archlinux-server-optimization.sh

archlinux-server-optimization.sh

#!/bin/sh
# Archlinux Server Optimization

cat > /etc/systemd/user.conf <<EOF
DefaultLimitNOFILE = 1048576
EOF

cat > /etc/systemd/system.conf <<EOF
DefaultLimitNOFILE = 2097152
EOF

cat >> /etc/sysctl.d/bbr.conf <<EOF
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
EOF

cat >> /etc/sysctl.d/99-sysctl.conf <<EOF
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

net.core.somaxconn = 4096
net.core.netdev_max_backlog = 4096

net.ipv4.ip_forward = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 0

# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864

# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536

# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864

# This server might have 200 clients simultaneously, so:
#   max(tcp_wmem) * 2 * 200 / 4096
net.ipv4.tcp_mem = 33554432 33554432 33554432

# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1

net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_no_metrics_save = 1

net.ipv4.tcp_syn_retries = 2
net.ipv4.tcp_synack_retries = 2

#设置较小的数值，可以有效降低orphans的数量（net.ipv4.tcp_orphan_retries = 0并不是想像中的不重试）
net.ipv4.tcp_orphan_retries = 1

# Disable TCP SACK (TCP Selective Acknowledgement),
# DSACK (duplicate TCP SACK), and FACK (Forward Acknowledgement)
net.ipv4.tcp_sack = 0
net.ipv4.tcp_dsack = 0
net.ipv4.tcp_fack = 0

# Disable the gradual speed increase that's useful
# on variable-speed WANs but not for us
net.ipv4.tcp_slow_start_after_idle = 0

# SYN队列的长度，时常称之为未建立连接队列。加大该值，可以容纳更多的等待连接的网络连接数
net.ipv4.tcp_max_syn_backlog = 8192

# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 4096

# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3

# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1

# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1

# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0

net.ipv4.tcp_timestamps = 1

# 表示如果套接字由本端要求关闭，这个参数决定了它保持在FIN-WAIT-2状态的时间
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 60
net.ipv4.tcp_keepalive_probes = 3
net.ipv4.tcp_keepalive_intvl = 10
net.ipv4.ip_local_port_range = 1024 65000
EOF

cat >> /etc/sysctl.d/40-ipv6.conf <<EOF
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.lo.disable_ipv6=1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv6.conf.all.use_tempaddr = 2
net.ipv6.conf.default.use_tempaddr = 2
net.ipv6.conf.br0.use_tempaddr = 2
net.ipv6.conf.ppp0.accept_ra = 2
EOF

# Reload sysctl.conf
#sysctl -e -q -p
systemctl restart systemd-sysctl.service

exit 0