-
-
Save p2ndemic/377723f9e76f617ce8ccf4288740a3f0 to your computer and use it in GitHub Desktop.
[Debian 12 update!] sysctl config for linux server with 32 GB DDR RAM or more, SSD and 1Gbe (or faster) NIC
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # IPv6 Configuration | |
| # -> note that I have disabled ip6 for our internet-connection (wan/eth0) because | |
| # -> my upstream/ISP (still) does not do IPv6. The rest, even localhost, does ip6 stuff. | |
| net.ipv6.conf.all.disable_ipv6 = 0 | |
| net.ipv6.conf.default.disable_ipv6 = 0 | |
| net.ipv6.conf.lo.disable_ipv6 = 0 | |
| net.ipv6.conf.eth0.disable_ipv6 = 1 | |
| net.ipv6.conf.wan.disable_ipv6 = 1 | |
| # Packet Forwarding | |
| net.ipv4.ip_forward = 1 | |
| # Security Settings | |
| net.ipv4.conf.all.accept_redirects = 0 | |
| net.ipv4.conf.default.accept_redirects = 0 | |
| net.ipv4.conf.all.accept_source_route = 0 | |
| net.ipv4.conf.default.accept_source_route = 0 | |
| net.ipv4.conf.all.send_redirects = 0 | |
| net.ipv4.conf.default.send_redirects = 0 | |
| # Connection Tracking | |
| net.netfilter.nf_conntrack_max = 1048576 | |
| net.netfilter.nf_conntrack_buckets = 262144 | |
| net.netfilter.nf_conntrack_tcp_timeout_established = 86400 | |
| net.netfilter.nf_conntrack_tcp_timeout_time_wait = 30 | |
| # Socket Buffer Sizes | |
| net.core.rmem_max = 67108864 | |
| net.core.wmem_max = 67108864 | |
| net.ipv4.tcp_rmem = 4096 87380 67108864 | |
| net.ipv4.tcp_wmem = 4096 65536 67108864 | |
| net.core.rmem_default = 524288 | |
| net.core.wmem_default = 524288 | |
| # Backlog and Queuing | |
| net.core.netdev_max_backlog = 60000 | |
| net.core.netdev_budget = 120000 | |
| net.core.netdev_budget_usecs = 48000 | |
| net.core.optmem_max = 8388608 | |
| net.core.default_qdisc = fq_codel | |
| # TCP Settings | |
| net.ipv4.tcp_congestion_control = bbr | |
| net.ipv4.tcp_window_scaling = 1 | |
| net.ipv4.tcp_sack = 1 | |
| net.ipv4.tcp_fastopen = 3 | |
| net.ipv4.tcp_tw_reuse = 1 | |
| net.ipv4.tcp_fin_timeout = 5 | |
| net.ipv4.tcp_max_syn_backlog = 16384 | |
| net.ipv4.tcp_mtu_probing = 1 | |
| net.ipv4.tcp_slow_start_after_idle = 0 | |
| net.ipv4.tcp_retries2 = 5 | |
| net.ipv4.tcp_timestamps = 0 | |
| net.ipv4.tcp_sack = 1 | |
| net.ipv4.tcp_low_latency = 1 | |
| net.ipv4.tcp_adv_win_scale = 1 | |
| # Memory Settings | |
| vm.min_free_kbytes = 524288 | |
| vm.swappiness = 0 | |
| vm.dirty_background_ratio = 5 | |
| vm.dirty_ratio = 10 | |
| vm.dirty_expire_centisecs = 3000 | |
| vm.dirty_writeback_centisecs = 500 | |
| # File Descriptors | |
| fs.file-max = 2097152 | |
| fs.nr_open = 2097152 | |
| # Inotify Watches | |
| fs.inotify.max_user_watches = 1048576 | |
| # Shared Memory Limits | |
| kernel.shmmax = 17179869184 | |
| kernel.shmall = 4194304 | |
| # Kernel Miscellaneous | |
| kernel.core_uses_pid = 1 | |
| kernel.domainname = your.local.server.domain.name | |
| kernel.printk = 3 4 1 3 | |
| kernel.randomize_va_space = 2 | |
| kernel.sysrq = 0 | |
| # Load kernel parameters from /etc/sysctl.conf | |
| sysctl -p 2>&1 > /dev/null | |
| # Load system configuration | |
| sysctl --system 2>&1 > /dev/null |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment