查看:

netstat  -n|awk '/^tcp/{++S[$NF]} END {for(a in S) printa.S[a]}'

CLOSED:无连接是活动的或正在进行

LISTEN:服务器在等待进入呼叫

SYN_RECV:一个连接请求已经到达,等待确认

SYN_SENT:应用已经开始,打开一个连接

ESTABLISHED:正常数据传输状态

FIN_WAIT1:应用说它已经完成

FIN_WAIT2:另一边已同意释放

ITMED_WAIT:等待所有分组死掉

CLOSING:两边同时尝试关闭

TIME_WAIT:另一边已初始化一个释放

LAST_ACK:等待所有分组死掉

修改:

vim  /etc/sysctl.conf
net.ipv4.tcp_syscookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_tw_fin_timeout = 30
/sbin/sysctl -p

net.ipv4.tcp_syncookies = 1 表示开启SYN Cookies。当出现SYN等待队列溢出时,启用cookies来处理,可防范少量SYN攻击,默认为0,表示关闭;

net.ipv4.tcp_tw_reuse = 1 表示开启重用。允许将TIME-WAIT sockets重新用于新的TCP连接,默认为0,表示关闭;

net.ipv4.tcp_tw_recycle = 1 表示开启TCP连接中TIME-WAIT sockets的快速回收,默认为0,表示关闭。

net.ipv4.tcp_fin_timeout 修改系统默认的 TIMEOUT 时间。 

 

2、error.log中出现大量的too many open files情况

在nginx.conf中pid下面添加:

worker_rlimit_nofile 655350;

vim  /etc/security/limits.conf
 * soft nofile 655350
 * hard nofile 655350

limits.conf 要想生效,必须保证pam_limits.so文件加入到启动文件中去了。

vim /etc/pam.d/login

添加:

session  required /lib/security/pam_limits.so

 

3、error_log中出现:

2018/03/12 14:02:42 [error] 7357#0: *19 FastCGI sent in stderr: "Primary script unknown" while reading response header from upstream, client: 192.168.2.15, server: localhost, request: "GET /index.php HTTP/1.1", upstream: "fastcgi://192.168.2.22:9000", host: "192.168.2.22

修改:

vim  nginx.conf
fastcgi_param       SCRIPT_NAME $document$fastcgi_script_name;

 

4、error.log出现:

2018/03/02 16:14:31 [error] 17029#0: *17941 recv() failed (104: CONNECTION RESET BY PEER) while reading response header from upstream, client: 210.61.12.2, server: blog.lixiphp.com, request: “POST /api/1.0 HTTP/1.1″, upstream: “fastcgi://127.0.0.1:9000″, host: “blog.lixiphp.com”

其中:(104: CONNECTION RESET BY PEER)

vim php-fpm.conf
request_terminate_timeout = 0 去掉注释,改为0

 

GOOD LUCK!