Skip to content

Linux基础配置

linux内核优化

#阿里云
vm.swappiness = 0
kernel.sysrq = 1
net.ipv4.neigh.default.gc_stale_time = 120
# see details in https://help.aliyun.com/knowledge_detail/39428.html
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2
net.ipv4.conf.all.arp_announce = 2
# see details in https://help.aliyun.com/knowledge_detail/41334.html
net.ipv4.tcp_max_tw_buckets = 5000
net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_max_syn_backlog = 1024
net.ipv4.tcp_synack_retries = 2
net.ipv4.tcp_slow_start_after_idle = 0
#华为云
vm.swappiness=0
net.core.somaxconn=1024
net.ipv4.tcp_max_tw_buckets=5000
net.ipv4.tcp_max_syn_backlog=1024
kernel.randomize_va_space = 2

禁止IPV6

vim /etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6=1
net.ipv6.conf.default.disable_ipv6=1
net.ipv6.conf.lo.disable_ipv6=1
sysctl -p

配置NAT网关

vi /opt/nat.sh
#!/bin/bash
if (( `grep ^net.ipv4.ip_forward /etc/sysctl.conf|wc -l` < 1 ));then
echo 'net.ipv4.ip_forward=1' >> /etc/sysctl.conf
echo 'change sysctl.conf ok'
fi
iptables -A FORWARD -j ACCEPT
iptables -t nat -I POSTROUTING -j MASQUERADE
sysctl -p
chmod +x /opt/nat.sh

ubuntu/debian开机启动

ln -fs /lib/systemd/system/rc-local.service /etc/systemd/system/rc-local.service
touch /etc/rc.local
chmod 755 /etc/rc.local
vi /etc/rc.local
#!/bin/bash
/opt/nat.sh

ubuntu配置DNS

vim /etc/systemd/resolved.conf
[Resolve]
DNS=114.114.114.114
LLMNR=no
systemctl restart systemd-resolved
resolvectl status
rm -f /etc/resolv.conf
ln -s /run/systemd/resolve/resolv.conf /etc/resolv.conf

ssh免密登录

ssh-keygen -t rsa -P '' -f ~/.ssh/id_rsa
#将id_rsa.pub文件内容复制到其他机器的authorized_keys文件
cat ~/.ssh/id_rsa.pub>> ~/.ssh/authorized_keys

文件描述符

vi /opt/ulimit.sh
#!/bin/bash
#pam
if (( `grep limits.so /etc/pam.d/common-session|wc -l` < 1 ));then
echo 'session required pam_limits.so' >> /etc/pam.d/common-session
echo 'change pam ok'
fi
#limits
if (( `grep 1000001 /etc/security/limits.conf|wc -l` < 1 ));then
echo 'root soft nofile 1000001' >> /etc/security/limits.conf
echo 'root hard nofile 1000001' >> /etc/security/limits.conf
echo '* soft nofile 1000001' >> /etc/security/limits.conf
echo '* hard nofile 1000001' >> /etc/security/limits.conf
echo 'change limits.conf ok'
fi
#sysctl
if (( `grep 1000001 /etc/sysctl.conf|wc -l` < 1 ));then
echo 'fs.file-max = 1000001' >> /etc/sysctl.conf
echo 'kernel.perf_cpu_time_max_percent = 0' >> /etc/sysctl.conf
echo 'change sysctl.conf ok'
else
echo 'nothing...'
fi
bash /opt/ulimit.sh

journalctl日志管理

journalctl --disk-usage #查看大小
journalctl --vacuum-time=7d #删除7天前的
journalctl --vacuum-size=1G #清理超过1G的日志文件
crontab -e #自动清理7天前的
0 0 * * * journalctl --vacuum-time=7d
#使用
#过滤
journalctl -u nginx | grep "timeout"
journalctl | grep "error"
#指定时间
journalctl -u nginx -p err --since "2023-01-01"
journalctl --since today
journalctl --since "2023-01-01" --until "2023-01-02"
#日志等级-p
0 紧急(Emergency)
1 警报(Alert)
2 严重(Critical)
3 错误(Error)
4 警告(Warning)
5 通知(Notice)
6 信息(Info)
7 调试(Debug)

历史记录增加时间和用户

vi /etc/profile.d/history.sh
export HISTSIZE=10000
export HISTTIMEFORMAT="%F %T `whoami` "

一键换源

bash <(curl -sSL https://linuxmirrors.cn/main.sh)

磁盘在线扩容

lsblk #查看分区
#扩展分区,注意修改磁盘名称和分区号
growpart /dev/nvme0n1 1
growpart /dev/xvda 1
lsblk
#扩展文件系统
df -hT
xfs_growfs -d / #xfs
#ext4
resize2fs /dev/nvme0n1p1
resize2fs /dev/xvda1