系统优化
系统内核优化参考
$ cat /etc/sysctl.conf
net.ipv4.tcp_max_syn_backlog = 65536
net.core.netdev_max_backlog = 36768
net.core.somaxconn = 36768
net.core.wmem_default = 8588608
net.core.rmem_default = 8588608
net.core.rmem_max = 16877216
net.core.wmem_max = 16877216
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_max_orphans = 3376800
net.ipv4.ip_local_port_range = 1024 65535
$ sysctl -p
$ cat /etc/security/limit.conf
* hard nofile 65535
* soft nofile 65535
Nginx配置优化
#user nobody;
worker_processes 4;
worker_cpu_affinity 0001 0010 0100 1000;
worker_rlimit_nofile 65535;
#pid logs/nginx.pid;
events {
use epoll;
worker_connections 65535;
multi_accept on;
}
http {
include /usr/local/nginx/conf/conf.d/*.conf
include mime.types;
default_type application/octet-stream;
#access_log logs/access.log main;
log_format main '$http_X_Real_IP $http_CLIENTIP $remote_addr $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for" $request_time';
sendfile on;
tcp_nopush on;
keepalive_timeout 60;
keepalive_requests 10240;
tcp_nodelay on;
client_header_buffer_size 4k;
open_file_cache max=102400 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
client_header_timeout 15;
client_body_timeout 15;
reset_timedout_connection on;
send_timeout 15;
server_tokens off;
client_max_body_size 10m;
gzip off;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_types text/plain application/x-javascript text/css application/xml;
gzip_vary on;
fastcgi_connect_timeout 600;
fastcgi_send_timeout 600;
fastcgi_read_timeout 600;
fastcgi_buffer_size 64k;
fastcgi_buffers 4 64k;
fastcgi_busy_buffers_size 128k;
fastcgi_temp_file_write_size 128k;
fastcgi_temp_path /usr/local/nginx/fastcgi_temp;
server {
listen 80;
listen 443 ssl;
server_name www.pansn.cn;
ssl_certificate /usr/local/nginx/crt/pansn.cn.crt;
ssl_certificate_key /usr/local/nginx/crt/pansn.cn.key;
ssl_session_cache shared:sslcace:20m;
ssl_session_timeout 10m;
# ssl_protocls SSLv2 SSLv3 TLSv1;
root /data/www;
index index.html index.htm index.php;
location / {
if ( $scheme = http ){
rewrite / https://www.pansn.cn permanent;
}
}
location ~* .(ico|jpe?g|gif|png|bmp|swf|flv)$ {
expires 30d;
#log_not_found off;
access_log off;
}
location ~* .(js|css)$ {
expires 7d;
log_not_found off;
access_log off;
}
location ~ .php$ {
alias /data/www;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
}
php优化
[root@s2 ~]# cat /etc/php-fpm.d/www.conf
[www]
listen = 127.0.0.1:9000 #监听地址及IP
listen.allowed_clients = 127.0.0.1 #允许客户端从哪个源IP地址访问,要允许所有行首加 ;注释即可 user = nginx #php-fpm启动的用户和组,会涉及到后期文件的权限问题
group = nginx
pm = dynamic #动态模式进程管理
pm.max_children = 500 #静态方式下开启的php-fpm进程数量,在动态方式下他限定php-fpm的最大进程数 pm.start_servers = 100 #动态模式下初始进程数,必须大于等于pm.min_spare_servers 和小于等于 pm.max_children 的值。
pm.min_spare_servers = 100 #最小空闲进程数
pm.max_spare_servers = 200 #最大空闲进程数
pm.max_requests = 500000 #进程累计请求回收值,会重启
pm.status_path = /pm_status #状态访问URL
ping.path = /ping #ping访问动地址
ping.response = ping-pong #ping返回值
slowlog = /var/log/php-fpm/www-slow.log #慢日志路径
php_admin_value[error_log] = /var/log/php-fpm/www-error.log #错误日志 php_admin_flag[log_errors] = on
php_value[session.save_handler] = files #phpsession 保存方式及路径 php_value[session.save_path] = /var/lib/php/session #当时使用file保存session的文件路