9 Essential Linux Server Optimization Tips for Faster, Safer Operations

1. Time Synchronization

Accurate time is critical for services such as mail servers. Edit /etc/crontab and add a daily NTP sync command, for example:

14 04 * * * root /usr/sbin/ntpdate ntp.api.bz > /dev/null 2>&1

2. Enable SYN Cookie Protection

Activate kernel SYN cookie protection to mitigate SYN‑flood attacks: echo "1" > /proc/sys/net/ipv4/tcp_syncookies Apply the change immediately with:

/sbin/sysctl -p

3. Fix Slow Squid Servers

When a Squid cache server becomes sluggish, first inspect TCP connections:

netstat -n | awk '/^tcp/ {++S[$NF]} END {for(a in S) print a, S[a]}'

Reduce excessive TIME_WAIT sockets by editing /etc/sysctl.conf and adding:

net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.ipv4.tcp_max_tw_buckets = 5000

Explanation of the parameters: tcp_tw_reuse = 1: allows reuse of TIME_WAIT sockets. tcp_tw_recycle = 1: enables fast recycling of TIME_WAIT sockets. tcp_fin_timeout = 30: controls how long a socket stays in FIN_WAIT-2. tcp_keepalive_time = 1200: reduces keep‑alive interval from the default 2 hours to 20 minutes. ip_local_port_range = 1024 65000: expands the usable outbound port range. tcp_max_syn_backlog = 8192: enlarges the SYN queue. tcp_max_tw_buckets = 5000: caps the total number of TIME_WAIT sockets.

Apply the new kernel settings with:

/sbin/sysctl -p

4. Nginx Server Settings

For Nginx load balancers or Nginx+PHP5 web servers, enable the same TIME_WAIT optimizations:

net.ipv4.tcp_tw_reuse = 1   # reuse TIME_WAIT sockets
net.ipv4.tcp_tw_recycle = 1   # fast recycle TIME_WAIT sockets

Activate the changes:

/sbin/sysctl -p

5. Increase Maximum Open Files

Linux’s default limit for open files is low for high‑load services like Squid. Edit /etc/security/limits.conf and add:

* soft nofile 60000
* hard nofile 65535

Note: the ulimit -SHn command or modifications to /etc/rc.d/rc.local will not affect the system‑wide limit.

6. Run Only Required Services

Disable unnecessary services and keep only essential ones such as: crond irqbalance microcode_ctl network random sshd syslog Check services running at runlevel 5 with: chkconfig --list | awk '{print $1 " " $7}' | grep 5:on Stop and disable unwanted services, e.g.:

service cups stop
chkconfig cups off

7. Disable IPv6

On 64‑bit CentOS servers where IPv6 is unused, disable it for security and performance. Edit /etc/modprobe.conf and append:

alias net-pf-10 off
alias ipv6 off
echo "IPV6INIT=no" >> /etc/sysconfig/network-scripts/ifcfg-eth0

8. Enable RHEL NIC ONBOOT

For RHEL systems, ensure network interfaces start automatically. Edit the interface configuration files (e.g., /etc/sysconfig/network-scripts/ifcfg-eth0 or ifcfg-eth1) and set: ONBOOT=YES Then restart the network service:

service network restart

9. Linux Memory Management

Linux uses available memory aggressively; free memory is cached for faster I/O. It employs Buffer Cache for block devices and Page Cache for file pages, reducing system call latency. Generally, let the kernel manage memory and avoid manual “free‑memory” optimizations.