Knowledge Base

Tweaking Ubuntu for optimal delivery (outdated)

Posted on

And what I mean by that is that we will be editing some system limits variables that will support a high number of requests, without reaching any of the defaults limits. This is purely a performance tweak, so not security.

This guide is dated. Please be careful with this one! You have been warned!

Please be careful with this guide. Even though the instructions are really simple, I wouldn't advise on following this guide if you are not somewhat experienced when it comes to this. As a safety measure to test if you are fit for the task, you could ask yourself these questions:

  • Do I even know what I'm doing when I'm changing these system variables?
  • Am I fully aware of all the things that might break my server when I start meddling with these limits?

If the answer is not "YES" for both questions, please stop reading right here. I'm very sorry but this is not for you.

Tuning global limits

Edit /etc/sysctl.d/999-perf.conf and add the following:

fs.file-max=1048576
fs.inotify.max_user_instances=1048576
fs.inotify.max_user_watches=1048576
fs.nr_open=1048576
net.core.default_qdisc=fq
net.core.netdev_max_backlog=1048576
net.core.rmem_max=16777216
net.core.somaxconn=65535
net.core.wmem_max=16777216
net.ipv4.ip_local_port_range=1024 65535
net.ipv4.netfilter.ip_conntrack_max=1048576
net.ipv4.tcp_fin_timeout=5
net.ipv4.tcp_max_orphans=1048576
net.ipv4.tcp_max_syn_backlog=20480
net.ipv4.tcp_max_tw_buckets=400000
net.ipv4.tcp_no_metrics_save=1
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_slow_start_after_idle=0
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_syn_retries=2
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_wmem=4096 65535 16777216
net.nf_conntrack_max=1048576
vm.max_map_count=1048576
vm.min_free_kbytes=65535
vm.overcommit_memory=1
vm.swappiness=0
vm.vfs_cache_pressure=50

Tuning user limits

Edit the file /etc/security/limits.conf and add the following:

*               soft    nofile          1048576
*               hard    nofile          1048576
root            soft    nofile          1048576
root            hard    nofile          1048576
*               soft    nproc           1048576
*               hard    nproc           1048576
root            soft    nproc           1048576
root            hard    nproc           1048576
*               soft    memlock         unlimited
*               hard    memlock         unlimited
root            soft    memlock         unlimited
root            hard    memlock         unlimited
*               soft    core            0
*               hard    core            0
root            soft    core            0
root            hard    core            0

Systemd limits tuning

Edit the file /etc/systemd/system.conf and add the following:

[Manager]
DefaultLimitNOFILE=1048576
DefaultLimitNPROC=1048576
DefaultLimitMEMLOCK=infinity

REBOOT!

Table of Contents
Copyright © 2024.