Last active
June 20, 2022 09:15
-
-
Save dertin/2b088900683be3f28ae73f130c1267ae to your computer and use it in GitHub Desktop.
AWS EC2 t2.micro / t2.small
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/fstab | |
UUID=XXXXXXXXXXX / ext4 noatime,nodelalloc,barrier=0,i_version,commit=30,inode_readahead_blks=64,rw,errors=remount-ro 0 1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/cron.weekly/fstrim | |
# sudo chmod +x /etc/cron.weekly/fstrim | |
#!/bin/sh | |
/sbin/fstrim --all || true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/default/grub | |
## apply changes with the command: sudo update-grub | |
# add: | |
GRUB_CMDLINE_LINUX="elevator=noop" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/security/limits.conf | |
# Performance Tuning | |
* soft nproc 32768 | |
* hard nproc 65535 | |
* soft nofile 32768 | |
* hard nofile 65535 | |
root soft nproc 32768 | |
root hard nproc 65535 | |
root soft nofile 32768 | |
root hard nofile 65535 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# /etc/sysctl.conf | |
## apply changes with the command: sudo sysctl -p | |
########## Kernel start ############## | |
# Controls the System Request debugging functionality of the kernel | |
kernel.sysrq = 0 | |
# Controls whether core dumps will append the PID to the core filename | |
# Useful for debugging multi-threaded applications | |
kernel.core_uses_pid = 1 | |
# increase system file descriptor limit | |
fs.file-max = 65535 | |
#Allow for more PIDs | |
kernel.pid_max = 65536 | |
#Enable ExecShield protection | |
kernel.exec-shield = 1 | |
kernel.randomize_va_space = 1 | |
kernel.printk = 4 4 1 7 | |
kernel.panic = 10 | |
kernel.shmmax = 4294967296 | |
kernel.shmall = 4194304 | |
kernel.msgmnb = 65536 | |
kernel.msgmax = 65536 | |
########## Kernel end ############## | |
########## Swap start ############## | |
vm.swappiness = 10 | |
vm.vfs_cache_pressure = 50 | |
vm.dirty_ratio = 80 | |
vm.dirty_background_ratio = 5 | |
vm.dirty_writeback_centisecs = 12000 | |
########## Swap end ############## | |
########## IPv4 networking start ############## | |
# Controls IP packet forwarding | |
net.ipv4.ip_forward = 0 | |
# Controls source route verification | |
net.ipv4.conf.default.rp_filter = 1 | |
# Do not accept source routing | |
net.ipv4.conf.default.accept_source_route = 0 | |
# Send redirects, if router, but this is just server | |
net.ipv4.conf.all.send_redirects = 0 | |
net.ipv4.conf.default.send_redirects = 0 | |
# Accept packets with SRR option? No | |
net.ipv4.conf.all.accept_source_route = 0 | |
# Accept Redirects? No, this is not router | |
net.ipv4.conf.all.accept_redirects = 0 | |
net.ipv4.conf.all.secure_redirects = 0 | |
# Log packets with impossible addresses to kernel log? yes | |
net.ipv4.conf.all.log_martians = 1 | |
net.ipv4.conf.default.log_martians = 1 | |
net.ipv4.conf.default.accept_source_route = 0 | |
net.ipv4.conf.default.accept_redirects = 0 | |
net.ipv4.conf.default.secure_redirects = 0 | |
# Ignore all ICMP ECHO and TIMESTAMP requests sent to it via broadcast/multicast | |
net.ipv4.icmp_echo_ignore_broadcasts = 1 | |
# Turn on protection for bad icmp error messages | |
net.ipv4.icmp_ignore_bogus_error_responses = 1 | |
# Prevent against the common 'syn flood attack' | |
net.ipv4.tcp_syncookies = 1 | |
# Controls the use of TCP syncookies | |
net.ipv4.tcp_synack_retries = 2 | |
# Enable source validation by reversed path, as specified in RFC1812 | |
net.ipv4.conf.all.rp_filter = 1 | |
net.ipv4.conf.default.rp_filter = 1 | |
# TCP and memory optimization | |
# increase TCP max buffer size setable using setsockopt() | |
net.ipv4.tcp_rmem = 4096 87380 8388608 | |
net.ipv4.tcp_wmem = 4096 87380 8388608 | |
# increase Linux auto tuning TCP buffer limits | |
net.core.rmem_max = 8388608 | |
net.core.wmem_max = 8388608 | |
net.core.netdev_max_backlog = 5000 | |
net.ipv4.tcp_window_scaling = 1 | |
#Increase system IP port limits | |
net.ipv4.ip_local_port_range = 2000 65000 | |
net.ipv4.tcp_tw_reuse = 1 | |
net.ipv4.tcp_tw_recycle = 0 | |
net.ipv4.tcp_fin_timeout = 60 | |
net.ipv4.tcp_slow_start_after_idle = 0 | |
net.ipv4.tcp_mtu_probing = 1 | |
# TCP Fast Open | |
net.ipv4.tcp_fastopen = 3 | |
net.ipv4.tcp_congestion_control = htcp | |
########## IPv4 networking ends ############## | |
########## IPv6 networking start ############## | |
# Number of Router Solicitations to send until assuming no routers are present. | |
# This is host and not router | |
net.ipv6.conf.default.router_solicitations = 0 | |
# Accept Router Preference in RA? | |
net.ipv6.conf.default.accept_ra_rtr_pref = 0 | |
# Learn Prefix Information in Router Advertisement | |
net.ipv6.conf.default.accept_ra_pinfo = 0 | |
# Setting controls whether the system will accept Hop Limit settings | |
# from a router advertisement | |
net.ipv6.conf.default.accept_ra_defrtr = 0 | |
#router advertisements can cause the system to assign a global unicast | |
#address to an interface | |
net.ipv6.conf.default.autoconf = 0 | |
#how many neighbor solicitations to send out per address? | |
net.ipv6.conf.default.dad_transmits = 0 | |
# How many global unicast IPv6 addresses can be assigned to each interface? | |
net.ipv6.conf.default.max_addresses = 1 | |
########## IPv6 networking ends ############## |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment