Last active
May 4, 2025 01:51
-
-
Save jult/19decfc31ffae0b2b3fa4d48e2ffdd9f to your computer and use it in GitHub Desktop.
[Debian 12 update!] sysctl config for linux server with 32 GB DDR RAM or more, SSD and 1Gbe (or faster) NIC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IPv6 Configuration | |
| # -> note that I have disabled ip6 for our internet-connection (wan/eth0) because | |
| # -> my upstream/ISP (still) does not do IPv6. The rest, even localhost, does ip6 stuff. | |
| net.ipv6.conf.all.disable_ipv6 = 0 | |
| net.ipv6.conf.default.disable_ipv6 = 0 | |
| net.ipv6.conf.lo.disable_ipv6 = 0 | |
| net.ipv6.conf.eth0.disable_ipv6 = 1 | |
| net.ipv6.conf.wan.disable_ipv6 = 1 | |
| # Packet Forwarding | |
| net.ipv4.ip_forward = 1 | |
| # Security Settings | |
| net.ipv4.conf.all.accept_redirects = 0 | |
| net.ipv4.conf.default.accept_redirects = 0 | |
| net.ipv4.conf.all.accept_source_route = 0 | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| net.ipv4.conf.all.send_redirects = 0 | |
| net.ipv4.conf.default.send_redirects = 0 | |
| # Connection Tracking | |
| net.netfilter.nf_conntrack_max = 1048576 | |
| net.netfilter.nf_conntrack_buckets = 262144 | |
| net.netfilter.nf_conntrack_tcp_timeout_established = 86400 | |
| net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30 | |
| # Socket Buffer Sizes | |
| net.core.rmem_max = 67108864 | |
| net.core.wmem_max = 67108864 | |
| net.ipv4.tcp_rmem = 4096 87380 67108864 | |
| net.ipv4.tcp_wmem = 4096 65536 67108864 | |
| net.core.rmem_default = 524288 | |
| net.core.wmem_default = 524288 | |
| # Backlog and Queuing | |
| net.core.netdev_max_backlog = 60000 | |
| net.core.netdev_budget = 120000 | |
| net.core.netdev_budget_usecs = 48000 | |
| net.core.optmem_max = 8388608 | |
| net.core.default_qdisc = fq_codel | |
| # TCP Settings | |
| net.ipv4.tcp_congestion_control = bbr | |
| net.ipv4.tcp_window_scaling = 1 | |
| net.ipv4.tcp_sack = 1 | |
| net.ipv4.tcp_fastopen = 3 | |
| net.ipv4.tcp_tw_reuse = 1 | |
| net.ipv4.tcp_fin_timeout = 5 | |
| net.ipv4.tcp_max_syn_backlog = 16384 | |
| net.ipv4.tcp_mtu_probing = 1 | |
| net.ipv4.tcp_slow_start_after_idle = 0 | |
| net.ipv4.tcp_retries2 = 5 | |
| net.ipv4.tcp_timestamps = 0 | |
| net.ipv4.tcp_sack = 1 | |
| net.ipv4.tcp_low_latency = 1 | |
| net.ipv4.tcp_adv_win_scale = 1 | |
| # Memory Settings | |
| vm.min_free_kbytes = 524288 | |
| vm.swappiness = 0 | |
| vm.dirty_background_ratio = 5 | |
| vm.dirty_ratio = 10 | |
| vm.dirty_expire_centisecs = 3000 | |
| vm.dirty_writeback_centisecs = 500 | |
| # File Descriptors | |
| fs.file-max = 2097152 | |
| fs.nr_open = 2097152 | |
| # Inotify Watches | |
| fs.inotify.max_user_watches = 1048576 | |
| # Shared Memory Limits | |
| kernel.shmmax = 17179869184 | |
| kernel.shmall = 4194304 | |
| # Kernel Miscellaneous | |
| kernel.core_uses_pid = 1 | |
| kernel.domainname = your.local.server.domain.name | |
| kernel.printk = 3 4 1 3 | |
| kernel.randomize_va_space = 2 | |
| kernel.sysrq = 0 |
what would you want to change for a 16gb system
or 64 ;)?
I just updated/upgraded the sysctl entries to fully use the RAM available. Should also do well with 16 and 64 GB, depending on how much of your RAM is already in use. In my experience, linux is rather sparse in using plenty of RAM on servers when it's there, unless you're doing a lot of database caching or forced RAMdisks and the likes. I still use log2ram a lot, for example, which works well for making sure certain folders are entirely IO from RAM (often still 5 x as fast as SSD/NVME).
Nice thanks! I have alked my fav LLM to comment on the lines with defaults and human readable numbers.
# IPv6 Configuration
# -> Note that I have disabled IPv6 for our internet connection (wan/eth0)
# -> because my ISP (still) does not support IPv6. The rest, including localhost, uses IPv6.
net.ipv6.conf.all.disable_ipv6 = 0 # Default: 0
net.ipv6.conf.default.disable_ipv6 = 0 # Default: 0
net.ipv6.conf.lo.disable_ipv6 = 0 # Default: 0
net.ipv6.conf.eth0.disable_ipv6 = 1 # Default: 0
net.ipv6.conf.wan.disable_ipv6 = 1 # Default: 0
# Packet Forwarding
net.ipv4.ip_forward = 1 # Default: 0
# Security Settings
net.ipv4.conf.all.accept_redirects = 0 # Default: 1
net.ipv4.conf.default.accept_redirects = 0 # Default: 1
net.ipv4.conf.all.accept_source_route = 0 # Default: 0
net.ipv4.conf.default.accept_source_route = 0 # Default: 0
net.ipv4.conf.all.send_redirects = 0 # Default: 1
net.ipv4.conf.default.send_redirects = 0 # Default: 1
# Connection Tracking
net.netfilter.nf_conntrack_max = 1048576 # 1M connections (Default: ~65536)
net.netfilter.nf_conntrack_buckets = 262144 # 256K buckets (Default: ~16384)
net.netfilter.nf_conntrack_tcp_timeout_established = 86400 # 24h (Default: 432000)
net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30 # 30 sec (Default: 120)
# Socket Buffer Sizes
net.core.rmem_max = 67108864 # 64 MB (Default: 212992)
net.core.wmem_max = 67108864 # 64 MB (Default: 212992)
net.ipv4.tcp_rmem = 4096 87380 67108864 # Min: 4 KB, Default: 87 KB, Max: 64 MB (Default: 4096 87380 6291456)
net.ipv4.tcp_wmem = 4096 65536 67108864 # Min: 4 KB, Default: 64 KB, Max: 64 MB (Default: 4096 16384 4194304)
net.core.rmem_default = 524288 # 512 KB (Default: 212992)
net.core.wmem_default = 524288 # 512 KB (Default: 212992)
# Backlog and Queuing
net.core.netdev_max_backlog = 60000 # Default: 1000
net.core.netdev_budget = 120000 # Default: 300
net.core.netdev_budget_usecs = 48000 # Default: 2000
net.core.optmem_max = 8388608 # 8 MB (Default: 20480)
net.core.default_qdisc = fq_codel # Default: pfifo_fast
# TCP Settings
net.ipv4.tcp_congestion_control = bbr # Default: cubic
net.ipv4.tcp_window_scaling = 1 # Default: 1
net.ipv4.tcp_sack = 1 # Default: 1
net.ipv4.tcp_fastopen = 3 # Default: 1
net.ipv4.tcp_tw_reuse = 1 # Default: 0
net.ipv4.tcp_fin_timeout = 5 # Default: 60
net.ipv4.tcp_max_syn_backlog = 16384 # Default: 1024
net.ipv4.tcp_mtu_probing = 1 # Default: 0
net.ipv4.tcp_slow_start_after_idle = 0 # Default: 1
net.ipv4.tcp_retries2 = 5 # Default: 15
net.ipv4.tcp_timestamps = 0 # Default: 1
net.ipv4.tcp_sack = 1 # Default: 1
net.ipv4.tcp_low_latency = 1 # Default: 0
net.ipv4.tcp_adv_win_scale = 1 # Default: 2
# Memory Settings
vm.min_free_kbytes = 524288 # 512 MB (Default: varies by system RAM)
vm.swappiness = 0 # Default: 60
vm.dirty_background_ratio = 5 # Default: 10
vm.dirty_ratio = 10 # Default: 20
vm.dirty_expire_centisecs = 3000 # 30 sec (Default: 3000)
vm.dirty_writeback_centisecs = 500 # 5 sec (Default: 500)
# File Descriptors
fs.file-max = 2097152 # ~2M file descriptors (Default: varies, often ~100000)
fs.nr_open = 2097152 # ~2M open files per process (Default: 1048576)
# Inotify Watches
fs.inotify.max_user_watches = 1048576 # 1M watches (Default: 8192)
# Shared Memory Limits
kernel.shmmax = 17179869184 # 16 GB (Default: 33554432 / 32 MB)
kernel.shmall = 4194304 # 4M pages (~16 GB total) (Default: varies)
# Kernel Miscellaneous
kernel.core_uses_pid = 1 # Default: 1
kernel.domainname = your.local.server.domain.name # Default: (empty)
kernel.printk = 3 4 1 3 # Default: 4 4 1 7
kernel.randomize_va_space = 2 # Default: 2
kernel.sysrq = 0 # Default: 176
thanks! You are best
Nice thanks! I have alked my fav LLM to comment on the lines with defaults and human readable numbers.
net.core.default_qdisc = fq_codel # Default: pfifo_fast net.ipv4.tcp_congestion_control = bbr # Default: cubic kernel.printk = 3 4 1 3 # Default: 4 4 1 7
Did you specify a version and linux distribution, and which LLM did you ask? All I can say is: Do not rely on LLM for debian config. Can be pretty disastrous. Colleague of mine brought down entire clusters using LLM provided config..
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
what would you want to change for a 16gb system