A brief discussion on Nginx10m+ high concurrency kernel optimization

What is high concurrency?

• The default Linux kernel parameters are designed for the most common scenarios and are not suitable for Web servers that support high concurrent access. Therefore, you need to modify the Linux kernel parameters to enable Nginx to have higher performance.
• There are many things you can do when optimizing the kernel. However, we usually adjust it according to the business characteristics. When Nginx is used as a static web content server, a reverse proxy, or a server that provides compression, the kernel parameter adjustments are different. Here we make a simple configuration of the most common TCP network parameters that enable Nginx to support more concurrent requests.
• These require modifying /etc/sysctl.conf to change kernel parameters.

Configuration Method

Configuration details

#Indicates the maximum number of handles that a single process can open;

fs.file-max = 999999

#Setting the parameter to 1 means that the socket in TIME_WAIT state can be reused for new TCP connections. This is of great significance to the server because there are always a large number of links in TIME_WAIT state.

net.ipv4.tcp_tw_reuse = 1

#When keepalive is enabled, the frequency with which TCP sends keepalive messages; the default is 2 hours. Setting it to 10 minutes can clear invalid links faster.

ner.ipv4.tcp_keepalive_time = 600

#When the server actively closes the connection, the socket remains in the FIN_WAIT_2 state for a longer time

net.ipv4.tcp_fin_timeout = 30

#This parameter indicates the maximum number of TIME_WAIT sockets allowed by the operating system. If this number is exceeded, the TIME_WAIT sockets will be cleared immediately and a warning message will be printed.

#This parameter defaults to 180000. Too many TIME_WAIT sockets will slow down the Web server.

net.ipv4.tcp_max_tw_buckets = 5000

#Define the value range of local ports for UDP and TCP links.

net.ipv4.ip_local_port_range = 1024 65000

#Defines the minimum, default, and maximum values ​​of the TCP receive buffer.

net.ipv4.tcp_rmem = 10240 87380 12582912

#Define the minimum, default, and maximum values ​​of the TCP send buffer.

net.ipv4.tcp_wmem = 10240 87380 12582912

#When the speed at which the network card receives data packets is greater than the kernel processing speed, there will be a queue to save these data packets. This parameter represents the larger value of the queue.

net.core.netdev_max_backlog = 8096

#Indicates that the kernel socket accepts the default size of the buffer.

net.core.rmem_default = 6291456

#Indicates the default size of the kernel socket send buffer.

net.core.wmem_default = 6291456

#Indicates that the kernel socket accept buffer has a larger size.

net.core.rmem_max = 12582912

#Indicates the maximum size of the kernel socket send buffer.

net.core.wmem_max = 12582912

Note: The above four configurations need to be considered comprehensively based on business logic and actual hardware costs;

#Not related to performance. Used to resolve TCP's SYN attack.

net.ipv4.tcp_syncookies = 1

#This parameter indicates the maximum length of the SYN request queue accepted during the TCP three-way handshake establishment phase. The default is 1024. Setting it larger can prevent Linux from losing the connection request initiated by the client when Nginx is too busy to accept new connections.

net.ipv4.tcp_max_syn_backlog = 8192

#This parameter is used to enable timewait fast recycling.

net.ipv4.tcp_tw_recycle = 1

The default value of the option is 128. This parameter is used to adjust the number of TCP connections initiated by the system at the same time. In high-concurrency requests, the default value may cause connection timeout or retransmission, so this value needs to be adjusted in combination with the number of high-concurrency requests.

net.core.somaxconn=262114

The #option is used to set the maximum number of TCP sockets in the system that are not associated with any user file handle. If this number is exceeded, the orphaned link will be reset immediately and a warning message will be output. This limit indicates that in order to prevent simple DOS attacks, do not rely too much on this limit or even think of reducing this value. In more cases, increase this value.

net.ipv4.tcp_max_orphans=262114

For ease of use, you can directly copy the following

net.ipv4.tcp_tw_reuse = 1
fs.file-max = 999999
net.ipv4.tcp_fin_timeout = 30
ner.ipv4.tcp_keepalive_time = 600

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.