我正在尝试优化 Digital Ocean droplet(512mb),并使用 loader.io 进行测试
我正在测试我的主页,它是 HTTPS / PHP。我设置了 FastCGI 页面缓存,这使我的请求速度从 100 次/秒提高到了 2,000 次/秒。
但任何超过 2,000 个请求/秒的情况都会导致大量超时和响应缓慢(从平均 20 毫秒变为平均 1500 毫秒)。我正在尝试找出瓶颈。它还不是 CPU/内存,因为负载几乎未达到 0.30,内存使用率约为一半。我尝试调整为更大的 droplet,但超时仍然发生。
它不是 FastCGI,因为负载测试性能在基本 .html 文件上几乎相同。
在超时期间,error.log 为空。似乎没有任何东西引发错误(我能找到的)。Kern.log 有以下日志:
TCP: Possible SYN flooding on port 80. Sending cookies. Check SNMP counters
TCP: Possible SYN flooding on port 443. Sending cookies. Check SNMP counters.
我尝试禁用 syncookies,这可以停止这些错误,但超时仍然存在。
在超时期间,我开始看到 TIME_WAIT 的积累:
netstat -ntla | awk '{print $6}' | sort | uniq -c | sort -rn
6268 ESTABLISHED
831 TIME_WAIT
6 LISTEN
2 FIN_WAIT1
1 Foreign
1 established)
我的问题是,我还可以在哪里找到瓶颈?还有其他错误日志或命令可以用来监视吗?
这是我的 nginx.conf(FastCGI 和常规浏览器缓存在我的默认文件中)。我尝试过 multi_accept,这似乎加剧了超时问题。我知道 worker_connections 太荒谬了,但无论我将其提高或降低多少似乎都无济于事:
user www-data;
worker_processes auto;
worker_rlimit_nofile 200000;
pid /run/nginx.pid;
events {
worker_connections 200000;
# multi_accept on;
use epoll;
}
http {
##
# Basic Settings
##
open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
server_tokens off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 30;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# Logging Settings
##
access_log off;
# access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
这是我的 sysctl.conf
### IMPROVE SYSTEM MEMORY MANAGEMENT ###
# Increase size of file handles and inode cache
fs.file-max = 2097152
# Do less swapping
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
### GENERAL NETWORK SECURITY OPTIONS ###
# Number of times SYNACKs for passive TCP connection.
net.ipv4.tcp_synack_retries = 2
# Allowed local port range
net.ipv4.ip_local_port_range = 2000 65535
# Protect Against TCP Time-Wait
net.ipv4.tcp_rfc1337 = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_syncookies = 1
### TUNING NETWORK PERFORMANCE ###
# Default Socket Receive Buffer
net.core.rmem_default = 31457280
# Maximum Socket Receive Buffer
net.core.rmem_max = 12582912
# Default Socket Send Buffer
net.core.wmem_default = 31457280
# Maximum Socket Send Buffer
net.core.wmem_max = 12582912
# Increase number of incoming connections
net.core.somaxconn = 4096
我将这些放入 limits.conf 中:
* hard nofile 500000
* soft nofile 500000
root hard nofile 500000
root soft nofile 500000