tune apache 備註

Sysctl

sysctl -w net.ipv4.ip_forward=0 # OS_Protection，ip 轉發，預設 0 
sysctl -w net.ipv4.conf.all.send_redirects=0 # OS_Protection，關閉路由相關功能，預設 1
sysctl -w net.ipv4.conf.default.send_redirects=0 # OS_Protection，關閉路由相關功能，預設 1
sysctl -w net.ipv4.icmp_echo_ignore_broadcasts=1 # OS_Protection，忽略 broadcast，預設 1
sysctl -w net.ipv4.conf.all.accept_source_route=0 # OS_Protection，關閉路由相關功能，預設 0
sysctl -w net.ipv4.conf.all.accept_redirects=0 # OS_Protection，關閉路由相關功能，預設 1
sysctl -w net.ipv4.conf.all.secure_redirects=0 # OS_Protection，關閉路由相關功能，預設 1
sysctl -w net.ipv4.conf.all.log_martians=1 # OS_Protection，預設 0
sysctl -w net.ipv4.conf.default.accept_source_route=0 # OS_Protection，關閉路由相關功能，預設 0
sysctl -w net.ipv4.conf.default.accept_redirects=0 # OS_Protection，關閉路由相關功能，預設 1
sysctl -w net.ipv4.conf.default.secure_redirects=0 # OS_Protection，關閉路由相關功能，預設 1
sysctl -w net.ipv4.icmp_ignore_bogus_error_responses=1 # OS_Protection，預設 1
sysctl -w net.ipv4.conf.all.rp_filter=1 # OS_Protection，預設 0
sysctl -w net.ipv4.conf.default.rp_filter=1 # OS_Protection，預設 1
sysctl -w net.ipv4.tcp_timestamps=0 # OS_Protection，預設 1
sysctl -w net.ipv4.tcp_syncookies=1 # time wait，防止 syn flood，預設 1
sysctl -w net.ipv4.tcp_tw_reuse=1 # time wait，允許將 time-wait sockets重新用於新的tcp連線上，預設 0
sysctl -w net.ipv4.tcp_tw_recycle=1 # time wait，允許快速回收，預設為0
sysctl -w net.ipv4.tcp_fin_timeout=15 # time wait，timeout 時間，預設 60
sysctl -w net.ipv4.tcp_max_syn_backlog=4096 # dmesg，possible SYN flooding on port 80. Sending cookies，預設 1024
sysctl -w net.ipv4.netfilter.ip_conntrack_tcp_timeout_established=86400 # dmesg，ip_conntrack: table full, dropping packet, default 432000
sysctl -w vm.panic_on_oom=1 # out of memory，預設 0
sysctl -w vm.overcommit_memory=1 # out of memory，預設 0
sysctl -w vm.overcommit_ratio=0 # out of memory，預設 50
sysctl -w net.core.somaxconn=4096 # 預設 128
sysctl -w net.ipv4.tcp_synack_retries=3 # default 5
sysctl -w net.ipv4.tcp_syn_retries=3 # default 5
sysctl -w net.ipv4.tcp_retries2=3 # default 15

Apache Configuration

vi /etc/httpd/conf/httpd.conf

Timeout 30 # 連線超過 30 秒失敗就重試，預設 120
KeepAlive On # 開啟 KeepAlive，預設 off
MaxKeepAliveRequests 512 # 設定同一時間可容許的 KeppAlive 量，100
KeepAliveTimeout 5 # KeepAlive 多久要自動 Timeout 掉，15
<IfModule prefork.c>
StartServers 8
MinSpareServers 5
MaxSpareServers 20
ServerLimit 666
MaxClients 666
#ServerLimit 256
#MaxClients 256
MaxRequestsPerChild 1000
</IfModule>