Optimizing TBC with nginx

Catalog

• nginx Parameter optimization
  • 1. Process binding core
  • 2. Turn on nginx Of CPU Zero copy
  • 3. Improve nginx Time slice of process ( Improve nginx Process priority )
  • 4. Service module function stripping , Reduce usage congestion nginx The function of the main process
• nginx Configuration optimization
  • 1. Enable Gzip Compress
  • 2. Lengthen the buffer head timeout
  • 3. Enable HTTP2 agreement
  • 4. Optimize logs
  • 5. Limit bandwidth
• System kernel optimization
  • 1. modify /etc/sysctl.conf
  • 2. PAM Resource constrained optimization /etc/security/limits.conf
• Hardware configuration optimization

---

nginx Parameter optimization

There are two main types of configuration

1. Reduce nginx Context switch of process processing transaction , Speed up service response
2. increase nginx Priority of the process , Reduce other irrelevant tasks of the system nginx Impact of process

1. Process binding core

2. Turn on nginx Of CPU Zero copy

3. Improve nginx Time slice of process ( Improve nginx Process priority )

4. Service module function stripping , Reduce usage congestion nginx The function of the main process

nginx To configure Optimize

1. Enable Gzip Compress

2. Lengthen the buffer head timeout

3. Enable HTTP2 agreement

4. Optimize logs

5. Limit bandwidth

System kernel optimization

1. modify /etc/sysctl.conf

fs.file-max = 1000000
# Represents a large number of handles that can be opened by a single process
net.ipv4.tcp_tw_reuse = 1
# Parameter set to 1 , To allow to TIME_WAIT State of socket Reapply to new TCP link , This means a lot to the server , Because there's always a lot of TIME_WAIT The link to the state exists
net.ipv4.tcp_keepalive_time = 600
# When keepalive Startup time ,TCP send out keepalive The frequency of the news ; The default is 2 Hours , Set it to 10 minute , It can clean up invalid links faster
net.ipv4.tcp_fin_timeout = 30
# When the server actively closes the link ,socket Stay in FIN_WAIT_2 The larger time of state
net.ipv4.tcp_max_tw_buckets = 5000
# Indicates that the operating system allows TIME_WAIT The larger number of sockets , If it exceeds this value ,TIME_WAIT The socket will be cleared immediately and a warning message printed , The default is 8000, Too much TIME_WAIT Socket will make Web The server slows down
net.ipv4.ip_local_port_range = 1024 65000
# Definition UDP and TCP The value range of the local port of the link
net.ipv4.tcp_rmem = 10240 87380 12582912
# Defined TCP Accept the minimum value of cache 、 The default value is 、 Larger value
net.ipv4.tcp_wmem = 10240 87380 12582912
# Definition TCP Minimum value of send cache 、 The default value is 、 Larger value
net.core.netdev_max_backlog = 8096
# When the network card receives packets faster than the kernel processing speed , There will be a queue to hold these packets . This parameter represents the larger value of the queue
net.core.rmem_default = 6291456
# Indicates that the kernel socket accepts the default size of the cache
net.core.wmem_default = 6291456
# Indicates the default size of the kernel socket send buffer
net.core.rmem_max = 12582912
# Indicates that the kernel socket accepts a larger cache size
net.core.wmem_max = 12582912
# Indicates that the kernel socket send buffer is large
Be careful ： The four parameters above , It needs to be considered according to business logic and actual hardware cost
net.ipv4.tcp_syncookies = 1
# It's not about performance . For resolution TCP Of SYN attack
net.ipv4.tcp_max_syn_backlog = 8192
# This parameter represents TCP The three handshake establishment phase accepts SYN The larger length of the request queue , Default 1024, Make it larger so that Nginx Too busy to accept On new connection ,Linux Do not lose the link request initiated by the client
net.ipv4.tcp_tw_recycle = 1
# This parameter is used to set enable timewait Quick recovery
net.core.somaxconn=262114
# The default value for the option is 128, This parameter is used to adjust the TCP The number of connections , In highly concurrent requests , The default value may cause the link to time out or retransmit , Therefore, this value needs to be adjusted in combination with the number of high concurrent requests .
net.ipv4.tcp_max_orphans=262114
# Options are used to set the maximum number of... In the system TCP Socket is not associated with any user file handle . If you exceed that number , Orphaned links will be reset immediately and a warning message will be output . This restriction indicates that in order to prevent simple DOS attack , Don't rely too much on this limit or even think of reducing this value , More often than not, increase this value

2. PAM Resource constrained optimization /etc/security/limits.conf

* soft nofile 65535
* hard nofile 65535
* soft nproc 65535
* hard nproc 65535

Hardware configuration optimization

A little