- linux:centos7
- cpu:16核
- openssl:1.1.1
- nginx:1.15.9
测试
- 使用ab测试http接口在800~1600之间,很不稳定
- 测试https接口在400~600之间,也不是很稳定
sysctl.conf
vm.max_map_count=655360
#关闭ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
#决定检查过期多久邻居条目
net.ipv4.neigh.default.gc_stale_time=120
#使用arp_announce / arp_ignore解决ARP映射问题
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.all.arp_announce=2
net.ipv4.conf.lo.arp_announce=2 # 避免放大攻击
net.ipv4.icmp_echo_ignore_broadcasts = 1 # 开启恶意icmp错误消息保护
net.ipv4.icmp_ignore_bogus_error_responses = 1
#处理无源路由的包
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
#core文件名中添加pid作为扩展名
kernel.core_uses_pid = 1 # 开启SYN洪水攻击保护
net.ipv4.tcp_syncookies = 0
#修改消息队列长度
kernel.msgmnb = 65536
kernel.msgmax = 65536
#timewait的数量,默认180000
net.ipv4.tcp_max_tw_buckets = 6000
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
net.ipv4.tcp_rmem = 4096 87380 4194304
net.ipv4.tcp_wmem = 4096 16384 4194304
net.core.wmem_default = 8388608
net.core.rmem_default = 8388608
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.core.somaxconn = 50000
#限制仅仅是为了防止简单的DoS 攻击
net.ipv4.tcp_max_orphans = 3276800
#未收到客户端确认信息的连接请求的最大值
net.ipv4.tcp_max_syn_backlog = 262144
net.ipv4.tcp_timestamps = 0
#内核放弃建立连接之前发送SYNACK 包的数量
net.ipv4.tcp_synack_retries = 1
#内核放弃建立连接之前发送SYN 包的数量
net.ipv4.tcp_syn_retries = 1
#启用timewait 快速回收
net.ipv4.tcp_tw_recycle = 1
#开启重用。允许将TIME-WAIT sockets 重新用于新的TCP 连接
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_mem = 94500000 915000000 927000000
net.ipv4.tcp_fin_timeout = 1
nignx
user root;
worker_processes 8;
worker_cpu_affinity 00000001 00000010 00000100 00001000 00010000 00100000 01000000 10000000;
worker_rlimit_nofile 65535;
events {
use epoll;
worker_connections 102400;
multi_accept on;
}
http {
include mime.types;
default_type application/octet-stream;
client_max_body_size 10000m; #10000m
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
access_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 0;
#keepalive_timeout 60;
#gzip on;
gzip on;
gzip_min_length 1k;
gzip_comp_level 6;
gzip_types application/json text/plain application/javascript application/x-javascript text/javascript text/xml text/css image/png image/jpeg image/jpg image/gif;
gzip_disable "MSIE [1-6]\.";
gzip_vary off;
gzip_buffers 4 32k;
charset utf-8;
#client_max_body_size 10m;
client_body_buffer_size 128k;
proxy_connect_timeout 75;
proxy_send_timeout 75;
proxy_read_timeout 75;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_temp_path /usr/local/nginx/proxy_temp 1 2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Real-PORT $remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarder-For $proxy_add_x_forwarded_for;
client_header_buffer_size 16k;
large_client_header_buffers 4 128k;
server_tokens off;
reset_timedout_connection on;
open_file_cache max=102400 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 1;
upstream tomcat{
server 192.168.2.176:8080 weight=1;
server 192.168.2.176:8079 weight=1;
server 192.168.2.182:8079 weight=2;
server 192.168.2.182:8080 weight=2;
#ip_hash;
}
server {
listen 80;
server_name xxx3;
location ~ /(commonjs|commoncss)/ {
# proxy_pass http://192.168.2.176:8079/ecommerce/backStage/$request_uri;
root /home/yida/shopping/ecommerce/backStage/;
}
location / {
# proxy_pass http://192.168.2.176:8079/ecommerce/backStage/operate/;
root /home/yida/shopping/ecommerce/backStage/operate/;
index login.html index.html index.htm;
}
}
server {
listen 80;
server_name xxx2;
location ~ /(commonjs|commoncss)/ {
root /home/yida/shopping/ecommerce/backStage/;
}
location /tomcat/{
proxy_pass http://appback-shopping/appback-shopping/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
root /home/yida/shopping/ecommerce/backStage/store/;
index login.html;
}
}
server {
listen 443 ssl http2;
server_name xxxx;
#ssl on;
ssl_certificate /usr/local/nginx/cert/dianshang.pem;
ssl_certificate_key /usr/local/nginx/cert/dianshang.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers 'TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 20m;
keepalive_timeout 60s;
keepalive_requests 100;
ssl_early_data on;
brotli on;
brotli_comp_level 6;
brotli_min_length 1k;
brotli_types text/plain text/css text/xml text/javascript text/x-component application/json application/javascript application/x-javascript application/xml application/xhtml+xml application/rss+xml application/atom+xml application/x-font-ttf application/vnd.ms-fontobject image/svg+xml image/x-icon font/opentype;
#charset koi8-r;
#access_log logs/host.access.log main;
location ~ /test.*(js|css|index)/ {
# proxy_pass http://192.168.2.176:8079/ecommerce/$request_uri;
root /home/yida/shopping/ecommerce/;
}
location ~ /(js|css)/ {
expires 3d;
# proxy_pass http://192.168.2.176:8079/ecommerce/app/$request_uri;
root /home/yida/shopping/ecommerce/app/;
access_log off;
}
location /tomcat{
#limit_req zone=ip_limit burst=8 nodelay;
#limit_req_status 555;
proxy_pass http://tomcat/root;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#limit_conn one 10;
client_max_body_size 20;
client_body_buffer_size 256k;
proxy_connect_timeout 1;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
}
location / {
root /home/yida/shopping/ecommerce/app/;
# proxy_pass http://192.168.2.176:8079/ecommerce/app/;
# index index.html index.htm;
# client_max_body_size 50m;
# client_body_buffer_size 256k;
# proxy_send_timeout 30;
# proxy_read_timeout 60;
# proxy_buffer_size 256k;
# proxy_buffers 4 256k;
# proxy_busy_buffers_size 256k;
# proxy_temp_file_write_size 256k;
# proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
# proxy_max_temp_file_size 128m;
}
nginx.conf里面配置了很多server
ab -n 1000 -c 1000 http://xxxx/index.html
Concurrency Level: 1000
Time taken for tests: 1.130 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 2738000 bytes
HTML transferred: 2496000 bytes
Requests per second: 885.16 [#/sec] (mean)
Time per request: 1129.741 [ms] (mean)
Time per request: 1.130 [ms] (mean, across all concurrent requests)
Transfer rate: 2366.76 [Kbytes/sec] received
ab -n 1000 -c 1000 https://xxx.com/index.html
Concurrency Level: 1000
Time taken for tests: 2.117 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 4368000 bytes
HTML transferred: 4125000 bytes
Requests per second: 472.28 [#/sec] (mean)
Time per request: 2117.375 [ms] (mean)
Time per request: 2.117 [ms] (mean, across all concurrent requests)
Transfer rate: 2014.58 [Kbytes/sec] received