我们正在过渡到 Amazon Gnu/Linux 2023,在此迁移过程中,我遇到了一些修改内核参数的 Ansible 代码。
如果您能查看以下参数并向我提供反馈和评论,我将不胜感激。
服务器类型:Web 服务器(带 NGINX) - EC2 实例 t3a.medium
堆栈:PHP 和 Golang
# Tune Kernel
sysctl_params: [
# Network Hardening
{ name: 'net.ipv4.ip_forward', value: 0 },
{ name: 'net.ipv4.icmp_echo_ignore_broadcasts', value: 1 },
{ name: 'net.ipv4.conf.all.log_martians', value: 1 },
{ name: 'net.ipv4.conf.all.rp_filter', value: 1 },
{ name: 'net.ipv4.conf.default.rp_filter', value: 1 },
{ name: 'net.ipv6.conf.all.disable_ipv6', value: 1 },
{ name: 'net.ipv6.conf.default.disable_ipv6', value: 1 },
# Network Tunning
{ name: 'net.ipv4.ip_local_port_range', value: '1024 65535' },
{ name: 'net.ipv4.tcp_window_scaling', value: 1 },
{ name: 'net.ipv4.tcp_congestion_control', value: 'cubic' },
{ name: 'net.ipv4.tcp_syncookies', value: 1 },
{ name: 'net.ipv4.tcp_max_syn_backlog', value: 65535 },
{ name: 'net.ipv4.tcp_rmem', value: '4096 87380 16777216' },
{ name: 'net.ipv4.tcp_wmem', value: '4096 65536 16777216' },
{ name: 'net.core.somaxconn', value: 65535 },
{ name: 'net.core.rmem_max', value: 16777216 },
{ name: 'net.core.wmem_max', value: 16777216 },
{ name: 'net.core.netdev_max_backlog', value: 16384 },
{ name: 'net.ipv4.tcp_sack', value: 1 },
{ name: 'net.ipv4.tcp_fack', value: 1 }
]