Last active
February 19, 2024 09:52
-
-
Save jult/19decfc31ffae0b2b3fa4d48e2ffdd9f to your computer and use it in GitHub Desktop.
[Debian 12 update!] sysctl config for linux server with 8 GB DDR4 RAM or more, SSD and 1Gbe (or faster) NIC
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kernel.core_uses_pid = 1 | |
| kernel.domainname = your_local_domain_name | |
| kernel.msgmax = 65535 | |
| kernel.msgmnb = 65535 | |
| kernel.pid_max = 65535 | |
| kernel.printk = 2 3 1 2 | |
| kernel.randomize_va_space = 2 | |
| kernel.shmall = 268435456 | |
| kernel.shmmax = 268435456 | |
| kernel.sysrq = 0 | |
| fs.inotify.max_user_watches = 524288 | |
| fs.file-max = 2097152 | |
| net.core.default_qdisc = fq_codel | |
| net.core.netdev_max_backlog = 16384 | |
| net.core.rmem_default = 33554432 | |
| net.core.rmem_max = 67108864 | |
| net.core.wmem_max = 67108864 | |
| net.core.wmem_default = 33554432 | |
| net.core.somaxconn = 4096 | |
| net.core.netdev_max_backlog = 65536 | |
| net.core.optmem_max = 25165824 | |
| net.ipv4.tcp_rmem = 4096 87380 33554432 | |
| net.ipv4.tcp_wmem = 4096 65536 33554432 | |
| net.ipv4.conf.all.accept_redirects = 0 | |
| net.ipv4.conf.all.accept_source_route = 0 | |
| net.ipv4.conf.all.rp_filter = 2 | |
| net.ipv4.conf.all.secure_redirects = 0 | |
| net.ipv4.conf.all.send_redirects = 0 | |
| net.ipv4.conf.default.accept_redirects = 0 | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| net.ipv4.conf.default.rp_filter = 2 | |
| net.ipv4.conf.default.secure_redirects = 0 | |
| net.ipv4.conf.default.send_redirects = 0 | |
| net.ipv4.ip_forward = 1 | |
| net.ipv4.tcp_congestion_control = bbr | |
| net.ipv4.tcp_fin_timeout = 15 | |
| net.ipv4.tcp_keepalive_intvl = 15 | |
| net.ipv4.tcp_keepalive_probes = 5 | |
| net.ipv4.tcp_keepalive_time = 300 | |
| net.ipv4.tcp_max_syn_backlog = 4096 | |
| net.ipv4.tcp_max_tw_buckets = 1440000 | |
| net.ipv4.tcp_tw_reuse = 1 | |
| net.ipv4.tcp_mtu_probing = 1 | |
| net.ipv4.tcp_notsent_lowat = 16384 | |
| net.ipv4.tcp_rfc1337 = 1 | |
| net.ipv4.tcp_sack = 1 | |
| net.ipv4.tcp_slow_start_after_idle = 0 | |
| net.ipv4.tcp_syn_retries = 2 | |
| net.ipv4.tcp_synack_retries = 2 | |
| net.ipv4.tcp_syncookies = 1 | |
| net.ipv4.tcp_timestamps = 1 | |
| net.ipv4.tcp_window_scaling = 1 | |
| net.ipv4.tcp_timestamps=0 | |
| net.ipv4.tcp_sack=1 | |
| net.ipv4.tcp_low_latency=1 | |
| net.ipv4.tcp_adv_win_scale=1 | |
| vm.dirty_background_ratio = 4 | |
| vm.dirty_ratio = 5 | |
| vm.min_free_kbytes = 65535 | |
| vm.overcommit_memory = 1 | |
| vm.swappiness = 1 |
Note that when used inside a virtual guest, i.e. KVM VPS etc., you need to consider also doing
ethtool --offload ens3 tx-checksum-ip-generic off
ethtool -K ens3 gro off
ethtool -K ens3 tso off
(where ens3 is your NIC)
You can use /etc/rc.local to make these go live at every boot (put them in rc.local), like, for example;
#!/bin/sh
echo never > /sys/kernel/mm/transparent_hugepage/enabled
echo noop > /sys/block/vda/queue/scheduler
echo 0 > /sys/block/vda/queue/rotational
echo 0 > /sys/block/vda/queue/rq_affinity
echo 9000 > /proc/sys/vm/dirty_expire_centisecs
echo 9000 > /proc/sys/vm/dirty_writeback_centisecs
ethtool --offload ens3 tx-checksum-ip-generic off
ethtool -K ens3 gro off
ethtool -K ens3 tso off
exit 0
#disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
#disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv6.conf.lo.disable_ipv6 = 1
Often this doesn't have the effect you want it to have. What worked for me was putting
GRUB_CMDLINE_LINUX_DEFAULT="ipv6.disable=1 quiet splash"
in /etc/default/grub
Don't forget to run update-grub afterwards..
net.ipv4.tcp_timestamps is set twice:
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_timestamps = 0
net.ipv4.tcp_timestampsis set twice:net.ipv4.tcp_timestamps = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_window_scaling = 1 net.ipv4.tcp_timestamps = 0
Yes, I'd left that one in, because I wasn't sure of either option yet. As you can see in the gist's history, it was part of the lastly added entries.
Would it be useful to add?
## /etc/security/limits.conf
## System Limits for FDs
## "nofile" is "Number of Open Files"
## This is the cap on number of FDs in use concurrently.
## Set nofile to the max value of 1,048,576.
#<user> <type> <item> <value>
* soft nofile 1048576
* hard nofile 1048576
root soft nofile 1048576
root hard nofile 1048576
From https://www.linkedin.com/pulse/ec2-tuning-1m-tcp-connections-using-linux-stephen-blum/
Its also mentioned here: https://www.wikitechy.com/tutorials/linux/how-to-change-the-number-of-open-files-limit-in-linux
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is in my /etc/sysctl.conf on debian/ubuntu servers after some benchmarks and tests.
You can make these persistent after reboots by
# sysctl -p