Explanation of Linux kernel optimization configuration for high-concurrency nginx server

# Controls the use of TCP syncookies

# indicates enabling reuse. Allow TIME-WAIT sockets to be reused for new TCP connections. The default value is 0, which means closed.
net.ipv4.tcp_syncookies = 1

#A Boolean flag that controls the kernel's behavior when there are many connection requests. If enabled, the kernel will proactively send RST packets if the service is overloaded.
net.ipv4.tcp_abort_on_overflow = 1

#Indicates the maximum number of TIME_WAITs that the system can maintain at the same time. If this number is exceeded, TIME_WAIT will be cleared immediately and a warning message will be printed.
#The default value is 180000, change it to 6000. For servers such as Apache and Nginx, this parameter can control the maximum number of TIME_WAIT. The server is slowed down by a large number of TIME_WAIT net.ipv4.tcp_max_tw_buckets = 6000

#Selective response net.ipv4.tcp_sack = 1

#This file indicates whether the sliding window size of the TCP/IP session is variable. The parameter value is a Boolean value, 1 means it is mutable, and 0 means it is immutable. TCP/IP usually uses a maximum window size of 65535 bytes, which is suitable for high-speed networks.
#This value may be too small. If this function is enabled, the TCP/IP sliding window size can be increased by several orders of magnitude, thereby improving the data transmission capacity.
net.ipv4.tcp_window_scaling = 1

#TCP receive buffer net.ipv4.tcp_rmem = 4096 87380 4194304

#TCP send buffer net.ipv4.tcp_wmem = 4096 66384 4194304

# # Out of socket memory
net.ipv4.tcp_mem = 94500000 915000000 927000000

#This file indicates the maximum buffer size allowed for each socket.
net.core.optmem_max = 81920

#This file specifies the default value (in bytes) for the send socket buffer size.
net.core.wmem_default = 8388608

#Specifies the maximum send socket buffer size (in bytes).
net.core.wmem_max = 16777216

#Specifies the default value (in bytes) for the receive socket buffer size.
net.core.rmem_default = 8388608

#Specifies the maximum size of the receive socket buffer (in bytes).
net.core.rmem_max = 16777216

#Indicates the length of the SYN queue, the default is 1024. Increasing the queue length to 10200000 can accommodate more network connections waiting to be connected.

net.ipv4.tcp_max_syn_backlog = 1020000

#The maximum number of packets allowed to be sent to the queue when the rate at which each network interface receives packets is faster than the rate at which the kernel processes these packets.
net.core.netdev_max_backlog = 862144

#The backlog of the listen function in the web application will limit our kernel parameter net.core.somaxconn to 128 by default, and the NGX_LISTEN_BACKLOG defined by nginx defaults to 511, so it is necessary to adjust this value.
net.core.somaxconn = 262144

#The maximum number of TCP sockets in the system that are not associated with any user file handle. If this number is exceeded, orphaned connections will be reset immediately and a warning message will be printed.


#This limit is only to prevent simple DoS attacks. Do not rely too much on it or reduce this value artificially. Instead, increase this net.ipv4.tcp_max_orphans = 327680

#Timestamp can avoid sequence number wrapping. A 1Gbps link will certainly encounter previously used sequence numbers. The timestamp allows the kernel to accept such "abnormal" packets. This needs to be turned off.
net.ipv4.tcp_timestamps = 0

#To open a connection to the other end, the kernel needs to send a SYN and an ACK in response to the previous SYN. This is the second handshake in the so-called three-way handshake. This setting determines the number of SYN+ACK packets the kernel sends before giving up on the connection.
net.ipv4.tcp_synack_retries = 1

#The number of SYN packets to send before the kernel gives up on establishing a connection. www.jb51.net
net.ipv4.tcp_syn_retries = 1

#Indicates enabling fast recycling of TIME-WAIT sockets in TCP connections. The default value is 0, indicating shutdown.
net.ipv4.tcp_tw_recycle = 1

# indicates enabling reuse. Allow TIME-WAIT sockets to be reused for new TCP connections. The default value is 0, which means closed.
net.ipv4.tcp_tw_reuse = 1

#Modify the system default TIMEOUT time.
net.ipv4.tcp_fin_timeout = 15

#Indicates the frequency at which TCP sends keepalive messages when keepalive is enabled. The default value is 2 hours, and it is recommended to change it to 20 minutes.
net.ipv4.tcp_keepalive_time = 30

# indicates the port range used for outbound connections. The default is very small: 32768 to 61000, change to 10000 to 65000. (Note: Do not set the minimum value too low, otherwise it may occupy the normal port!)
net.ipv4.ip_local_port_range = 1024 65000

#The following may require loading the ip_conntrack module modprobe ip_conntrack. Some documents say that this module is invalid when the firewall is turned on. #Shorten the timeout of established net.netfilter.nf_conntrack_tcp_timeout_established = 180

#CONNTRACK_MAX The maximum allowed connection tracking entries, which is the "task" (connection tracking entries) that netfilter can handle simultaneously in kernel memory
net.netfilter.nf_conntrack_max = 1048576
net.nf_conntrack_max = 1048576