Inode limit:
Tune Linux for Performance
Backlog queue /Connection Queue
consider increasing net.core.somaxconn, the maximum number of connections that can be queued awaiting attention from NGINX.
it will be queued in the operating system before they are being handed over to Nginx.
etc/sysctl.conf
net.core.somaxconn = 65536
net.ipv4.tcp_max_tw_buckets = 1440000
//If there are error messages in the kernel log, increase the value until errors stop.
If you set the somaxconn key to a value greater than 512, change the backlog parameter of the NGINX listen directive to match:
server {
listen 80 backlog=65536;
# The rest of server configuration
}
File descriptors/ max of open files
sys.fs.file_max defines the system wide limit for file descriptors. nofile defines the user file descriptor limit, set in the /etc/security/limits.conf file.
system wide FD Limits
/etc/sysctl.conf
fs.file-max = 100000
ulimit -u unlimited
ulimit -u
31878
root@lemp-s-2vcpu-4gb-blr1-01:~# ulimit
unlimited
root@lemp-s-2vcpu-4gb-blr1-01:~# ulimit -u unlimited
root@lemp-s-2vcpu-4gb-blr1-01:~# ulimit -u
unlimited
cat /proc/sys/fs/file-max
813940
root@lemp-s-2vcpu-4gb-blr1-01:~# ulimit -Hn
1048576
root@lemp-s-2vcpu-4gb-blr1-01:~# ulimit -Sn
1024
root@lemp-s-2vcpu-4gb-blr1-01:~# cat /proc/sys/fs/file-max
813940
root@lemp-s-2vcpu-4gb-blr1-01:~# sysctl fs.file-max
fs.file-max = 813940
-
User Level FD Limits
- /etc/security/limits.conf
-
www-data soft nproc 100000www-data soft nofile 10000012soft nofile 4096hard nofile 4096two file descriptors for each connection increase no file to support highload by os.File Descriptors (FD)worker_rlimit_nofile 100000;
/etc/security/limits.conf
### IMPROVE SYSTEM MEMORY MANAGEMENT ###
# Increase size of file handles and inode cachefs.file-max = 2097152# Do less swappingvm.swappiness = 10vm.dirty_ratio = 60vm.dirty_background_ratio = 2### GENERAL NETWORK SECURITY OPTIONS ###
# Number of times SYNACKs for passive TCP connection.net.ipv4.tcp_synack_retries = 2# Allowed local port rangenet.ipv4.ip_local_port_range = 2000 65535# Protect Against TCP Time-Waitnet.ipv4.tcp_rfc1337 = 1# Decrease the time default value for tcp_fin_timeout connectionnet.ipv4.tcp_fin_timeout = 15# Decrease the time default value for connections to keep alivenet.ipv4.tcp_keepalive_time = 300net.ipv4.tcp_keepalive_probes = 5net.ipv4.tcp_keepalive_intvl = 15### TUNING NETWORK PERFORMANCE ###
# Default Socket Receive Buffernet.core.rmem_default = 31457280# Maximum Socket Receive Buffernet.core.rmem_max = 12582912# Default Socket Send Buffernet.core.wmem_default = 31457280# Maximum Socket Send Buffernet.core.wmem_max = 12582912# Increase number of incoming connectionsnet.core.somaxconn = 65535# Increase number of incoming connections backlognet.core.netdev_max_backlog = 65535# Increase the maximum amount of option memory buffersnet.core.optmem_max = 25165824# Increase the maximum total buffer-space allocatable# This is measured in units of pages (4096 bytes)net.ipv4.tcp_mem = 65535 131072 262144net.ipv4.udp_mem = 65535 131072 262144# Increase the read-buffer space allocatablenet.ipv4.tcp_rmem = 8192 87380 16777216net.ipv4.udp_rmem_min = 16384# Increase the write-buffer-space allocatablenet.ipv4.tcp_wmem = 8192 65535 16777216net.ipv4.udp_wmem_min = 16384# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets = 1440000net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1Paste this (at the end of the file) to /etc/security/limits.conf (using nano /etc/security/limits.conf) and save it,nginx soft nofile 2097152nginx hard nofile 2097152www-data soft nofile 2097152www-data hard nofile 2097152Paste this (at the end of the file) to /etc/pam.d/common-session (using nano /etc/pam.d/common-session) and save it,session required pam_limits.soChange listen.backlog in /etc/php5/fpm/pool.d/www.conf (using nano /etc/php5/fpm/pool.d/www.conf) and save it,listen.backlog = 65535Change workerrlimitnofile in /etc/nginx/nginx.conf (using nano /etc/nginx/nginx.conf) and save it,worker_rlimit_nofile 99999;And finally reboot 🙂Ephemeral ports – When used as a proxyTune file descriptor limits on Linux
php-fpm, also uses user as nginx server
www-data
nginx uses 2 file descriptor per connection. max connections 512 with default linux configuration.
apache uses one process per 1 connection.
default limit 1024 files for one process.
nginx is single threaded /single process.
ulimit-aS
ulimit-aH (you cannot increase above this limit without increasing kernel parameters)
to view current user limits
su www-data
and run above commands.
Updating Default Kernel Parameter Settings
to increase the number of simultaneously connection to db server
msgmni
kernel.shmmax=268435456 for 32-bit
kernel.shmmax=1073741824 for 64-bit
kernel.msgmni=1024
fs.file-max=8192
kernel.sem=”250 32000 32 1024″
kernel.shmmax=1073741824 for 64-bit
kernel.msgmni=1024
fs.file-max=8192
kernel.sem=”250 32000 32 1024″
useful commands
too, htop, vimsat,iosat, sar
-
Disable unnecessary daemons to save memory & cpu