0%

docker官方仓库里有瘦身精简版的debian镜像叫做slim,当前稳定版为debian:stretch-slim,也可以使用stable-slim,testing-slim,unstable-slim,jessie-slim等标签,debian:stretch-slim大小大约为55.3MB,虽然还是比alpine大了不少,不过已经算很轻量了。

内核要求4.9及以上。

修改内核配置文件:

1
2
3
4
# cat >> /etc/sysctl.conf << EOF
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
EOF

或sudo vim /etc/sysctl.d/10-custom-kernel-bbr.conf添加以上两行

使配置生效:

1
2
3
# sysctl -p 
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr

sysctl -p不指定文件默认加载/etc/sysctl.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
$sudo sysctl --system
* Applying /etc/sysctl.d/10-custom-kernel-bbr.conf ...
net.core.default_qdisc = fq
net.ipv4.tcp_congestion_control = bbr
* Applying /etc/sysctl.d/60-gce-network-security.conf ...
net.ipv4.tcp_syncookies = 1
net.ipv4.conf.all.accept_source_route = 0
net.ipv4.conf.default.accept_source_route = 0
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.secure_redirects = 1
net.ipv4.conf.default.secure_redirects = 1
net.ipv4.ip_forward = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.icmp_echo_ignore_broadcasts = 1
net.ipv4.icmp_ignore_bogus_error_responses = 1
net.ipv4.conf.all.log_martians = 1
net.ipv4.conf.default.log_martians = 1
kernel.randomize_va_space = 2
kernel.panic = 10
* Applying /etc/sysctl.d/99-sysctl.conf ...
* Applying /etc/sysctl.d/protect-links.conf ...
fs.protected_hardlinks = 1
fs.protected_symlinks = 1
* Applying /etc/sysctl.conf ...

会加载所有的系统级配置文件

确认是否生效:

1
2
3
4
5
6
7
# sysctl net.core.default_qdisc
net.core.default_qdisc = fq
# sysctl net.ipv4.tcp_available_congestion_control
net.ipv4.tcp_available_congestion_control = bbr cubic reno

$ lsmod grep bbr
tcp_bbr 20480 14

References:
[1]Debian / Ubuntu 更新内核并开启 TCP BBR 拥塞控制算法
[2]Linux 升级内核开启 TCP BBR 有多大好处

博客正式迁移到docker平台!

当前稳定发行版的nodejs有很多安全性问题,可以从nodesource安装当前的6.X TLS版本

1
2
$ curl -sL https://deb.nodesource.com/setup_6.x sudo -E bash -
$ sudo apt-get install -y nodejs

有时可能会从源包构建组件,所以可以先安装build环境:

1
$ sudo apt-get install -y build-essential libssl-dev

References:
[1]Installation instructions

===
[erq]

alter database datafile ‘/path/to/datafile’ autoextend on;
alter database datafile ‘/path/to/datafile’ resize 100KMG;