sysctl.conf 内核参数说明
/proc/sys/net/core/somaxconn 20480 #定义了系统中每一个端口最大的监听队列的长度,这是个全局的参数。backlog需要设置这个 /proc/sys/net/ipv4/tcp_max_syn_backlog #对于还未获得对方确认的连接请求,可保存在队列中的最大数目。如果服务器经常出现过载,可以尝试增加这个数字。 /proc/sys/net/core/netdev_max_backlog #在每个网络接口接收数据包的速率比内核处理这些包的速率快时,允许送到队列的数据包的最大数目。nginx配置
upstream js_sdk { #ip_hash; server ******* weight=1 max_fails=3 fail_timeout=10s; server ******* weight=1 max_fails=3 fail_timeout=10s; keepalive 1000; } server { listen 80 backlog=20480; listen 443 ssl backlog=20480; ssl_certificate /etc/nginx/ssl/all-le.crt; ssl_certificate_key /etc/nginx/ssl/all-le.key; #ssl_buffer_size 32k; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2 SSLv3; ssl_prefer_server_ciphers on; ssl_ciphers AES128-SHA:AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_session_cache builtin:50000 shared:SSL:500m; server_name ****** ; add_header Cache-Control "no-cache,max-age=0"; if_modified_since off; access_log /var/log/nginx/cherry.le.com.a.log main; error_log /var/log/nginx/cherry.le.com.e.log; location = /favicon.ico { log_not_found off; log_subrequest off; } location / { proxy_http_version 1.1; proxy_set_header Connection ""; proxy_set_header Host $host; proxy_pass http://js_sdk; proxy_send_timeout 18000; proxy_read_timeout 18000; proxy_next_upstream error timeout invalid_header http_500; proxy_connect_timeout 75; }sysctl.conf
net.core.somaxconn = 20480 #改backlog net.core.netdev_max_backlog = 20480 net.ipv4.tcp_max_syn_backlog = 20480 net.ipv4.tcp_max_tw_buckets = 800000