VPS 上的 Ubuntu 18.04 优化调整记录

2019-09-19 – 1:38 上午 --- 83 次阅读

一直更新记录吧,老了记性太差了。 :sad: :sad: :sad:

#强化随机熵
sudo apt install haveged

#开启 bbr
sudo nano /etc/sysctl.conf

net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

sudo sysctl -p

#shadowsocks offcial tweak
sudo nano /etc/sysctl.conf

# max open files
fs.file-max = 51200
# max read buffer
net.core.rmem_max = 67108864
# max write buffer
net.core.wmem_max = 67108864
# default read buffer
net.core.rmem_default = 65536
# default write buffer
net.core.wmem_default = 65536
# max processor input queue
net.core.netdev_max_backlog = 4096
# max backlog
net.core.somaxconn = 4096

# resist SYN flood attacks
net.ipv4.tcp_syncookies = 1
# reuse timewait sockets when safe
net.ipv4.tcp_tw_reuse = 1
# turn off fast timewait sockets recycling
net.ipv4.tcp_tw_recycle = 0
# short FIN timeout
net.ipv4.tcp_fin_timeout = 30
# short keepalive time
net.ipv4.tcp_keepalive_time = 1200
# outbound port range
net.ipv4.ip_local_port_range = 10000 65000
# max SYN backlog
net.ipv4.tcp_max_syn_backlog = 4096
# max timewait sockets held by system simultaneously
net.ipv4.tcp_max_tw_buckets = 5000
# turn on TCP Fast Open on both client and server side
net.ipv4.tcp_fastopen = 3
# TCP receive buffer
net.ipv4.tcp_rmem = 4096 87380 67108864
# TCP write buffer
net.ipv4.tcp_wmem = 4096 65536 67108864
# turn on path MTU discovery
net.ipv4.tcp_mtu_probing = 1

# for high-latency network
net.ipv4.tcp_congestion_control = hybla

# for low-latency network, use cubic instead
# net.ipv4.tcp_congestion_control = cubic

# for 4.9+
# net.ipv4.tcp_congestion_control = bbr

sudo vim /etc/security/limits.conf

* soft nofile 81920
* hard nofile 81920
www-data soft nofile 81920
www-data hard nofile 81920
root soft nofile 81920
root hard nofile 81920

sudo nano/etc/pam.d/common-session

session required pam_limits.so

#给予程序监听底端口权限
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/sbin/overture
sudo setcap CAP_NET_BIND_SERVICE=+eip /usr/local/bin/caddy

#ubuntu 允许所有进出站
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT
sudo iptables -F
sudo netfilter-persistent save
sudo systemctl restart netfilter-persistent

#启用 rc.local
sudo nano /etc/systemd/system/rc-local.service

[Unit]
Description=/etc/rc.local Compatibility
ConditionPathExists=/etc/rc.local
[Service]
Type=forking
ExecStart=/etc/rc.local start
TimeoutSec=0
StandardOutput=tty
RemainAfterExit=yes
SysVStartPriority=99
[Install]
WantedBy=multi-user.target

printf '%s\n' '#!/bin/bash' 'exit 0' | sudo tee -a /etc/rc.local
sudo chmod +x /etc/rc.local
sudo systemctl enable rc-local
sudo systemctl start rc-local.service
sudo systemctl status rc-local.service

#改 DNS
sudo nano /etc/netplan/50-cloud-init.yaml

nameservers:
addresses: [8.8.8.8, 8.8..4.4]
addresses: [1.1.1.1, 1.0.0.1]

sudo netplan apply or sudo netplan --debug apply

Tags: , ,
点击显示引用框
引用本文,复制粘贴...

点击可把本文加入多个网络分享站点

您还可以参考以下文章:


您必须 登录 才能发表评论.