달력

4

« 2019/4 »

  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  •  
  •  
  •  
  •  
2019.04.18 08:54

Linux, nginx, PHP-FPM, MySQL 최적화 분류없음2019.04.18 08:54

Configuring Your LEMP System (Linux, nginx, MySQL, PHP-FPM) For Maximum Performance
Version 1.0 
Author: Falko Timme 
 Follow me on Twitter

If you are using nginx as your webserver, you are looking for a performance boost and better speed. nginx is fast by default, but you can optimize its performance and the performance of all parts (like PHP and MySQL) that work together with nginx. Here is a small, incomprehensive list of tips and tricks to configure your LEMP system (Linux, nginx, MySQL, PHP-FPM) for maximum performance. These tricks work for me, but your mileage may vary. Do not implement them all at once, but one by one and check what effect the modification has on your system's performance.

 
 
1 Reducing Disk I/O By Mounting PArtitions With noatime And nodiratime
Add noatime and nodiratime to your mount options in /etc/fstab:

vi /etc/fstab
# /etc/fstab: static file system information.
#
# Use 'blkid' to print the universally unique identifier for a
# device; this may be used with UUID= as a more robust way to name devices
# that works even if disks are added and removed. See fstab(5).
#
#                
proc            /proc           proc    defaults        0       0
# / was on /dev/sda2 during installation
UUID=9cc886cd-98f3-435a-9830-46b316e2a20e /               ext3    errors=remount-ro,noatime,nodiratime,usrjquota=quota.user,grpjquota=quota.group,jqfmt=vfsv0 0       1
# swap was on /dev/sda1 during installation
UUID=bba13162-121d-40a4-90a7-10f78a0097ae none            swap    sw              0       0
/dev/scd0       /media/cdrom0   udf,iso9660 user,noauto     0       0

#Parallels Shared Folder mount
none         /media/psf   prl_fs   sync,nosuid,nodev,noatime,share,nofail     0       0
Remount the modified partitions as follows (make sure you use the correct mount point for each partition):

mount -o remount /
You can read more about this in this howto: Reducing Disk IO By Mounting Partitions With noatime

 

2 Tuning nginx
2.1 worker_processes
Make sure you use the correct amount of worker_processes in your /etc/nginx/nginx.conf. This should be equal to the amount of CPU cores in the output of

cat /proc/cpuinfo | grep processor
root@server1:~# cat /proc/cpuinfo | grep processor
 processor : 0
 processor : 1
 processor : 2
 processor : 3
 processor : 4
 processor : 5
 processor : 6
 processor : 7
 root@server1:~#
In this example, we have eight CPU cores, so we set

vi /etc/nginx/nginx.conf
[...]
worker_processes 8;
[...]
 

2.2 keepalive_timeout, sendfile, tcp_nopush, tcp_nodelay
Set keepalive_timeout to a sensible value like two seconds. Enable sendfile, tcp_nopush, and tcp_nodelay:

vi /etc/nginx/nginx.conf
[...]
http {
[...]
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 2;
        types_hash_max_size 2048;
        server_tokens off;
[...]
}
[...]
 

2.3 File Cache
Enable the nginx file cache:

vi /etc/nginx/nginx.conf
[...]
http {
[...]
        ##
        # File Cache Settings
        ##

        open_file_cache          max=5000  inactive=20s;
        open_file_cache_valid    30s;
        open_file_cache_min_uses 2;
        open_file_cache_errors   on;
[...]
}
[...]
 

2.4 Enable Gzip Compression
You can read more about Gzip compression here: How To Save Traffic With nginx's HttpGzipModule (Debian Squeeze)

vi /etc/nginx/nginx.conf
[...]
http {
[...]
        ##
        # Gzip Settings
        ##

        gzip on;
        gzip_static on;
        gzip_disable "msie6";
        gzip_http_version 1.1;
        gzip_vary on;
        gzip_comp_level 6;
        gzip_proxied any;
        gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript text/x-js;
        gzip_buffers 16 8k;
[...]
}
[...]
 

2.5 Enable The SSL Session Cache
If you serve https web sites, you should enable the SSL session cache:

vi /etc/nginx/nginx.conf
[...]
http {
[...]
        ssl_session_cache    shared:SSL:10m;
        ssl_session_timeout  10m;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers on;
[...]
}
[...]
 

2.6 Use The FastCGI Cache
If you have cacheable PHP content, you can use the nginx FastCGI cache to cache that content. In your nginx.conf, add a line similar to this one:

vi /etc/nginx/nginx.conf
[...]
http {
[...]
        fastcgi_cache_path /var/cache/nginx levels=1:2 keys_zone=microcache:10m max_size=1000m inactive=60m;
[...]
}
[...]
The cache directory /var/cache/nginx must exist and be writable for nginx:

mkdir /var/cache/nginx
 chown www-data:www-data /var/cache/nginx
 

(By using tmpfs, you can even place the directory directly in your server's memory which provides another small speed advantage - take a look at this tutorial to learn more: Storing Files/Directories In Memory With tmpfs).

In your vhost configuration, add the following block to your location ~ \.php$ {} section (you can modify it depending on when content should be cached and when not):

[...]
                # Setup var defaults
                set $no_cache "";
                # If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie
                if ($request_method !~ ^(GET|HEAD)$) {
                    set $no_cache "1";
                }
                # Drop no cache cookie if need be
                # (for some reason, add_header fails if included in prior if-block)
                if ($no_cache = "1") {
                    add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
                    add_header X-Microcachable "0";
                }
                # Bypass cache if no-cache cookie is set
                if ($http_cookie ~* "_mcnc") {
                            set $no_cache "1";
                }
                # Bypass cache if flag is set
                fastcgi_no_cache $no_cache;
                fastcgi_cache_bypass $no_cache;
                fastcgi_cache microcache;
                fastcgi_cache_key $scheme$host$request_uri$request_method;
                fastcgi_cache_valid 200 301 302 10m;
                fastcgi_cache_use_stale updating error timeout invalid_header http_500;
                fastcgi_pass_header Set-Cookie;
                fastcgi_pass_header Cookie;
                fastcgi_ignore_headers Cache-Control Expires Set-Cookie;
[...]
 

So the full location ~ \.php$ {} section could look as follows:

[...]
location ~ \.php$ {

                # Setup var defaults
                set $no_cache "";
                # If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie
                if ($request_method !~ ^(GET|HEAD)$) {
                    set $no_cache "1";
                }
                # Drop no cache cookie if need be
                # (for some reason, add_header fails if included in prior if-block)
                if ($no_cache = "1") {
                    add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/";
                    add_header X-Microcachable "0";
                }
                # Bypass cache if no-cache cookie is set
                if ($http_cookie ~* "_mcnc") {
                            set $no_cache "1";
                }
                # Bypass cache if flag is set
                fastcgi_no_cache $no_cache;
                fastcgi_cache_bypass $no_cache;
                fastcgi_cache microcache;
                fastcgi_cache_key $scheme$host$request_uri$request_method;
                fastcgi_cache_valid 200 301 302 10m;
                fastcgi_cache_use_stale updating error timeout invalid_header http_500;
                fastcgi_pass_header Set-Cookie;
                fastcgi_pass_header Cookie;
                fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass unix:/var/lib/php5-fpm/web1.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_script_name;
                fastcgi_intercept_errors on;
}
[...]
This would cache pages with the return codes 200, 301, and 302 for ten minutes.

You can read more about this topic here: Why You Should Always Use Nginx With Microcaching

 

2.7 Use FastCGI Buffers
In your vhost configuration, you can add the following lines to your location ~ \.php$ {} section:

[...]
                fastcgi_buffer_size 128k;
                fastcgi_buffers 256 16k;
                fastcgi_busy_buffers_size 256k;
                fastcgi_temp_file_write_size 256k;
                fastcgi_read_timeout 240;
[...]
 

The full location ~ \.php$ {} section could look as follows:

[...]
location ~ \.php$ {
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                fastcgi_pass unix:/var/lib/php5-fpm/web1.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_script_name;
                fastcgi_intercept_errors on;

                fastcgi_buffer_size 128k;
                fastcgi_buffers 256 16k;
                fastcgi_busy_buffers_size 256k;
                fastcgi_temp_file_write_size 256k;
                fastcgi_read_timeout 240;
}
[...]
 

2.8 Use memcached
nginx can read full pages directly from memcached. So if your web application is capable of storing full pages in memcached, nginx can fetch that page from memcached. An example configuration (in your vhost) would be as follows:

[...]
        location ~ \.php$ {
                set $no_cache "";
                if ($query_string ~ ".+") {
                        set $no_cache "1";
                }
                if ($request_method !~ ^(GET|HEAD)$ ) {
                        set $no_cache "1";
                }
                if ($request_uri ~ "nocache") {
                        set $no_cache "1";
                }
                if ($no_cache = "1") {
                        return 405;
                }

                set $memcached_key $host$request_uri;
                memcached_pass     127.0.0.1:11211;
                default_type text/html;
                error_page 404 405 502 = @php;
                expires epoch;
        }

        location @php {
                        try_files $uri =404;
                        include /etc/nginx/fastcgi_params;
                        fastcgi_pass unix:/var/lib/php5-fpm/web1.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_param PATH_INFO $fastcgi_script_name;
                        fastcgi_intercept_errors on;
        }
[...]
It is important that your web application uses the same key for storing pages in memcached that nginx uses to fetch these pages from memcached (in this example it's $host$request_uri), otherwise this will not work.

If you store lots of data in memcached, make sure you have allocated enough RAM to memcached, e.g.:

vi /etc/memcached.conf
[...]
# Start with a cap of 64 megs of memory. It's reasonable, and the daemon default
# Note that the daemon will grow to this size, but does not start out holding this much
# memory
-m 512
[...]
 

2.9 Make Browsers Cache Static Files With The expires Directive
Files (like images, CSS, JS, etc.) that don't change often can be cached by the visitor's browser by using the expires directive (see http://wiki.nginx.org/HttpHeadersModule#expires):

[...]
               location ~*  \.(jpg|jpeg|png|gif|ico)$ {
                         expires 365d;
               }
[...]
 

2.10 Disable Logging For Static Files
Normally it doesn't make much sense to log images or CSS files in the access log. To reduce disk I/O, we can disable logging for such files, e.g. as follows:

[...]
               location ~*  \.(jpg|jpeg|png|gif|ico)$ {
                         log_not_found off;
                         access_log off;
               }
[...]
 

3 Tuning PHP-FPM
3.1 Use A PHP Opcode Cache Like Xcache Or APC
Make sure you have a PHP opcode cache such as Xcache or APC installed. On Debian/Ubuntu, Xcache can be installed as follows:

apt-get install php5-xcache
APC can be installed as follows:

apt-get install php-apc
Make sure you have just one installed (either Xcache or APC), not both. Reload PHP-FPM after the installation:

/etc/init.d/php5-fpm reload
 

3.2 Allocate Enough Memory To Xcache/APC
If you have lots of PHP scripts, you should probably raise the memory that is allocated to Xcache or APC. For Xcache, you can do this in /etc/php5/conf.d/xcache.ini:

vi /etc/php5/conf.d/xcache.ini
[...]
xcache.size  =                512M
[...]
Likewise for APC:

vi /etc/php5/conf.d/apc.ini
[...]
apc.shm_size="512"
[...]
Reload PHP-FPM after your modification:

/etc/init.d/php5-fpm reload
 

3.3 PHP-FPM Emergency Settings
This is more of a reliability setting than a performance setting: PHP-FPM can restart itself if it stops working:

vi /etc/php5/fpm/php-fpm.conf
[...]
; If this number of child processes exit with SIGSEGV or SIGBUS within the time
; interval set by emergency_restart_interval then FPM will restart. A value
; of '0' means 'Off'.
; Default Value: 0
emergency_restart_threshold = 10

; Interval of time used by emergency_restart_interval to determine when
; a graceful restart will be initiated.  This can be useful to work around
; accidental corruptions in an accelerator's shared memory.
; Available Units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
emergency_restart_interval = 1m

; Time limit for child processes to wait for a reaction on signals from master.
; Available units: s(econds), m(inutes), h(ours), or d(ays)
; Default Unit: seconds
; Default Value: 0
process_control_timeout = 10s
[...]
 

3.4 For PHP >= 5.3.9: Use The ondemand Process Manager
If you use PHP >= 5.3.9, you can use the ondemand process manager in a PHP-FPM pool instead of static or dynamic, this will save you some RAM:

[...]
pm = ondemand
pm.max_children = 100
pm.process_idle_timeout = 5s
[...]
 

3.5 Use Unix Sockets Instead Of TCP Sockets
To reduce networking overhead, you should configure your pools to use Unix sockets instead of TCP:

[...]
;listen = 127.0.0.1:9000
listen = /var/lib/php5-fpm/www.sock
listen.owner = www-data
listen.group = www-data
listen.mode = 0660
[...]
If you change this, you must of course adjust the location ~ \.php$ {} section in your nginx vhost to use the socket (fastcgi_pass unix:/var/lib/php5-fpm/www.sock; instead of fastcgi_pass 127.0.0.1:9000;):

[...]
location ~ \.php$ {
                try_files $uri =404;
                include /etc/nginx/fastcgi_params;
                ##fastcgi_pass 127.0.0.1:9000;
                fastcgi_pass unix:/var/lib/php5-fpm/www.sock;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PATH_INFO $fastcgi_script_name;
                fastcgi_intercept_errors on;
}
[...]
 

3.6 Avoid 502 Bad Gateway Errors With Sockets On Busy Sites
If you use Unix sockets with PHP-FPM, you might encounter random 502 Bad Gateway errors with busy websites. To avoid this, we raise the max. number of allowed connections to a socket. Open /etc/sysctl.conf...

vi /etc/sysctl.conf
... and set:

[...]
net.core.somaxconn = 4096
[...]
Run

sysctl -p
afterwards for the change to take effect.

 

4 Tuning MySQL
4.1 Optimize Your my.cnf
You should use scripts such as mysqltuner.pl or tuning-primer.sh (or both) to find out which settings you should adjust in your my.cnf file. One of the most important variables is query_cache_size, and, if you use InnoDB tables, innodb_buffer_pool_size.

This is an example configuration from a test server with 16GB RAM, about 30 databases with 50% MyISAM tables and 50% InnoDB tables - this worked out quite well for database-driven test sites that were stressed with a benchmark tool (ab):

[...]
key_buffer = 256M

max_allowed_packet = 16M
thread_stack = 192K
thread_cache_size = 100

table_open_cache = 16384
table_definition_cache = 8192

sort_buffer_size = 256K

read_buffer_size = 128K

read_rnd_buffer_size = 256K

myisam_sort_buffer_size = 64M
myisam_use_mmap = 1
thread_concurrency = 10
wait_timeout = 30

myisam-recover = BACKUP,FORCE

query_cache_limit = 10M
query_cache_size = 1024M
query_cache_type = 1

join_buffer_size = 4M

log_slow_queries        = /var/log/mysql/mysql-slow.log
long_query_time = 1

expire_logs_days        = 10
max_binlog_size         = 100M

innodb_buffer_pool_size = 2048M
innodb_log_file_size = 256M
innodb_log_buffer_size = 16M
innodb_flush_log_at_trx_commit = 0
innodb_thread_concurrency = 8
innodb_read_io_threads = 64
innodb_write_io_threads = 64
innodb_io_capacity = 50000
innodb_flush_method = O_DIRECT
innodb_file_per_table
innodb_additional_mem_pool_size = 256M
transaction-isolation = READ-COMMITTED

innodb_support_xa = 0
innodb_commit_concurrency = 8
innodb_old_blocks_time = 1000
[...]
Please note: If you need ACID compliance, you must set innodb_flush_log_at_trx_commit to 1. You can find out more about this on http://dev.mysql.com/doc/refman/5.5/en/innodb-parameters.html#sysvar_innodb_flush_log_at_trx_commit.

innodb_io_capacity should be set to high values only if you use MySQL on an SSD. If you use it on a normal hard drive, you better leave that line out.

 

4.2 Use An SSD
You can get a big performance boost by using MySQL with a solid state disk (SSD) as this reduces disk I/O a lot. The easiest way to do this is by mounting the /var/lib/mysql directory to an SSD.

 

5 Web Application Caching
Lots of web applications (such as WordPress with the WP Super Cache or W3 Total Cache plugins, Drupal with the Boost module, TYPO3 with the nc_staticfilecache extension) offer the possibility to create a full page cache which is stored on the hard drive and which can be accessed directly by nginx so that it can bypass the whole PHP-MySQL stack. This provides a huge performance boost.

You can find tutorials about this here:

Running WordPress On Nginx (LEMP) On Debian Squeeze/Ubuntu 11.04
Running Drupal 7.7 On Nginx (LEMP) On Debian Squeeze/Ubuntu 11.04
Running TYPO3 4.6 On Nginx (LEMP) On Debian Squeeze/Ubuntu 11.10
You can speed the static file cache up even more by placing it directly in the server's memory with the tmpfs filesystem:

Storing Files/Directories In Memory With tmpfs

Of course, you can use tmpfs also for the nginx FastCGI cache from chapter 2.6.

 

6 Links
nginx Wiki: http://wiki.nginx.org/Main
PHP: http://www.php.net/
PHP-FPM: http://php-fpm.org/
MySQL: http://www.mysql.com/

Posted by 멋지다마라송

리눅스 서버 관리 - Parallel SSH - SSH 를 이용해서 여러대 리눅스 머신으로 명령어 보내기


중앙 서버에서 여러대의 리눅스 서버로 명령어를 보내도록 만들어서 편하게 관리할 수 있습니다.


먼저 Parallel SSH 를 설치합니다. 유저 user 는 루트 root 로 설치합니다.

# Debian 또는 Ubuntu
apt install python-pip python-setuptools
pip install parallel-ssh
apt install pssh

# 레드헷 RHEL, CentOS
yum install python-pip python-setuptools
pip install parallel-ssh
yum install pssh



아래와 같이 3대의 서버가 있다고 한다면,

1번 서버 : 192.168.1.100 : 중앙서버 : 이 서버에만 로그인을 해서 명령을 실행합니다.

2번 서버 : 192.168.1.101 : 호스트1 : 원격 명령이 실행될 서버1

3번 서버 : 192.168.1.102 : 호스트2 : 원격 명령이 실행될 서버2


1번 서버 : 중앙서버에서 SSH 퍼블릭 키를 만듭니다.


marasong@vm-marasong:~$ ssh-keygen -t rsa

Generating public/private rsa key pair.

Enter file in which to save the key (/home/marasong/.ssh/id_rsa): [엔터]

Enter passphrase (empty for no passphrase): [엔터]

Enter same passphrase again: [엔터]

Your identification has been saved in /home/marasong/.ssh/id_rsa.

Your public key has been saved in /home/marasong/.ssh/id_rsa.pub.

The key fingerprint is:


생성된 퍼블릭 키값을 호스트1, 2 두 서버에 복사합니다.

cat ~/.ssh/id_rsa.pub 


이런 형태로 나오는데,

2번 서버 : 192.168.1.101 / 3번 서버 : 192.168.1.102 : ~/.ssh/authorized_keys 파일에 저 내용을 복사합니다.


2번, 3번 서버에 .ssh 디렉토리가 없다면 디렉토리를 만들고 퍼미션을 수정합니다.

mkdir .ssh

chmod 700 .ssh

chmod 640 .ssh/authorized_keys


이제 1번 서버에서 2번, 3번 서버로 ssh 로그인을 해봅니다. 암호 없이 로그인이 가능해야 합니다.

ssh userID@192.168.1.101 -p 22

ssh userID@192.168.1.102 -p 22



2번, 3번 서버 정보를 hosts.test 파일로 저장합니다.


userID@192.168.1.101:22

userID@192.168.1.102:22


이제 아래와 같은 방법으로 여러 서버로 명령을 내릴 수 있습니다.


/usr/bin/parallel-ssh -i -h hosts.test "ls -al"




이걸 아래처럼 배시 스크립트로 만들어두면 편하게 이용할 수 있습니다.


#!/bin/bash


cmd_text=${1}


if [ -z "${cmd_text}" ]

then

        # 입력 파라미터 값이 없을때 기본값 정의

        cmd_text="ls"

fi


/usr/bin/parallel-ssh -i -h /home/ubuntu/hosts.test "${cmd_text}"



참고 : https://www.tecmint.com/




Posted by 멋지다마라송

리눅스 서버 모니터링 - 모니터릭스 https://www.monitorix.org/




레드헷 계열 : EPEL (Extra Packages for Enterprise Linux) 에서 설치.
 

yum install -y htop iotop iptraf vmstat strace wget cpan

yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm

yum install --enablerepo=epel -y rrdtool rrdtool-perl perl-libwww-perl perl-MailTools perl-MIME-Lite perl-CGI perl-DBI perl-XML-Simple perl-Config-General perl-HTTP-Server-Simple perl-IO-Socket-SSL


cd /usr/local/src
wget http://www.monitorix.org/monitorix-3.10.1-1.noarch.rpm
rpm -ivh monitorix-3.10.1-1.noarch.rpm
service monitorix start


chkconfig --level 35 monitorix on


/etc/monitorix/monitorix.conf 파일에서 사용 포트 수정.

아이디/비번 팝업 설정. 
mysql 이 있다면 사용하도록 수정.


서비스 시작.
 

service monitorix start



----------------------


우분투 계열
 

apt-get update
apt-get install rrdtool perl libwww-perl libmailtools-perl libmime-lite-perl librrds-perl libdbi-perl libxml-simple-perl libhttp-server-simple-perl libconfig-general-perl libio-socket-ssl-perl
wget http://www.monitorix.org/monitorix_3.10.1-izzy1_all.deb
dpkg -i monitorix_3.10.1-izzy1_all.deb


CPU Load 


MySQL Statistics


Netstat Statistics



참고 :
https://www.tecmint.com/monitorix-a-lightweight-system-and-network-monitoring-tool-for-linux/
https://www.monitorix.org/

Posted by 멋지다마라송

CentOS 센트OS - 파라미터 최적화 스크립트


첨부파일 참조하여 주세요 ~ 

check.centos.sh


root 루트로 실행해야 합니다.


스왑이 0 일때 (스왑 파일이 없는 경우) echo 로 출력되는 부분을 그대로 한줄씩 실행하면 됩니다.


대신 메모리가 1기가라면

dd if=/dev/zero of=/data/swapfile bs=1M count=1024


8기가라면

dd if=/dev/zero of=/data/swapfile bs=1M count=8192


이렇게 실행하시면 됩니다.


#!/bin/bash

#echo -e "32768\t61000" > /proc/sys/net/ipv4/ip_local_port_range
#$ sysctl -w net.ipv4.tcp_wmem="253952 253952 16777216"
#$ sysctl fs.file-max
#$ sysctl fs.file-nr 

echo "----------------------------------"
check_value=`getenforce`
echo "GetEnforce : ${check_value}"
echo "----------------------------------"
echo -e "Parameter\tNow\tRecommand"
echo "----------------------------------"

# Recommand value = 0
recom_value="0"
for check_param in net.ipv4.tcp_timestamps net.ipv4.conf.all.accept_source_route net.ipv4.ip_forward net.ipv4.conf.all.accept_redirects net.ipv4.tcp_tw_reuse
do
        check_param2=${check_param%*.*}
        check_param3=`echo ${check_param} | sed -e "s/${check_param2}//" | cut -c 2-`
        check_value=`sysctl -n ${check_param}`

        if [ "$check_value" -eq "${recom_value}" ]
        then 
                echo -e "${check_param3}\t${check_value}\t${recom_value}\t OK"
        else
                echo -e "${check_param3}\t${check_value}\t${recom_value}"
                read -s -n1 -p "    ${check_param3} ${check_value}->${recom_value} : Submit Now? (y/n) : " submit_yn
                if [ "$submit_yn" == "y" ]
                then
                        echo -e "\tsysctl -w ${check_param}=${recom_value}"
                        echo "$check_param = \"${recom_value}\"" >> /etc/sysctl.conf 
                fi
                echo ${submit_yn}
        fi
done

# Recommand value = 1
recom_value="1"
for check_param in net.ipv4.icmp_echo_ignore_broadcasts net.ipv4.conf.all.log_martians net.ipv4.tcp_syncookies net.ipv4.tcp_window_scaling 
do
        check_param2=${check_param%*.*}
        check_param3=`echo ${check_param} | sed -e "s/${check_param2}//" | cut -c 2-`
        check_value=`sysctl -n ${check_param}`

        if [ "$check_value" -eq "${recom_value}" ]
        then 
                echo -e "${check_param3}\t${check_value}\t${recom_value}\t OK"
        else
                echo -e "${check_param3}\t${check_value}\t${recom_value}"
                read -s -n1 -p "    ${check_param3} ${check_value}->${recom_value} : Submit Now? (y/n) : " submit_yn
                if [ "$submit_yn" == "y" ]
                then
                        echo -e "\tsysctl -w ${check_param}=${recom_value}"
                        echo "$check_param = \"${recom_value}\"" >> /etc/sysctl.conf 
                fi
                echo ${submit_yn}
        fi
done


check_value=`sysctl -n .net.ipv4.ip_local_port_range`
echo -e "Port.Range\t${check_value}\t1024\t65535"
check_value=`sysctl -n .net.ipv4.tcp_max_syn_backlog`
echo -e "MAX.BackLog\t${check_value}\t1024"

check_value=`sysctl -n net.ipv4.tcp_max_tw_buckets`
echo -e "TcpTW.Buckets\t${check_value}\t65536"

# check : ulimit -a / sysctl -n fs.file-nr
check_value=`sysctl -n fs.file-max`
echo -e "FS.FileMax\t${check_value}\t77052"
check_value=`sysctl -n net.core.netdev_max_backlog`
echo -e "NetdevMxBackLog\t${check_value}\t30000"
check_value=`sysctl -n net.core.somaxconn`
echo -e "MaxConnections\t${check_value}\t1024"

echo "----------------------------------------------------------------------------"
free -m
echo "----------------------------------------------------------------------------"
swap_size=`free -m | grep -i swap | awk '{print $2}'`
if [ "$swap_size" -eq "0" ]
then
        echo -e "----------------------------------------------------------------------------"
        echo -e "\tdd if=/dev/zero of=/data/swapfile bs=1M count=[1024|2048|8192]"
        echo -e "\tmkswap /data/swapfile"
        echo -e "\tswapon /data/swapfile"
        echo -e "\tchmod 600 swapfile"
        echo -e "\t/data/swapfile swap swap defaults 0 0 >> /etc/fstab"
        echo -e "----------------------------------------------------------------------------"
fi

ulimit -a
echo "----------------------------------------------------------------------------"

echo "sysctl -p"
sysctl -p


sysctl 이라는 명령어로 수정합니다.

수정할때에는 sysctl -w [파라미터] 로 수정하고, 적용은 sysctl -p 하면 됩니다.


Posted by 멋지다마라송
2018.07.10 00:21

AWS 리눅스 SSH 접속 계정 정리 Tech/Linux2018.07.10 00:21

AWS 리눅스 SSH 접속 계정 정리


Amazon Linux = ec2-user

RHEL5 = root 또는 ec2-user

Ubuntu = ubuntu

Fedora = fedora 또는 ec2-user

SUSE  = root 또는 ec2-user


그리고 SSH 접속할때 Public Key 로 접속하도록 설정했다면 SSH 클라이언트 프로그램에서 이를 지정해야 한다.


SecureCRT 인 경우,

이렇게 해당 세션에 대해서만 퍼블릭 키를 설정하고 사용하는게 좋다.


Putty 뿌띠의 경우, pem 파일 (AWS 기본 퍼블릭 키파일) 은 사용이 안되기 때문에

PuttyGen 이라는 프로그램으로 pem 파일을 ppk 로 변환해야 한다.




Posted by 멋지다마라송