Boost Linux Server Performance: Essential Kernel Tweaks and Sysctl Settings

Introduction

This guide explains a series of Linux system‑level configurations that can noticeably improve application performance by reducing resource contention and optimizing network handling.

Disable SELinux

SELinux provides strong security but may cause compatibility problems. To disable it permanently:

# vim /etc/selinux/config
# Change the line
# SELINUX=enforcing  →  SELINUX=disabled
# Save and exit
# reboot

Set Runlevel to 3

Running the system in multi‑user text mode (runlevel 3) saves graphical resources:

# grep 3:initdefault /etc/inittab
# Expected output: id:3:initdefault:
# init 3

Increase File Descriptor Limits

Edit /etc/security/limits.conf and add the following lines to raise the maximum number of open files and processes for all users:

* soft nofile 65536
* hard nofile 65536
* soft nproc 65536
* hard nproc 65536

Explanation:

* applies to every user.

nofile controls the maximum number of open file handles.

nproc controls the maximum number of processes.

Fine‑Tune Kernel Parameters (sysctl)

Modify /etc/sysctl.conf (or a dedicated sysctl.conf file) with the following settings to improve network throughput and connection handling:

net.ipv4.tcp_syncookies = 1
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_tw_recycle = 1
net.ipv4.tcp_fin_timeout = 30
net.ipv4.tcp_keepalive_time = 1200
net.ipv4.ip_local_port_range = 1024 65000
net.ipv4.tcp_max_syn_backlog = 8192
net.nf_conntrack_max = 655360

Key meanings: tcp_syncookies: Enables SYN cookies to mitigate SYN‑flood attacks. tcp_tw_reuse and tcp_tw_recycle: Allow reuse and fast recycling of TIME‑WAIT sockets. tcp_fin_timeout: Controls how long a socket stays in FIN‑WAIT‑2. tcp_keepalive_time: Reduces the default keep‑alive interval from 2 hours to 20 minutes. ip_local_port_range: Expands the outbound port range to 1024‑65000. tcp_max_syn_backlog: Increases the SYN queue length to 8192. nf_conntrack_max: Raises the maximum number of tracked connections.

Apply the Changes

# sysctl -p

Common Exceptions and Remedies

Too many open files – This error occurs when a process exceeds the allowed number of file descriptors (including sockets). The solution is to increase the limits as shown above.

Connection timeout / many TIME‑WAIT sockets – Often caused by applications not closing connections properly. Adjust the sysctl parameters above and fix the application logic.

Useful Commands

Check TCP connection states:

netstat -n | awk '/^tcp/ {++state[$NF]} END {for (key in state) print key, "\t", state[key]}'

Typical TCP state meanings:

CLOSED – No connection.

LISTEN – Server waiting for incoming calls.

SYN_RECV – SYN received, awaiting acknowledgment.

SYN_SENT – SYN sent, awaiting reply.

ESTABLISHED – Normal data transfer.

FIN_WAIT1 / FIN_WAIT2 – Closing phases.

TIME_WAIT – Waiting for delayed packets to disappear.

LAST_ACK – Final acknowledgment pending.

Conclusion

Linux offers a rich set of kernel parameters that, when tuned appropriately, can dramatically increase server processing capacity and reliability. Adjusting SELinux, runlevel, file descriptor limits, and sysctl settings together addresses many common performance bottlenecks.

Reference: https://www.cnblogs.com/pgyLang/p/15769748.html