sysctl tweaked at maximum already # Kernel sysctl configuration file for Red Hat Linux # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details.
# Tweak for nginx workers/connections added 16/09/2016 for issue investigation on pisix error in nginx logs net.core.somaxconn = 512 net.core.netdev_max_backlog = 512 net.ipv4.tcp_max_syn_backlog = 20480 # Tweaks added 16/09/2016 for issue investigation on pisix error in nginx logs net.netfilter.nf_conntrack_max = 196608 net.nf_conntrack_max = 196608 # Tweaks added 19/09/2016 cloudlinux vm.max_map_count=655300 # Tweaks added 20/09/2016 net.core.rmem_default=262144 net.core.wmem_default=262144 net.core.rmem_max=262144 net.core.wmem_max=262144 # Controls IP packet forwarding net.ipv4.ip_forward = 0 # Controls source route verification net.ipv4.conf.default.rp_filter = 1 # Do not accept source routing net.ipv4.conf.default.accept_source_route = 0 # Controls the System Request debugging functionality of the kernel kernel.sysrq = 0 # Decrease the time default value for tcp_fin_timeout connection net.ipv4.tcp_fin_timeout = 15 # Decrease the time default value for tcp_keepalive_time connection net.ipv4.tcp_keepalive_time = 1800 # Controls whether core dumps will append the PID to the core filename. # Useful for debugging multi-threaded applications. kernel.core_uses_pid = 1 # Enable TCP SYN Cookie Protection net.ipv4.tcp_syncookies = 1 # Increase the tcp-time-wait buckets pool size net.ipv4.tcp_max_tw_buckets = 1440000 # Turn off the tcp_sack net.ipv4.tcp_sack = 0 # Turn off the tcp_timestamps net.ipv4.tcp_timestamps = 0 # Controls the default maxmimum size of a mesage queue kernel.msgmnb = 65536 # Controls the maximum size of a message, in bytes kernel.msgmax = 65536 # Controls the maximum shared segment size, in bytes kernel.shmmax = 68719476736 # Controls the maximum number of shared memory segments, in pages kernel.shmall = 4294967296 # Disable IPv6 autoconf net.ipv6.conf.all.autoconf = 0 net.ipv6.conf.default.autoconf = 0 net.ipv6.conf.eth0.autoconf = 0 net.ipv6.conf.all.accept_ra = 0 net.ipv6.conf.default.accept_ra = 0 net.ipv6.conf.eth0.accept_ra = 0 # Various vm.swappiness = 1 vm.disable_fs_reclaim=1 vm.dirty_background_ratio = 5 vm.dirty_ratio = 10 #Disable CloudLinux ptrace kernel.user_ptrace = 0 # Symlinks fs.enforce_symlinksifowner = 1 fs.symlinkown_gid = 99 # CageFS fs.proc_super_gid = 485 fs.proc_can_see_other_uid=0 fs.suid_dumpable=1 # SecureLinks Link Traversal Protection Allowd Group Id fs.protected_symlinks_allow_gid = 487 fs.fs.protected_hardlinks_allow_gid = 487 fs.file-max = 1048576 fs.protected_symlinks_create = 0 fs.protected_hardlinks_create = 0 Posted at Nginx Forum: https://forum.nginx.org/read.php?2,269787,269792#msg-269792 _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
