Linux基础配置
linux内核优化
#阿里云vm.swappiness = 0kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
# see details in https://help.aliyun.com/knowledge_detail/39428.htmlnet.ipv4.conf.all.rp_filter = 0net.ipv4.conf.default.rp_filter = 0net.ipv4.conf.default.arp_announce = 2net.ipv4.conf.lo.arp_announce = 2net.ipv4.conf.all.arp_announce = 2
# see details in https://help.aliyun.com/knowledge_detail/41334.htmlnet.ipv4.tcp_max_tw_buckets = 5000net.ipv4.tcp_syncookies = 1net.ipv4.tcp_max_syn_backlog = 1024net.ipv4.tcp_synack_retries = 2net.ipv4.tcp_slow_start_after_idle = 0
#华为云vm.swappiness=0net.core.somaxconn=1024net.ipv4.tcp_max_tw_buckets=5000net.ipv4.tcp_max_syn_backlog=1024
kernel.randomize_va_space = 2
禁止IPV6
vim /etc/sysctl.confnet.ipv6.conf.all.disable_ipv6=1net.ipv6.conf.default.disable_ipv6=1net.ipv6.conf.lo.disable_ipv6=1sysctl -p
配置NAT网关
vi /opt/nat.sh#!/bin/bash
if (( `grep ^net.ipv4.ip_forward /etc/sysctl.conf|wc -l` < 1 ));then echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf echo 'change sysctl.conf ok'fiiptables -A FORWARD -j ACCEPTiptables -t nat -I POSTROUTING -j MASQUERADEsysctl -p
chmod +x /opt/nat.sh
ubuntu/debian开机启动
ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.servicetouch /etc/rc.localchmod 755 /etc/rc.local
vi /etc/rc.local#!/bin/bash/opt/nat.sh
ubuntu配置DNS
apt install -y systemd-resolved
vim /etc/systemd/resolved.conf[Resolve]DNS=114.114.114.114LLMNR=no
systemctl restart systemd-resolvedresolvectl statusrm -f /etc/resolv.confln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf
ssh免密登录
ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa#将id_rsa.pub文件内容复制到其他机器的authorized_keys文件cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys
睡眠管理
禁用
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.targetsed -i 's/#sleep-inactive-ac-timeout=1200/sleep-inactive-ac-timeout=0/g' /etc/gdm3/greeter.dconf-defaultssystemctl reload gdm; systemctl reload gdm3
启用
systemctl unmask sleep.target suspend.target hibernate.target hybrid-sleep.target
文件描述符
cat << EOF >/etc/security/limits.conf* - core unlimited* - data unlimited* - fsize unlimited* - sigpending 119934* - memlock 64* - rss unlimited* - nofile 1048576* - msgqueue 819200* - stack 8192* - cpu unlimited* - nproc 12000* - locks unlimitedEOF
journalctl日志管理
journalctl --disk-usage #查看大小journalctl --vacuum-time=7d #删除7天前的journalctl --vacuum-size=1G #清理超过1G的日志文件crontab -e #自动清理7天前的0 0 * * * journalctl --vacuum-time=7d
#使用#过滤journalctl -u nginx | grep "timeout"journalctl | grep "error"
#指定时间journalctl -u nginx -p err --since "2023-01-01"journalctl --since todayjournalctl --since "2023-01-01" --until "2023-01-02"
#日志等级-p0 紧急(Emergency)1 警报(Alert)2 严重(Critical)3 错误(Error)4 警告(Warning)5 通知(Notice)6 信息(Info)7 调试(Debug)
历史记录增加时间和用户
vi /etc/profile.d/history.shexport HISTSIZE=10000export HISTTIMEFORMAT="%F %T `whoami` "
一键换源
bash <(curl -sSL https://linuxmirrors.cn/main.sh)
时间同步
vi /etc/chrony.confpool cn.ntp.org.cn iburst
systemctl restart chronydchronyc sourcessystemctl status chronyd
磁盘在线扩容
lsblk #查看分区
#扩展分区,注意修改磁盘名称和分区号growpart /dev/nvme0n1 1growpart /dev/xvda 1lsblk
#扩展文件系统df -hTxfs_growfs -d / #xfs
#ext4resize2fs /dev/nvme0n1p1resize2fs /dev/xvda1
ubuntu安装精简桌面
#unityapt-get install --no-install-recommends ubuntu-desktop -y
#kdeapt-get install --no-install-recommends kubuntu-desktop -y
RAID配置
安装
yum install mdadm -ylsblk
建立raid1并挂载
mdadm -C -v /dev/md1 -l 1 -n 2 /dev/nvme0n1 /dev/nvme1n1cat /proc/mdstat
mdadm -D /dev/md1mkfs.ext4 /dev/md1
vi /etc/fstabUUID="dad8748c-c9a0-4182-a0ad-074cd6c051b3" /data ext4 defaults,noatime 1 2
mkdir /datamount /datadf -h