一般情况下, 服务器的性能除了编程技巧之外,还有一些操作系统本身的限制。这里我们假设服务器CPU 内存都是能满足需求的。来说说Linux 服务器的一些提高性能的方法。
- 文件描述符的限制
对于服务器,每当有一个连接到来都要消耗一个文件描述符,即系统对文件描述符的限制就成了高性能的障碍。我们可以用ulimit可以查看当前系统对资源的一些限制。
# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 15739
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 120000
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 15739
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited这里可以看到有我们平时debug 程序的dump core 文件大小和文件描述符,消息队列一个消息的长度的限制等等。这里我们所看到的文件描述符,可以通过ulimit 进行配置
root:/etc# ulimit -SHn 500000
root:/etc# ulimit -a
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 15739
max locked memory (kbytes, -l) 64
max memory size (kbytes, -m) unlimited
open files (-n) 500000
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 15739
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited经过测试,确实生效,但是重启之后就恢复了,要想永久生效就要修改/etc/security/limits.conf文件
#<type> can have the two values:
# - "soft" for enforcing the soft limits
# - "hard" for enforcing hard limits
#
#<item> can be one of the following:
# - core - limits the core file size (KB)
# - data - max data size (KB)
# - fsize - maximum filesize (KB)
# - memlock - max locked-in-memory address space (KB)
# - nofile - max number of open files
# - rss - max resident set size (KB)
# - stack - max stack size (KB)
# - cpu - max CPU time (MIN)
# - nproc - max number of processes
# - as - address space limit (KB)
# - maxlogins - max number of logins for this user
# - maxsyslogins - max number of logins on the system
# - priority - the priority to run user process with
# - locks - max number of file locks the user can hold
# - sigpending - max number of pending signals
# - msgqueue - max memory used by POSIX message queues (bytes)
# - nice - max nice priority allowed to raise to values: [-20, 19]
# - rtprio - max realtime priority
# - chroot - change root to directory (Debian-specific)
#
#<domain> <type> <item> <value>
#
#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp - chroot /ftp
#@student - maxlogins 4
root soft nofile 120000
root hard nofile 120000
* soft nofile 120000
* hard nofile 120000
# End of file 在文件里面添加
1. soft nofile 120000
2. hard nofile 120000这里的soft 个数一定要小于等于hard个数,重启后生效。
另外,如果想看一个正在运行的进程的资源限制,可以到/proc/进程id/ 下的limits文件里面查看。
2. 端口号限制
对于服务器来讲一般只需要开放一个端口号, 但是某些应用,需要多个端口号例如nginx 反向代理。这里如果正常情况下Nginx只能转发30000多个连接,因为默认情况下系统开放的端口号是3万多 - 65535之间。Nginx 反向代理转发时需要随机端口去转发,默认只能是3万多。
对于端口号可以通过sysctl -a 查看。
root:~# sysctl -a | grep local
fs.nfs.nsm_local_state = 0
net.ipv4.conf.all.accept_local = 0
net.ipv4.conf.all.route_localnet = 0
net.ipv4.conf.default.accept_local = 0
net.ipv4.conf.default.route_localnet = 0
net.ipv4.conf.docker0.accept_local = 0
net.ipv4.conf.docker0.route_localnet = 0
net.ipv4.conf.eth0.accept_local = 0
net.ipv4.conf.eth0.route_localnet = 0
net.ipv4.conf.lo.accept_local = 0
net.ipv4.conf.lo.route_localnet = 0
net.ipv4.conf.vethc30f7f2.accept_local = 0
net.ipv4.conf.vethc30f7f2.route_localnet = 0
net.ipv4.ip_local_port_range = 32768 61000
net.ipv4.ip_local_reserved_ports =
net.ipv4.ip_nonlocal_bind = 0这里还不到3万 。对于这个限制可以修改/etc/sysctl.conf 来实现 添加 net.ipv4.ip_local_port_range = 1024 65535.
修改后运行sysctl -p 或重启即可生效。 但是即使这样也只能转发6万多个链接。 如果要增加转发数量,这里可以在后端server 多加虚拟IP 添加网卡别名
ifconfig eth0:1 192.168.1.11 netmask 255.255.255.0 up
这样后端server就添加了一个虚拟IP, 然后再修改Nginx配置文件,用负载均衡这种方式进行转发。或者也可以把虚拟IP加在Nginx这边,把IP映射到统一的域名即可。有关内核参数的详细解释请看:http://www.cnblogs.com/tolimit/p/5065761.html