-
Notifications
You must be signed in to change notification settings - Fork 539
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
9 changed files
with
150 additions
and
123 deletions.
There are no files selected for viewing
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,22 +1,22 @@ | ||
| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Shadowsocks - Advanced</title><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"><meta name="description" content=""><meta name="author" content=""><link rel="stylesheet" href="/assets/css/app.css"><!--[if lt IE 9]><script src="/assets/js/html5.js"></script><![endif]--><link rel="shortcut icon" href="/assets/img/favicon/favicon.ico"><link rel="apple-touch-icon" href="/assets/img/favicon/apple-touch-icon.png"><link rel="apple-touch-icon" sizes="72x72" href="/assets/img/favicon/apple-touch-icon-72x72.png"><link rel="apple-touch-icon" sizes="114x114" href="/assets/img/favicon/apple-touch-icon-114x114.png"></head><body><div id="wrap" class="boxed"><header><div class="container clearfix"><div class="four columns"><div class="logo"><a href="/en/index.html">shadowsocks</a></div></div><div class="twelve columns"><nav id="menu" class="navigation"><ul id="nav"><li><a href="javascript:void" class="">download</a><ul><li><a href="/en/download/clients.html">Clients</a></li><li><a href="/en/download/servers.html">Servers</a></li></ul></li><li><a href="javascript:void" class="active">config</a><ul><li><a href="/en/config/quick-guide.html">Quick Guide</a></li><li><a href="/en/config/advanced.html">Advanced</a></li></ul></li><li><a href="javascript:void" class="">spec</a><ul><li><a href="/en/spec/protocol.html">Protocol</a></li><li><a href="/en/spec/cipher.html">Cipher</a></li><li><a href="/en/spec/one-time-auth.html">One Time Auth</a></li><li><a href="/en/spec/AEAD.html">AEAD</a></li></ul></li><li><a href="javascript:void" class="">about</a><ul><li><a href="/en/about/contributors.html">Contributors</a></li></ul></li><li><a href="javascript:void">en</a><ul><li><a href="/en/index.html">en</a></li></ul></li></ul></nav></div><div class="sixteen columns"><hr></div></div></header><div class="container clearfix"><div class="sixteen columns"><h1 class="page-title">Advanced<a href="https://github.com/madeye/shadowsocks-org/edit/master/docs/config/02-advanced.md" data-tooltip="Edit this page on GitHub" class="edit"><i class="icon-edit"></i></a><span class="line"></span></h1></div><div class="page-columns"><div id="markdown" class="sixteen columns bottom"><h2>Optimize the shadowsocks server on Linux</h2><p>First of all, upgrade your Linux kernel to 3.5 or later.</p><h3>Step 1, increase the maximum number of open file descriptors</h3><p>To handle thousands of concurrent TCP connections, we should increase the limit of file descriptors opened.</p><p>Edit the <code>limits.conf</code></p><pre><code class="language-bash">vi /etc/security/limits.conf</code></pre><p>Add these two lines</p><pre><code><span class="hljs-bullet">* </span>soft nofile 51200 | ||
| <span class="hljs-bullet">* </span>hard nofile 51200</code></pre><p>Then, before you start the shadowsocks server, set the ulimit first</p><pre><code class="language-bash"><span class="hljs-built_in">ulimit</span> -n 51200</code></pre><h3>Step 2, Tune the kernel parameters</h3><p>The priciples of tuning parameters for shadowsocks are</p><ol><li>Reuse ports and conections as soon as possible.</li><li>Enlarge the queues and buffers as large as possible.</li><li>Choose the TCP congestion algorithm for large latency and high throughput.</li></ol><p>Here is an example <code>/etc/sysctl.conf</code> of our production servers:</p><pre><code>fs<span class="hljs-selector-class">.file-max</span> = <span class="hljs-number">51200</span> | ||
| <!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Shadowsocks - Advanced</title><meta name="viewport" content="width=device-width,initial-scale=1,maximum-scale=1"><meta name="description" content=""><meta name="author" content=""><link rel="stylesheet" href="/assets/css/app.css"><!--[if lt IE 9]><script src="/assets/js/html5.js"></script><![endif]--><link rel="shortcut icon" href="/assets/img/favicon/favicon.ico"><link rel="apple-touch-icon" href="/assets/img/favicon/apple-touch-icon.png"><link rel="apple-touch-icon" sizes="72x72" href="/assets/img/favicon/apple-touch-icon-72x72.png"><link rel="apple-touch-icon" sizes="114x114" href="/assets/img/favicon/apple-touch-icon-114x114.png"></head><body><div id="wrap" class="boxed"><header><div class="container clearfix"><div class="four columns"><div class="logo"><a href="/en/index.html">shadowsocks</a></div></div><div class="twelve columns"><nav id="menu" class="navigation"><ul id="nav"><li><a href="javascript:void" class="">download</a><ul><li><a href="/en/download/clients.html">Clients</a></li><li><a href="/en/download/servers.html">Servers</a></li></ul></li><li><a href="javascript:void" class="active">config</a><ul><li><a href="/en/config/quick-guide.html">Quick Guide</a></li><li><a href="/en/config/advanced.html">Advanced</a></li></ul></li><li><a href="javascript:void" class="">spec</a><ul><li><a href="/en/spec/protocol.html">Protocol</a></li><li><a href="/en/spec/cipher.html">Cipher</a></li><li><a href="/en/spec/one-time-auth.html">One Time Auth</a></li><li><a href="/en/spec/AEAD.html">AEAD</a></li></ul></li><li><a href="javascript:void" class="">about</a><ul><li><a href="/en/about/contributors.html">Contributors</a></li></ul></li><li><a href="javascript:void">en</a><ul><li><a href="/en/index.html">en</a></li></ul></li></ul></nav></div><div class="sixteen columns"><hr></div></div></header><div class="container clearfix"><div class="sixteen columns"><h1 class="page-title">Advanced<a href="https://github.com/madeye/shadowsocks-org/edit/master/docs/config/02-advanced.md" data-tooltip="Edit this page on GitHub" class="edit"><i class="icon-edit"></i></a><span class="line"></span></h1></div><div class="page-columns"><div id="markdown" class="sixteen columns bottom"><h2>Optimize the shadowsocks server on Linux</h2><p>First of all, upgrade your Linux kernel to 3.5 or later.</p><h3>Step 1, increase the maximum number of open file descriptors</h3><p>To handle thousands of concurrent TCP connections, we should increase the limit of file descriptors opened.</p><p>Edit the <code>limits.conf</code></p><pre><code class="language-bash">vi /etc/security/limits.conf</code></pre><p>Add these two lines</p><pre><code><span class="bullet">* </span>soft nofile 51200 | ||
| <span class="bullet">* </span>hard nofile 51200</code></pre><p>Then, before you start the shadowsocks server, set the ulimit first</p><pre><code class="language-bash">ulimit -n <span class="number">51200</span></code></pre><h3>Step 2, Tune the kernel parameters</h3><p>The priciples of tuning parameters for shadowsocks are</p><ol><li>Reuse ports and conections as soon as possible.</li><li>Enlarge the queues and buffers as large as possible.</li><li>Choose the TCP congestion algorithm for large latency and high throughput.</li></ol><p>Here is an example <code>/etc/sysctl.conf</code> of our production servers:</p><pre><code>fs<span class="preprocessor">.file</span>-max = <span class="number">51200</span> | ||
|
|
||
| net<span class="hljs-selector-class">.core</span><span class="hljs-selector-class">.rmem_max</span> = <span class="hljs-number">67108864</span> | ||
| net<span class="hljs-selector-class">.core</span><span class="hljs-selector-class">.wmem_max</span> = <span class="hljs-number">67108864</span> | ||
| net<span class="hljs-selector-class">.core</span><span class="hljs-selector-class">.netdev_max_backlog</span> = <span class="hljs-number">250000</span> | ||
| net<span class="hljs-selector-class">.core</span><span class="hljs-selector-class">.somaxconn</span> = <span class="hljs-number">4096</span> | ||
| net<span class="preprocessor">.core</span><span class="preprocessor">.rmem</span>_max = <span class="number">67108864</span> | ||
| net<span class="preprocessor">.core</span><span class="preprocessor">.wmem</span>_max = <span class="number">67108864</span> | ||
| net<span class="preprocessor">.core</span><span class="preprocessor">.netdev</span>_max_backlog = <span class="number">250000</span> | ||
| net<span class="preprocessor">.core</span><span class="preprocessor">.somaxconn</span> = <span class="number">4096</span> | ||
|
|
||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_syncookies</span> = <span class="hljs-number">1</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_tw_reuse</span> = <span class="hljs-number">1</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_tw_recycle</span> = <span class="hljs-number">0</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_fin_timeout</span> = <span class="hljs-number">30</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_keepalive_time</span> = <span class="hljs-number">1200</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.ip_local_port_range</span> = <span class="hljs-number">10000</span> <span class="hljs-number">65000</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_max_syn_backlog</span> = <span class="hljs-number">8192</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_max_tw_buckets</span> = <span class="hljs-number">5000</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_fastopen</span> = <span class="hljs-number">3</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_mem</span> = <span class="hljs-number">25600</span> <span class="hljs-number">51200</span> <span class="hljs-number">102400</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_rmem</span> = <span class="hljs-number">4096</span> <span class="hljs-number">87380</span> <span class="hljs-number">67108864</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_wmem</span> = <span class="hljs-number">4096</span> <span class="hljs-number">65536</span> <span class="hljs-number">67108864</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_mtu_probing</span> = <span class="hljs-number">1</span> | ||
| net<span class="hljs-selector-class">.ipv4</span><span class="hljs-selector-class">.tcp_congestion_control</span> = hybla</code></pre><p>Of course, remember to execute <code>sysctl -p</code> to reload the config at runtime.</p><h3>How to verify your optimizations work</h3><p>Use munin or any server monitor tools to generate the graph of your TCP connections. A well tuned server should look like this</p><p><img src="http://ww4.sinaimg.cn/large/61b416b1gw1e9jmyps9vpj20dt0b4wg7.jpg" alt="one month munin TCP graph" width="" height=""></p></div></div></div><div class="push"></div></div><footer><div class="container"><div class="sisteen columns"><span class="copyright"><a href="https://github.com/shadowsocks">Projects of Shadowsocks</a> are distributed under different licenses, including <a href="https://github.com/shadowsocks/shadowsocks/blob/master/LICENSE">APL 2.0,</a> <a href="https://github.com/shadowsocks/shadowsocks-libev/blob/master/LICENSE">GPLv3</a> and <a href="https://github.com/shadowsocks/libQtShadowsocks/blob/master/LICENSE">LGPLv3</a>. Theme by <a href="http://karma-runner.github.io">Karma</a>.</span></div></div></footer></body><script src="/assets/js/app.js"></script><script src="/assets/js/analytics.js"></script></html> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_syncookies = <span class="number">1</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_tw_reuse = <span class="number">1</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_tw_recycle = <span class="number">0</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_fin_timeout = <span class="number">30</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_keepalive_time = <span class="number">1200</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.ip</span>_local_port_range = <span class="number">10000</span> <span class="number">65000</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_max_syn_backlog = <span class="number">8192</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_max_tw_buckets = <span class="number">5000</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_fastopen = <span class="number">3</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_mem = <span class="number">25600</span> <span class="number">51200</span> <span class="number">102400</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_rmem = <span class="number">4096</span> <span class="number">87380</span> <span class="number">67108864</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_wmem = <span class="number">4096</span> <span class="number">65536</span> <span class="number">67108864</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_mtu_probing = <span class="number">1</span> | ||
| net<span class="preprocessor">.ipv</span>4<span class="preprocessor">.tcp</span>_congestion_control = hybla</code></pre><p>Of course, remember to execute <code>sysctl -p</code> to reload the config at runtime.</p><h3>How to verify your optimizations work</h3><p>Use munin or any server monitor tools to generate the graph of your TCP connections. A well tuned server should look like this</p><p><img src="http://ww4.sinaimg.cn/large/61b416b1gw1e9jmyps9vpj20dt0b4wg7.jpg" alt="one month munin TCP graph" width="" height=""></p></div></div></div><div class="push"></div></div><footer><div class="container"><div class="sisteen columns"><span class="copyright"><a href="https://github.com/shadowsocks">Projects of Shadowsocks</a> are distributed under different licenses, including <a href="https://github.com/shadowsocks/shadowsocks/blob/master/LICENSE">APL 2.0,</a> <a href="https://github.com/shadowsocks/shadowsocks-libev/blob/master/LICENSE">GPLv3</a> and <a href="https://github.com/shadowsocks/libQtShadowsocks/blob/master/LICENSE">LGPLv3</a>. Theme by <a href="http://karma-runner.github.io">Karma</a>.</span></div></div></footer></body><script src="/assets/js/app.js"></script><script src="/assets/js/analytics.js"></script></html> |
Oops, something went wrong.