{"id":210666,"date":"2026-02-06T19:37:11","date_gmt":"2026-02-06T11:37:11","guid":{"rendered":"https:\/\/server.hk\/cnblog\/?p=210666"},"modified":"2026-02-05T19:38:11","modified_gmt":"2026-02-05T11:38:11","slug":"ubuntu-%e6%9c%8d%e5%8a%a1%e5%99%a8%e6%80%a7%e8%83%bd%e4%b8%8e%e7%a8%b3%e5%ae%9a%e6%80%a7%e4%bc%98%e5%8c%96","status":"publish","type":"post","link":"https:\/\/server.hk\/cnblog\/210666\/","title":{"rendered":"Ubuntu \u670d\u52a1\u5668\u6027\u80fd\u4e0e\u7a33\u5b9a\u6027\u4f18\u5316"},"content":{"rendered":"<p dir=\"auto\">\u5728\u751f\u4ea7\u73af\u5883\u4e2d\uff0cUbuntu \u670d\u52a1\u5668\u7684\u6027\u80fd\u4e0e\u7a33\u5b9a\u6027\u76f4\u63a5\u5f71\u54cd\u4e1a\u52a1\u8fde\u7eed\u6027\u3001\u7528\u6237\u4f53\u9a8c\u548c\u6210\u672c\u63a7\u5236\u3002\u672c\u6587\u9488\u5bf9 24.04 LTS\uff08\u53ca\u540e\u7eed\u7248\u672c\uff09\u63d0\u4f9b\u5b9e\u7528\u3001\u53ef\u64cd\u4f5c\u7684\u4f18\u5316\u601d\u8def\u4e0e\u914d\u7f6e\u5efa\u8bae\uff0c\u8986\u76d6\u5185\u6838\u3001\u6587\u4ef6\u7cfb\u7edf\u3001\u7f51\u7edc\u3001\u8fdb\u7a0b\u8c03\u5ea6\u3001\u5185\u5b58\u7ba1\u7406\u3001IO\u3001\u65e5\u5fd7\u3001\u5b89\u5168\u7b49\u591a\u4e2a\u7ef4\u5ea6\u3002\u4f18\u5316\u5206\u4e3a<strong>\u7a33\u5b9a\u6027\u4f18\u5148<\/strong>\u548c<strong>\u6027\u80fd\u4f18\u5148<\/strong>\u4e24\u7c7b\uff0c\u751f\u4ea7\u73af\u5883\u5efa\u8bae\u5148\u505a\u7a33\u5b9a\u6027\uff0c\u518d\u9010\u6b65\u8ffd\u6c42\u6781\u81f4\u6027\u80fd\u3002<\/p>\n<h3 dir=\"auto\">\u4e00\u3001\u7a33\u5b9a\u6027\u4f18\u5148\u4f18\u5316<\/h3>\n<p dir=\"auto\">\u8fd9\u4e9b\u8c03\u6574\u80fd\u663e\u8457\u51cf\u5c11\u5d29\u6e83\u3001\u91cd\u542f\u3001OOM\u3001IO \u7b49\u5f85\u7b49\u95ee\u9898\u3002<\/p>\n<ol dir=\"auto\">\n<li><strong>\u542f\u7528 Ubuntu Livepatch\uff08\u65e0\u91cd\u542f\u5185\u6838\u8865\u4e01\uff09<\/strong>\n<ul dir=\"auto\">\n<li>\u6ce8\u518c Ubuntu Pro\uff08\u4e2a\u4eba\u514d\u8d39\uff09\uff1a\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>sudo pro attach \u4f60\u7684token\r\nsudo pro enable livepatch<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/li>\n<li>\u597d\u5904\uff1a\u5927\u90e8\u5206\u5185\u6838\u5b89\u5168\u6f0f\u6d1e\u548c\u4e25\u91cd bug \u53ef\u70ed\u8865\u4e01\u4fee\u590d\uff0c\u65e0\u9700\u6bcf\u6708\u91cd\u542f\u3002<\/li>\n<\/ul>\n<\/li>\n<li><strong>\u5185\u6838\u53c2\u6570\u8c03\u4f18\uff08sysctl\uff09<\/strong> \u7f16\u8f91 \/etc\/sysctl.conf \u6216\u65b0\u5efa \/etc\/sysctl.d\/99-production.conf\uff1a\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code># \u9632\u6b62 TIME_WAIT \u7aef\u53e3\u8017\u5c3d\uff08\u9ad8\u5e76\u53d1\u573a\u666f\uff09\r\nnet.ipv4.tcp_fin_timeout = 15\r\nnet.ipv4.tcp_tw_reuse = 1\r\nnet.ipv4.tcp_tw_recycle = 0   # \u73b0\u4ee3\u5185\u6838\u5df2\u5f03\u7528\uff0c\u8bbe0\u907f\u514d\u95ee\u9898\r\n\r\n# \u589e\u5927\u8fde\u63a5\u6570\r\nnet.core.somaxconn = 65535\r\nnet.ipv4.ip_local_port_range = 1024 65535\r\nfs.file-max = 1048576\r\n\r\n# \u9632\u6b62 SYN \u6d2a\u6c34\r\nnet.ipv4.tcp_syncookies = 1\r\nnet.ipv4.tcp_max_syn_backlog = 8192\r\n\r\n# OOM \u6740\u8fdb\u7a0b\u66f4\u6e29\u548c\r\nvm.overcommit_memory = 1\r\nvm.panic_on_oom = 0\r\nvm.oom_kill_allocating_task = 1\r\n\r\n# \u5185\u5b58\u56de\u6536\u66f4\u79ef\u6781\r\nvm.swappiness = 10          # \u9ed8\u8ba460\uff0c\u592a\u9ad8\u5bb9\u6613 swap \u6296\u52a8\r\nvm.vfs_cache_pressure = 50  # \u964d\u4f4e inode\/dentry \u56de\u6536\u503e\u5411<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<p>\u5e94\u7528\uff1asudo sysctl &#8211;system<\/li>\n<li><strong>\u4f7f\u7528 noatime \u6216 relatime \u6302\u8f7d\u9009\u9879<\/strong> \u7f16\u8f91 \/etc\/fstab\uff0c\u5728 ext4\/xfs \u5206\u533a\u6dfb\u52a0\uff1a\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>UUID=xxx   \/   ext4   defaults,noatime   0 1<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<p>\u6216 relatime\uff08\u6298\u4e2d\u65b9\u6848\uff0c\u8bb0\u5f55\u8bbf\u95ee\u65f6\u95f4\u4f46\u9891\u7387\u4f4e\uff09\u3002<\/li>\n<li><strong>\u65e5\u5fd7\u7ba1\u7406\u4e0e\u7a7a\u95f4\u4fdd\u62a4<\/strong>\n<ul dir=\"auto\">\n<li>journald \u9650\u5236\u4f53\u79ef\uff1a \/etc\/systemd\/journald.conf\uff1a\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>SystemMaxUse=2G\r\nRuntimeMaxUse=512M\r\nMaxRetentionSec=90day<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<p>\u91cd\u542f\uff1asudo systemctl restart systemd-journald<\/li>\n<li>\u5b9a\u671f\u6e05\u7406\uff1acron \u4efb\u52a1\u6bcf\u5468\u8fd0\u884c journalctl &#8211;vacuum-time=60d<\/li>\n<\/ul>\n<\/li>\n<li><strong>\u542f\u7528 fail2ban + ufw<\/strong>\n<ul dir=\"auto\">\n<li>fail2ban \u9632\u66b4\u529b\u7834\u89e3<\/li>\n<li>ufw \u53ea\u5f00\u5fc5\u8981\u7aef\u53e3\uff0c\u62d2\u7edd\u9ed8\u8ba4\u7b56\u7565<\/li>\n<\/ul>\n<\/li>\n<li><strong>\u5b9a\u671f needrestart \u68c0\u67e5<\/strong> \u5347\u7ea7\u540e\u8fd0\u884c sudo needrestart\uff0c\u907f\u514d\u670d\u52a1\u672a\u91cd\u542f\u5bfc\u81f4\u7684\u201c\u65e7\u7248\u672c\u8fd8\u5728\u8dd1\u201d\u95ee\u9898\u3002<\/li>\n<\/ol>\n<h3 dir=\"auto\">\u4e8c\u3001\u6027\u80fd\u4f18\u5148\u4f18\u5316<\/h3>\n<p dir=\"auto\">\u5728\u7a33\u5b9a\u6027\u57fa\u7840\u4e0a\uff0c\u6839\u636e\u5b9e\u9645\u76d1\u63a7\u7ed3\u679c\u9488\u5bf9\u6027\u8c03\u4f18\u3002<\/p>\n<ol dir=\"auto\">\n<li><strong>CPU \u4e0e\u8c03\u5ea6\u5668<\/strong>\n<ul dir=\"auto\">\n<li>\u9ad8\u541e\u5410\u573a\u666f\uff1a\u5207\u6362\u5230 schedutil \u6216 performance governor\uff08\u4e91\u670d\u52a1\u5668\u614e\u7528\uff09\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>sudo apt install linux-tools-common linux-tools-$(uname -r)\r\ncpupower frequency-set -g performance<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/li>\n<li>\u591a\u6838\u9ad8\u5e76\u53d1\uff1a\u589e\u5927 kernel.sched_migration_cost_ns\uff08\u9ed8\u8ba4\u503c\u901a\u5e38\u5df2\u8f83\u4f18\uff0c\u9700\u6d4b\u8bd5\uff09<\/li>\n<\/ul>\n<\/li>\n<li><strong>\u5185\u5b58\u4e0e Swap<\/strong>\n<ul dir=\"auto\">\n<li>\u5173\u95ed\u6216\u6700\u5c0f\u5316 Swap\uff08\u751f\u4ea7\u63a8\u8350\u65e0 Swap \u6216\u6781\u5c0f Swap \u5206\u533a\uff09\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>sudo swapoff -a\r\nsudo sed -i '\/swap\/d' \/etc\/fstab<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/li>\n<li>\u542f\u7528 zram\uff08\u538b\u7f29\u5185\u5b58\u4ea4\u6362\uff0c\u9002\u5408\u5185\u5b58\u7d27\u5f20\u4f46 CPU \u5bcc\u88d5\u7684\u673a\u5668\uff09\uff1a\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>sudo apt install zram-config<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<p>\u6216\u624b\u52a8\u914d\u7f6e 50% \u7269\u7406\u5185\u5b58\u7684 zram\u3002<\/li>\n<\/ul>\n<\/li>\n<li><strong>\u6587\u4ef6\u7cfb\u7edf\u4e0e IO \u8c03\u5ea6<\/strong>\n<ul dir=\"auto\">\n<li>ext4 \u2192 xfs\uff08\u5927\u6587\u4ef6\u3001\u591a\u76ee\u5f55\u573a\u666f\u66f4\u597d\uff09<\/li>\n<li>IO \u8c03\u5ea6\u5668\uff1anvme\/ssd \u7528 none \u6216 mq-deadline\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>echo none &gt; \/sys\/block\/nvme0n1\/queue\/scheduler<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/li>\n<li>\u589e\u5927\u8bfb\u5199\u7f13\u51b2\uff1a\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>vm.dirty_ratio = 10\r\nvm.dirty_background_ratio = 5<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li><strong>\u7f51\u7edc\u6808\u4f18\u5316<\/strong> \u9ad8\u5e76\u53d1 Web\/API \u670d\u52a1\u5668\uff1a\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>net.core.rmem_max = 16777216\r\nnet.core.wmem_max = 16777216\r\nnet.ipv4.tcp_rmem = 4096 87380 16777216\r\nnet.ipv4.tcp_wmem = 4096 65536 16777216\r\nnet.ipv4.tcp_congestion_control = bbr   # \u63a8\u8350 BBR \u62e5\u585e\u63a7\u5236<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<p>\u542f\u7528 BBR\uff1a<\/p>\n<div dir=\"auto\">\n<div data-testid=\"code-block\">\n<div>\n<div>text<\/div>\n<div>\n<div>\n<div><\/div>\n<\/div>\n<\/div>\n<div>\n<pre tabindex=\"0\"><code>sudo modprobe tcp_bbr\r\necho \"tcp_bbr\" | sudo tee -a \/etc\/modules-load.d\/modules.conf<\/code><\/pre>\n<\/div>\n<div><\/div>\n<\/div>\n<div><\/div>\n<\/div>\n<\/div>\n<\/li>\n<li><strong>Nginx\/Apache\/PHP-FPM \u7b49\u5e94\u7528\u5c42\u8c03\u4f18<\/strong>\n<ul dir=\"auto\">\n<li>worker_processes = CPU \u6838\u6570 \u00d7 1~2<\/li>\n<li>worker_connections = 10240+<\/li>\n<li>open_file_cache \u7f13\u5b58 inode<\/li>\n<li>fastcgi_buffers \/ proxy_buffers \u589e\u5927<\/li>\n<\/ul>\n<\/li>\n<\/ol>\n<h3 dir=\"auto\">\u4e09\u3001\u76d1\u63a7\u4e0e\u9a8c\u8bc1\u624b\u6bb5<\/h3>\n<ul dir=\"auto\">\n<li><strong>\u5b9e\u65f6\u76d1\u63a7<\/strong>\uff1anetdata\uff08\u4e00\u952e\u5b89\u88c5\uff09\u3001prometheus-node-exporter + grafana<\/li>\n<li><strong>\u5386\u53f2\u6570\u636e<\/strong>\uff1asysstat\uff08sar -u\/-r\/-d\/-n DEV\uff09<\/li>\n<li><strong>\u74f6\u9888\u5b9a\u4f4d<\/strong>\uff1a\n<ul dir=\"auto\">\n<li>CPU \u5bc6\u96c6\uff1aperf top \/ flamegraph<\/li>\n<li>IO \u7b49\u5f85\uff1aiotop\u3001iostat -x 1<\/li>\n<li>\u7f51\u7edc\uff1anload\u3001iftop\u3001ss -s<\/li>\n<li>\u5185\u5b58\u6cc4\u6f0f\uff1asmem\u3001pmap<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3 dir=\"auto\">\u56db\u3001\u63a8\u8350\u4f18\u5316\u4f18\u5148\u7ea7<\/h3>\n<ol dir=\"auto\">\n<li>\u542f\u7528 Livepatch + unattended-upgrades\uff08\u7a33\u5b9a\u6027\u57fa\u77f3\uff09<\/li>\n<li>sysctl \u7f51\u7edc\/\u5185\u5b58\u53c2\u6570\u8c03\u4f18<\/li>\n<li>noatime + journald \u9650\u5236<\/li>\n<li>\u76d1\u63a7 + \u5b9a\u671f\u5de1\u68c0\uff08netdata \/ sar\uff09<\/li>\n<li>\u6839\u636e\u5b9e\u9645\u74f6\u9888\uff1aBBR\u3001zram\u3001xfs\u3001IO scheduler<\/li>\n<\/ol>\n<h3 dir=\"auto\">\u4e94\u3001\u6ce8\u610f\u4e8b\u9879\u4e0e\u9677\u9631<\/h3>\n<ul dir=\"auto\">\n<li>\u4e0d\u8981\u76f2\u76ee\u7167\u642c\u8c03\u4f18\u53c2\u6570\uff0c\u5fc5\u987b\u5728<strong>\u538b\u6d4b + \u76d1\u63a7<\/strong>\u540e\u5bf9\u6bd4\u524d\u540e\u5dee\u5f02<\/li>\n<li>\u4e91\u670d\u52a1\u5668\uff08AWS\/GCP\/Azure\uff09\u5f88\u591a\u53c2\u6570\u5df2\u88ab hypervisor \u4f18\u5316\uff0c\u8fc7\u5ea6\u8c03\u4f18\u53ef\u80fd\u9002\u5f97\u5176\u53cd<\/li>\n<li>\u5185\u6838\u7248\u672c\u5347\u7ea7\u540e\u91cd\u65b0\u9a8c\u8bc1\uff08\u5c24\u5176\u662f 6.8 \u2192 6.11 \u7cfb\u5217\uff09<\/li>\n<li>\u4efb\u4f55\u91cd\u5927\u53d8\u66f4\u524d\u505a\u597d\u5feb\u7167\/\u5907\u4efd<\/li>\n<\/ul>\n<p dir=\"auto\">\u901a\u8fc7\u4ee5\u4e0a\u7ec4\u5408\uff0c\u591a\u6570 Ubuntu \u670d\u52a1\u5668\u5728\u76f8\u540c\u786c\u4ef6\u4e0b\u53ef\u63d0\u5347 20%~100% \u7684\u541e\u5410\u80fd\u529b\uff0c\u540c\u65f6\u5c06\u6708\u5ea6\u975e\u8ba1\u5212\u91cd\u542f\u6b21\u6570\u964d\u81f3\u63a5\u8fd1 0\u3002\u4f18\u5316\u662f\u6301\u7eed\u8fed\u4ee3\u7684\u8fc7\u7a0b\uff0c\u5efa\u8bae\u6bcf\u5b63\u5ea6\u590d\u76d8\u4e00\u6b21\u76d1\u63a7\u6570\u636e\u4e0e\u4e1a\u52a1\u8868\u73b0\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u5728\u751f\u4ea7\u73af\u5883\u4e2d\uff0cUbuntu \u670d\u52a1&#46;&#46;&#46;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4924],"tags":[],"class_list":["post-210666","post","type-post","status-publish","format-standard","hentry","category-setup-tutorials"],"_links":{"self":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/210666","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/comments?post=210666"}],"version-history":[{"count":1,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/210666\/revisions"}],"predecessor-version":[{"id":210667,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/210666\/revisions\/210667"}],"wp:attachment":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/media?parent=210666"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/categories?post=210666"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/tags?post=210666"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}