Moexin

Moexin's Blog

心若浮沉,浅笑安然。
Home归档作品集

Debian11 System Optimization Script

#Shell#Debian305
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
A Debian11 system initialization script that optimizes by adding virtual memory, using chrony for automatic time synchronization, setting the timezone to Asia/Shanghai, enabling BBR, and tuning kernel parameters.

A Debian 11 system initialization script for personal use.
Optimizations include adding virtual memory, using chrony for automatic time synchronization, setting the timezone to Asia/Shanghai, enabling BBR, and a series of kernel parameter optimizations.

#!/bin/bash
echo 'Adding virtual memory'
free -h
read -r -p "Add virtual memory? [y/N] " add_swap
if [[ "$add_swap" =~ ^([yY][eE][sS]|[yY])$ ]]
then
echo 'Adding virtual memory'
fallocate -l 2048M /swap
chmod 600 /swap
mkswap /swap
swapon /swap
echo '/swap none swap defaults 0 0' >> /etc/fstab
else
echo 'Cancel adding virtual memory'
fi
echo 'Updating system'
apt-get update -y
apt-get upgrade -y
echo 'Installing dependencies'
systemctl stop iptables
systemctl disable iptables
systemctl stop nftables
systemctl disable nftables
apt-get --purge autoremove iptables nftables -y
apt-get install chrony -y
echo 'Setting timezone'
timedatectl set-timezone Asia/Shanghai
echo 'Enabling automatic time synchronization'
/lib/systemd/systemd-sysv-install enable chrony
chronyc makestep
echo 'Optimizing system configuration'
modprobe ip_conntrack
cat > '/etc/sysctl.d/99-sysctl.conf' << EOF
net.ipv4.tcp_fack = 1
net.ipv4.tcp_early_retrans = 3
net.ipv4.neigh.default.unres_qlen=10000
net.ipv4.conf.all.route_localnet=1
net.ipv4.ip_forward = 1
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv6.conf.all.forwarding = 1
net.ipv6.conf.default.forwarding = 1
net.ipv6.conf.lo.forwarding = 1
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.accept_ra = 2
net.ipv6.conf.default.accept_ra = 2
net.core.netdev_max_backlog = 1000000
net.core.netdev_budget = 50000
net.core.netdev_budget_usecs = 5000
#fs.file-max = 51200
net.core.rmem_max = 67108864
net.core.wmem_max = 67108864
net.core.rmem_default = 67108864
net.core.wmem_default = 67108864
net.core.optmem_max = 65536
net.core.somaxconn = 1000000
net.ipv4.icmp_echo_ignore_all = 0
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.ipv4.tcp_keepalive_time = 600
net.ipv4.tcp_keepalive_intvl = 15
net.ipv4.tcp_keepalive_probes = 2
net.ipv4.tcp_synack_retries = 1
net.ipv4.tcp_syncookies = 0
net.ipv4.tcp_rfc1337 = 1
net.ipv4.tcp_timestamps = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 15
net.ipv4.ip_local_port_range = 1024 65535
net.ipv4.tcp_max_tw_buckets = 500000
net.ipv4.tcp_fastopen = 3
net.ipv4.tcp_rmem = 4096 87380 67108864
net.ipv4.tcp_wmem = 4096 65536 67108864
net.ipv4.udp_rmem_min = 8192
net.ipv4.udp_wmem_min = 8192
net.ipv4.tcp_mtu_probing = 1
net.ipv4.tcp_autocorking = 0
net.ipv4.tcp_slow_start_after_idle = 0
net.ipv4.tcp_max_syn_backlog = 819200
net.ipv4.tcp_notsent_lowat = 16384
net.ipv4.tcp_no_metrics_save = 0
net.ipv4.tcp_ecn = 2
net.ipv4.tcp_ecn_fallback = 1
net.ipv4.tcp_frto = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.default.accept_redirects = 0
net.ipv4.neigh.default.gc_thresh3=8192
net.ipv4.neigh.default.gc_thresh2=4096
net.ipv4.neigh.default.gc_thresh1=2048
net.ipv6.neigh.default.gc_thresh3=8192
net.ipv6.neigh.default.gc_thresh2=4096
net.ipv6.neigh.default.gc_thresh1=2048
net.ipv4.tcp_orphan_retries = 1
net.ipv4.tcp_max_orphans = 100
net.ipv4.tcp_retries2 = 1
vm.swappiness = 1
vm.overcommit_memory = 1
kernel.pid_max=64000
net.netfilter.nf_conntrack_buckets = 262144
net.netfilter.nf_conntrack_max = 1000000
net.nf_conntrack_max = 1000000
net.netfilter.nf_conntrack_tcp_timeout_fin_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 60
net.netfilter.nf_conntrack_tcp_timeout_close_wait = 30
net.netfilter.nf_conntrack_tcp_timeout_established = 600
net.core.default_qdisc = fq_pie
net.ipv4.tcp_congestion_control = bbr
fs.inotify.max_user_instances=8192
fs.inotify.max_user_watches=524288
EOF
sysctl -p
sysctl --system
echo always > /sys/kernel/mm/transparent_hugepage/enabled
cat > '/etc/systemd/system.conf' << EOF
[Manager]
#DefaultTimeoutStartSec=90s
DefaultTimeoutStopSec=3s
#DefaultRestartSec=100ms
DefaultLimitCORE=infinity
DefaultLimitNOFILE=infinity
DefaultLimitNPROC=infinity
DefaultTasksMax=infinity
EOF
cat > '/etc/security/limits.conf' << EOF
root     soft   nofile    1000000
root     hard   nofile    1000000
root     soft   nproc     unlimited
root     hard   nproc     unlimited
root     soft   core      unlimited
root     hard   core      unlimited
root     hard   memlock   unlimited
root     soft   memlock   unlimited

*     soft   nofile    1000000
*     hard   nofile    1000000
*     soft   nproc     unlimited
*     hard   nproc     unlimited
*     soft   core      unlimited
*     hard   core      unlimited
*     hard   memlock   unlimited
*     soft   memlock   unlimited
EOF
sed -i '/ulimit -SHn/d' /etc/profile
echo "ulimit -SHn 1000000" >> /etc/profile
if grep -q "pam_limits.so" /etc/pam.d/common-session
then
:
else
echo "session required pam_limits.so" >> /etc/pam.d/common-session
fi
systemctl daemon-reload
echo 'Rebooting system to apply changes'
reboot
Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.