87380 16777216<\/p>\n<p>net.ipv4.tcp_wmem = 4096 65536 16777216<\/p>\n<p># TCP\u8fde\u63a5\u8ddf\u8e2a\u4f18\u5316<\/p>\n<p>net.netfilter.nf_conntrack_max = 1000000<\/p>\n<p>net.netfilter.nf_conntrack_tcp_timeout_established = 1200<\/p>\n<p># \u542f\u7528TCP Fast Open<\/p>\n<p>net.ipv4.tcp_fastopen = 3<\/p>\n<p># \u8c03\u6574TCP Keepalive\u8bbe\u7f6e net.ipv4.tcp_keepalive_time = 1200<\/p>\n<p>net.ipv4.tcp_keepalive_probes = 5<\/p>\n<p>net.ipv4.tcp_keepalive_intvl = 15<\/p>\n<p># \u7981\u7528ICMP\u91cd\u5b9a\u5411<\/p>\n<p>net.ipv4.conf.all.accept_redirects = 0<\/p>\n<p>net.ipv4.conf.default.accept_redirects = 0<\/p>\n<p>#\u7981\u7528TCP\u6162\u542f\u52a8<\/p>\n<p>net.ipv4.tcp_slow_start_after_idle = 0<\/p>\n<p>#\u5f00\u542fTCP\u8fde\u63a5\u590d\u7528<\/p>\n<p>net.ipv4.tcp_tw_reuse = 1<\/p>\n<p>#\u63d0\u9ad8\u7cfb\u7edf\u6587\u4ef6\u63cf\u8ff0\u7b26\u9650\u5236<\/p>\n<p>fs.file-max = 100000<\/p>\n<p>#\u8c03\u6574\u5185\u6838\u53c2\u6570\u4ee5\u9002\u5e94\u9ad8\u5e76\u53d1\u573a\u666f<\/p>\n<p>net.core.somaxconn = 65535<\/p>\n<p>net.core.netdev_max_backlog = 65535<\/p>\n<p>net.ipv4.tcp_max_syn_backlog = 65535<\/p>\n<p>net.ipv4.tcp_syncookies = 1<\/p>\n<p>#\u4f18\u5316TCP\u6027\u80fd<\/p>\n<p>net.ipv4.tcp_tw_reuse = 1<\/p>\n<p>net.ipv4.tcp_tw_recycle = 0<\/p>\n<p>net.ipv4.tcp_fin_timeout = 30<\/p>\n<p>net.ipv4.tcp_keepalive_time = 1200<\/p>\n<p>net.ipv4.tcp_keepalive_probes = 5<\/p>\n<p>net.ipv4.tcp_keepalive_intvl = 15<\/p>\n<p>net.ipv4.tcp_rmem = 4096 87380 16777216<\/p>\n<p>net.ipv4.tcp_wmem = 4096 65536 16777216<\/p>\n<p>#\u4f18\u5316UDP\u6027\u80fd<\/p>\n<p>net.ipv4.udp_rmem_min = 8192<\/p>\n<p>net.ipv4.udp_wmem_min = 8192<\/p>\n<p>#\u5f00\u542f\u53cd\u5411\u8def\u5f84\u8fc7\u6ee4<\/p>\n<p>net.ipv4.conf.all.rp_filter = 1<\/p>\n<p>net.ipv4.conf.default.rp_filter = 1<\/p>\n<p>#\u9632\u6b62\u7f51\u7edc\u653b\u51fb<\/p>\n<p>net.ipv4.tcp_syncookies = 1<\/p>\n<p>net.ipv4.tcp_max_syn_backlog = 20480<\/p>\n<p># \u9632\u6b62ICMP Flood\u653b\u51fb<\/p>\n<p>net.ipv4.icmp_echo_ignore_broadcasts = 1<\/p>\n<p>net.ipv4.icmp_ignore_bogus_error_responses = 1<\/p>\n<p>net.ipv4.icmp_ratelimit = 1000<\/p>\n<p># \u9632\u6b62SYN Flood\u653b\u51fb<\/p>\n<p>net.ipv4.tcp_syncookies = 1<\/p>\n<p>net.ipv4.tcp_synack_retries = 2<\/p>\n<p>net.ipv4.tcp_syn_retries = 5<\/p>\n<p># \u8c03\u6574TIME-WAIT\u5957\u63a5\u5b57\u91cd\u7528\u7b49\u5f85\u65f6\u95f4<\/p>\n<p>net.ipv4.tcp_fin_timeout = 30<\/p>\n<p>EOF<\/p>\n<p># \u5e94\u7528\u5185\u6838\u53c2\u6570\u4f18\u5316\u914d\u7f6e<br \/>\nsysctl &#8211;system<\/p>\n<p>echo &#8220;Kernel optimization completed. Please reboot the system for all changes to take effect.&#8221;<\/p>\n<p>&nbsp;<\/p>\n<p>\u5c06\u6b64\u811a\u672c\u4fdd\u5b58\u4e3a<code>kernel_optimization.sh<\/code>\uff0c\u7136\u540e\u4f7f\u7528root\u6743\u9650\u8fd0\u884c\u5b83\uff1a<\/p>\n<div class=\"bg-black rounded-md mb-4\">\n<div class=\"flex items-center relative text-gray-200 bg-gray-800 px-4 py-2 text-xs font-sans justify-between rounded-t-md\">chmod +x kernel_optimization.sh<br \/>\nsudo .\/kernel_optimization.sh<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>#!\/bin\/bash # \u521b\u5efa\u5185\u6838\u53c2\u6570\u4f18\u5316\u914d\u7f6e\u6587\u4ef6 cat &lt;&lt;EOF &gt; \/etc\/sy [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,3],"tags":[],"class_list":["post-11278","post","type-post","status-publish","format-standard","hentry","category-linux","category-system"],"_links":{"self":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11278","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11278"}],"version-history":[{"count":1,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11278\/revisions"}],"predecessor-version":[{"id":11279,"href":"https:\/\/www.xh86.me\/index.php?rest_route=\/wp\/v2\/posts\/11278\/revisions\/11279"}],"wp:attachment":[{"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11278"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11278"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.xh86.me\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11278"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}