diff --git a/client/server_scripts/setup_firewall.sh b/client/server_scripts/setup_firewall.sh index dfd570f5..ab5ad4ee 100644 --- a/client/server_scripts/setup_firewall.sh +++ b/client/server_scripts/setup_firewall.sh @@ -1,3 +1,24 @@ sudo sysctl -w net.ipv4.ip_forward=1 sudo iptables -P FORWARD ACCEPT -sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP +sudo iptables -C INPUT -p icmp --icmp-type echo-request -j DROP || sudo iptables -A INPUT -p icmp --icmp-type echo-request -j DROP + +# Tuning network +sudo sysctl fs.file-max=51200 +sudo sysctl net.core.rmem_max=67108864 +sudo sysctl net.core.wmem_max=67108864 +sudo sysctl net.core.netdev_max_backlog=250000 +sudo sysctl net.core.somaxconn=4096 +sudo sysctl net.ipv4.tcp_syncookies=1 +sudo sysctl net.ipv4.tcp_tw_reuse=1 +sudo sysctl net.ipv4.tcp_tw_recycle=0 +sudo sysctl net.ipv4.tcp_fin_timeout=30 +sudo sysctl net.ipv4.tcp_keepalive_time=1200 +sudo sysctl net.ipv4.ip_local_port_range="10000 65000" +sudo sysctl net.ipv4.tcp_max_syn_backlog=8192 +sudo sysctl net.ipv4.tcp_max_tw_buckets=5000 +sudo sysctl net.ipv4.tcp_fastopen=3 +sudo sysctl net.ipv4.tcp_mem="25600 51200 102400" +sudo sysctl net.ipv4.tcp_rmem="4096 87380 67108864" +sudo sysctl net.ipv4.tcp_wmem="4096 65536 67108864" +sudo sysctl net.ipv4.tcp_mtu_probing=1 +sudo sysctl net.ipv4.tcp_congestion_control=hybla diff --git a/client/server_scripts/setup_openvpn_server.sh b/client/server_scripts/setup_openvpn_server.sh index 2b0648e2..0a64c749 100644 --- a/client/server_scripts/setup_openvpn_server.sh +++ b/client/server_scripts/setup_openvpn_server.sh @@ -1,7 +1,7 @@ # CONTAINER_NAME=... this var will be set in ServerController # Don't run commands in background like sh -c "openvpn &" -pm_apt="/usr/bin/apt-get"; pm_yum="/usr/bin/yum"; if [[ -f "$pm_apt" ]]; then pm=$pm_apt; else pm=$pm_yum; fi; if [[ -f "/usr/bin/sudo" ]]; then $pm install -y -q sudo; fi +pm_apt="/usr/bin/apt-get"; pm_yum="/usr/bin/yum"; if [[ -f "$pm_apt" ]]; then pm=$pm_apt; else pm=$pm_yum; fi; if [[ ! -f "/usr/bin/sudo" ]]; then $pm update -y -q; $pm install -y -q sudo; fi sudo iptables -P FORWARD ACCEPT pm_apt="/usr/bin/apt-get"; pm_yum="/usr/bin/yum"; if [[ -f "$pm_apt" ]]; then pm=$pm_apt; else pm=$pm_yum; fi; sudo $pm update -y -q diff --git a/client/server_scripts/setup_shadowsocks_server.sh b/client/server_scripts/setup_shadowsocks_server.sh index 0e5964b0..9178d285 100644 --- a/client/server_scripts/setup_shadowsocks_server.sh +++ b/client/server_scripts/setup_shadowsocks_server.sh @@ -1,7 +1,7 @@ # CONTAINER_NAME=... this var will be set in ServerController # Don't run commands in background like sh -c "openvpn &" -pm_apt="/usr/bin/apt-get"; pm_yum="/usr/bin/yum"; if [[ -f "$pm_apt" ]]; then pm=$pm_apt; else pm=$pm_yum; fi; if [[ -f "/usr/bin/sudo" ]]; then $pm install -y -q sudo; fi +pm_apt="/usr/bin/apt-get"; pm_yum="/usr/bin/yum"; if [[ -f "$pm_apt" ]]; then pm=$pm_apt; else pm=$pm_yum; fi; if [[ ! -f "/usr/bin/sudo" ]]; then $pm update -y -q; $pm install -y -q sudo; fi sudo iptables -P FORWARD ACCEPT pm_apt="/usr/bin/apt-get"; pm_yum="/usr/bin/yum"; if [[ -f "$pm_apt" ]]; then pm=$pm_apt; else pm=$pm_yum; fi; sudo $pm update -y -q