我的 Ubuntu 14.04 网络服务器有问题。我们公司正在开发一款应用,这款应用通过发送 HTTP 请求来访问网络服务器。问题是,当许多 PC 或设备以某种方式连接到网络服务器时,我们的 LAN 中会出现奇怪的随机超时。我们位于路由器/NAT 后面。通过 4G 访问网络服务器完全没问题,不会超时,永远不会。设置确实很有帮助net.ipv4.tcp_timestamps = 0
,/etc/sysctl.conf
这大大减少了超时。但有时仍然会出现超时和/或与服务器的连接速度很慢。我认为速度缓慢是因为数据包丢失或数据包无法正确传送,我不知道。
该服务器具有 32GB RAM、Intel Xeon D-1540(8 核)。它运行的是 NginX 1.10 和 PHP-FPM 7.1
有人能提示一下特殊设置或者我可以尝试找到解决方案吗?
这是我的完整sysctl.conf
fs.file-max = 2097152
# Do less swapping
vm.swappiness = 10
vm.dirty_ratio = 60
vm.dirty_background_ratio = 2
### GENERAL NETWORK SECURITY OPTIONS ###
# Number of times SYNACKs for passive TCP connection.
net.ipv4.tcp_synack_retries = 2
# Allowed local port range
net.ipv4.ip_local_port_range = 2000 65535
# Protect Against TCP Time-Wait
net.ipv4.tcp_rfc1337 = 1
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout = 15
# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_probes = 5
net.ipv4.tcp_keepalive_intvl = 15
### TUNING NETWORK PERFORMANCE ###
#Helped a lot by reducing the timeouts
net.ipv4.tcp_timestamps = 0
# Default Socket Receive Buffer
net.core.rmem_default = 31457280
# Maximum Socket Receive Buffer
net.core.rmem_max = 12582912
# Default Socket Send Buffer
net.core.wmem_default = 31457280
# Maximum Socket Send Buffer
net.core.wmem_max = 12582912
# Increase number of incoming connections
net.core.somaxconn = 50000
# Increase number of incoming connections backlog
net.core.netdev_max_backlog = 65536
# Increase the maximum amount of option memory buffers
net.core.optmem_max = 25165824
# Increase the maximum total buffer-space allocatable
# This is measured in units of pages (4096 bytes)
net.ipv4.tcp_mem = 65536 131072 262144
net.ipv4.udp_mem = 65536 131072 262144
# Increase the read-buffer space allocatable
net.ipv4.tcp_rmem = 8192 87380 16777216
net.ipv4.udp_rmem_min = 16384
# Increase the write-buffer-space allocatable
net.ipv4.tcp_wmem = 8192 65536 16777216
net.ipv4.udp_wmem_min = 16384
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets = 1440000
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_reuse = 1
# Disable TCP slow start on idle connections
net.ipv4.tcp_slow_start_after_idle = 0
NginX 配置(摘录):
events {
worker_connections 4096;
multi_accept on;
use epoll;
}
http {
client_body_buffer_size 10K;
client_header_buffer_size 1k;
client_max_body_size 8m;
large_client_header_buffers 4 16k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 0;
send_timeout 10;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
types_hash_max_size 2048;
}
答案1
如果有多个用户通过 NAT 设备连接到此 Web 服务器,则net.ipv4.tcp_tw_recycle = 1
将要给您带来问题。
请参见这里了解该问题的详细描述。
当远程主机实际上是 NAT 设备时,时间戳条件将禁止除 NAT 设备后面的主机之外的所有主机在一分钟内进行连接,因为它们不共享相同的时间戳时钟。如有疑问,最好禁用此选项,因为它会导致难以检测和诊断的问题。