Moexin

Moexin's Blog

心若浮沉,浅笑安然。
ホーム归档作品集

Debian11 システムの最適化スクリプト

#Shell#Debian305
AI 翻訳
この記事はAIを通じて中国語から日本語に翻訳されました。原文を表示
AI が生成した要約
一个Debian11系统初始化脚本,包括添加虚拟内存、自动校时、设置时区为Asia/Shanghai、开启BBR和内核参数调优。

自己用の Debian11 システム初期化スクリプト。
最適化内容には、仮想メモリの追加、chrony を使用した自動時刻同期、タイムゾーンを Asia/Shanghai に設定、BBR の有効化、および一連のカーネルパラメータの調整が含まれます。

#!/bin/bash
echo '仮想メモリを追加しています'
free -h
read -r -p "仮想メモリを追加しますか? [y/N] " add_swap
if [[ "$add_swap" =~ ^([yY][eE][sS]|[yY])$ ]]
then
echo '仮想メモリを追加しています'
fallocate -l 2048M /swap
chmod 600 /swap
mkswap /swap
swapon /swap
echo '/swap none swap defaults 0 0' >> /etc/fstab
else
echo '仮想メモリの追加をキャンセルしました'
fi
echo 'システムを更新しています'
apt-get update -y
apt-get upgrade -y
echo '依存関係をインストールしています'
systemctl stop iptables
systemctl disable iptables
systemctl stop nftables
systemctl disable nftables
apt-get --purge autoremove iptables nftables -y
apt-get install chrony -y
echo 'タイムゾーンを設定しています'
timedatectl set-timezone Asia/Shanghai
echo '自動時刻同期を開始しています'
/lib/systemd/systemd-sysv-install enable chrony
chronyc makestep
echo 'システムの設定を最適化しています'
modprobe ip_conntrack
cat > '/etc/sysctl.d/99-sysctl.conf' << EOF
net.ipv4.tcp_fack = 1
net.ipv4.tcp_early_retrans = 3
net.ipv4.neigh.default.unres_qlen=10000
net.ipv4.conf.all.route_localnet=1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.default.accept_ra = 2
net.core.netdev_max_backlog = 1000000
net.core.netdev_budget = 50000
net.core.netdev_budget_usecs = 5000
#fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 67108864
net.core.wmem_default = 67108864
net.core.optmem_max = 65536
net.core.somaxconn = 1000000
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_tw_buckets = 500000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_autocorking = 0
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_max_syn_backlog = 819200
net.ipv4.tcp_notsent_lowat = 16384
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_ecn_fallback = 1
net.ipv4.tcp_frto = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_thresh2=4096
net.ipv4.neigh.default.gc_thresh1=2048
net.ipv6.neigh.default.gc_thresh3=8192
net.ipv6.neigh.default.gc_thresh2=4096
net.ipv6.neigh.default.gc_thresh1=2048
net.ipv4.tcp_orphan_retries = 1
net.ipv4.tcp_max_orphans = 100
net.ipv4.tcp_retries2 = 1
vm.swappiness = 1
vm.overcommit_memory = 1
kernel.pid_max=64000
net.netfilter.nf_conntrack_buckets = 262144
net.netfilter.nf_conntrack_max = 1000000
net.nf_conntrack_max = 1000000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_established = 600
net.core.default_qdisc = fq_pie
net.ipv4.tcp_congestion_control = bbr
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=524288
EOF
sysctl -p
sysctl --system
echo always > /sys/kernel/mm/transparent_hugepage/enabled
cat > '/etc/systemd/system.conf' << EOF
[Manager]
#DefaultTimeoutStartSec=90s
DefaultTimeoutStopSec=3s
#DefaultRestartSec=100ms
DefaultLimitCORE=infinity
DefaultLimitNOFILE=infinity
DefaultLimitNPROC=infinity
DefaultTasksMax=infinity
EOF
cat > '/etc/security/limits.conf' << EOF
root     soft   nofile    1000000
root     hard   nofile    1000000
root     soft   nproc     unlimited
root     hard   nproc     unlimited
root     soft   core      unlimited
root     hard   core      unlimited
root     hard   memlock   unlimited
root     soft   memlock   unlimited

*     soft   nofile    1000000
*     hard   nofile    1000000
*     soft   nproc     unlimited
*     hard   nproc     unlimited
*     soft   core      unlimited
*     hard   core      unlimited
*     hard   memlock   unlimited
*     soft   memlock   unlimited
EOF
sed -i '/ulimit -SHn/d' /etc/profile
echo "ulimit -SHn 1000000" >> /etc/profile
if grep -q "pam_limits.so" /etc/pam.d/common-session
then
:
else
echo "session required pam_limits.so" >> /etc/pam.d/common-session
fi
systemctl daemon-reload
echo 'システムを再起動して有効にします'
reboot
読み込み中...
文章は、創作者によって署名され、ブロックチェーンに安全に保存されています。