# 安装常用软件
apt install tmux btop unzip micro -y
# 设置时区
timedatectl set-timezone Asia/Shanghai
# 设置 Hostname(注意把rpapal改成需要的服务器名称)
hostnamectl set-hostname rpapal
# 禁用透明大页
echo 'never' | tee /sys/kernel/mm/transparent_hugepage/enabled
echo 'never' | tee /sys/kernel/mm/transparent_hugepage/defrag
# 创建永久禁用透明大页服务
tee /etc/systemd/system/disable-thp.service << EOF
[Unit]
Description=Disable Transparent Huge Pages
After=sysinit.target
[Service]
Type=oneshot
ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/enabled'
ExecStart=/bin/sh -c 'echo never > /sys/kernel/mm/transparent_hugepage/defrag'
RemainAfterExit=yes
[Install]
WantedBy=multi-user.target
EOF
# 启用禁用透明大页服务
systemctl daemon-reload && systemctl enable disable-thp.service && systemctl start disable-thp.service
echo "透明大页禁用完成!"
# 优化资源限制
tee -a /etc/security/limits.conf << EOF
# 全局用户文件描述符限制(针对16核64GB服务器优化)
* soft nofile 655360
* hard nofile 655360
# 全局用户进程数限制
* soft nproc 131072
* hard nproc 131072
# 全局core文件大小限制(生产环境建议限制)
* soft core 0
* hard core 0
# root用户特殊限制(高于普通用户)
root soft nofile 6553600
root hard nofile 6553600
root soft nproc unlimited
root hard nproc unlimited
root soft core unlimited
root hard core unlimited
EOF
tee -a /etc/systemd/system.conf << EOF
# 系统服务资源限制优化(16核64GB服务器)
DefaultLimitCORE=infinity
DefaultLimitNOFILE=655360
DefaultLimitNPROC=131072
EOF
tee -a /etc/systemd/user.conf << EOF
# 用户会话资源限制优化(16核64GB服务器)
DefaultLimitCORE=infinity
DefaultLimitNOFILE=655360
DefaultLimitNPROC=131072
EOF
tee -a /etc/sysctl.conf << EOF
# 文件描述符数量上限
fs.file-max = 655360
fs.aio-max-nr = 1048576
# 系统诊断支持
kernel.sysrq = 1
kernel.core_uses_pid = 1
# 消息队列配置
kernel.msgmax = 65536
kernel.msgmnb = 65536
# MariaDB 专用优化
kernel.shmmax = 51539607552 # 48GB,共享内存值
kernel.shmall = 12582912 # 共享内存页数
vm.swappiness = 1 # 内存交换优化
vm.vfs_cache_pressure = 100
# 脏页比例(根据服务器用途选择,默认使用安全配置)
# 数据库服务器使用:
vm.dirty_background_ratio = 5
vm.dirty_ratio = 15
# 业务服务器使用:
#vm.dirty_background_ratio = 10
#vm.dirty_ratio = 20
# 内存分配策略(Redis等需要)
vm.overcommit_memory = 1 # 如果设置为2,则是更安全的内存分配
vm.overcommit_ratio = 50 # 允许超量分配50%
# 网络连接优化
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 30000
# TCP快速打开
net.ipv4.tcp_fastopen = 3
# 网络安全性配置
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.tcp_syncookies = 1
# TCP性能优化
net.ipv4.tcp_sack = 1
net.ipv4.tcp_window_scaling = 1
# 重要修正:高并发下建议启用timestamp
net.ipv4.tcp_timestamps = 1
# 连接重试配置
net.ipv4.tcp_syn_retries = 3
net.ipv4.tcp_synack_retries = 3
# TIME_WAIT 连接管理
net.ipv4.tcp_tw_recycle = 0 # 已废弃,必须设为0
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 10
# TCP保活配置
net.ipv4.tcp_keepalive_time = 300
net.ipv4.tcp_keepalive_intvl = 30
net.ipv4.tcp_keepalive_probes = 3
# 本地端口范围
net.ipv4.ip_local_port_range = 1024 65535
# 性能优化
net.ipv4.tcp_no_metrics_save = 1
net.ipv4.tcp_slow_start_after_idle = 0
# 连接限制优化(16核64GB服务器适当增大)
net.ipv4.tcp_max_tw_buckets = 200000
net.ipv4.tcp_max_orphans = 65536
net.ipv4.tcp_max_syn_backlog = 65536
# IPv6配置
net.ipv6.conf.lo.disable_ipv6 = 0
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
EOF
# 优化内核参数(以下配置根据硬件配置不同进行对应调整)
tee -a /etc/sysctl.conf << EOF
# 16核64GB服务器网络优化(修正版)
net.core.rmem_default = 16777216
net.core.rmem_max = 67108864
net.core.wmem_default = 16777216
net.core.wmem_max = 67108864
net.ipv4.tcp_mem = 3145728 4194304 6291456
net.ipv4.tcp_rmem = 4096 16384 67108864
net.ipv4.tcp_wmem = 4096 16384 67108864
EOF
# 上述系统参数生效命令
systemctl daemon-reload && sysctl -p
######################### 以下仅作参考 ########################
# 添加用户rpapal
adduser rpapal
# 修改用户密码
echo rpapal:xxxxxx|chpasswd
echo root:xxxxxx|chpasswd
# 将用户添加到sudo用户组:
usermod -aG sudo rpapal