引言
AlmaLinux作为CentOS的替代品,继承了RHEL的稳定性和企业级特性,广泛应用于服务器环境。性能优化是系统管理员和开发者的核心技能,涉及从内核参数调整到应用层代码优化的全方位策略。本文将深入探讨AlmaLinux性能优化的实战方法,结合具体案例和代码示例,帮助读者系统性地提升系统性能。
一、系统级性能监控与诊断
1.1 常用监控工具
在优化之前,必须先了解系统当前状态。AlmaLinux提供了丰富的监控工具:
# 安装基础监控工具
sudo dnf install sysstat htop iotop perf
# 启用sysstat收集历史数据
sudo systemctl enable --now sysstat
关键工具详解:
- top/htop:实时查看进程资源占用
- vmstat:虚拟内存统计
- iostat:磁盘I/O统计
- netstat/ss:网络连接统计
- perf:性能分析工具(需要内核支持)
1.2 性能数据收集脚本
创建一个自动化监控脚本,定期收集关键指标:
#!/bin/bash
# performance_monitor.sh
LOG_DIR="/var/log/performance"
mkdir -p $LOG_DIR
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
LOG_FILE="$LOG_DIR/perf_$TIMESTAMP.log"
echo "=== Performance Monitor - $TIMESTAMP ===" > $LOG_FILE
# CPU使用率
echo "CPU Usage:" >> $LOG_FILE
mpstat 1 5 >> $LOG_FILE 2>&1
# 内存使用
echo -e "\nMemory Usage:" >> $LOG_FILE
free -h >> $LOG_FILE
# 磁盘I/O
echo -e "\nDisk I/O:" >> $LOG_FILE
iostat -x 1 5 >> $LOG_FILE 2>&1
# 网络统计
echo -e "\nNetwork Statistics:" >> $LOG_FILE
ss -s >> $LOG_FILE
# 进程TOP10 CPU
echo -e "\nTop 10 CPU Processes:" >> $LOG_FILE
ps -eo pid,ppid,cmd,%mem,%cpu --sort=-%cpu | head -11 >> $LOG_FILE
echo "=== End of Report ===" >> $LOG_FILE
二、内核参数调优
2.1 虚拟内存管理优化
AlmaLinux的虚拟内存参数直接影响系统性能,特别是对于内存密集型应用。
关键参数:
# 查看当前虚拟内存设置
sysctl vm.swappiness
sysctl vm.vfs_cache_pressure
sysctl vm.dirty_ratio
sysctl vm.dirty_background_ratio
# 临时修改(重启后失效)
sudo sysctl -w vm.swappiness=10
sudo sysctl -w vm.vfs_cache_pressure=50
sudo sysctl -w vm.dirty_ratio=15
sudo sysctl -w vm.dirty_background_ratio=5
参数说明:
vm.swappiness:控制内核使用交换空间的倾向性(0-100),建议数据库服务器设为1-10vm.vfs_cache_pressure:控制内核回收inode/dentry缓存的倾向性(默认100),建议设为50vm.dirty_ratio:系统内存中脏页达到多少百分比时开始同步写回磁盘vm.dirty_background_ratio:后台进程开始写回脏页的阈值
持久化配置:
# 创建自定义配置文件
sudo tee /etc/sysctl.d/99-performance.conf << EOF
# 虚拟内存优化
vm.swappiness = 10
vm.vfs_cache_pressure = 50
vm.dirty_ratio = 15
vm.dirty_background_ratio = 5
# 网络优化
net.core.somaxconn = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# 文件系统优化
fs.file-max = 2097152
fs.nr_open = 2097152
EOF
# 应用配置
sudo sysctl -p /etc/sysctl.d/99-performance.conf
2.2 网络性能优化
对于Web服务器、数据库服务器,网络优化至关重要:
# TCP/IP栈优化
sudo tee /etc/sysctl.d/99-network.conf << EOF
# TCP连接优化
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
# TCP拥塞控制算法(可选:bbr, cubic, reno)
net.ipv4.tcp_congestion_control = bbr
# 连接跟踪优化
net.netfilter.nf_conntrack_max = 2000000
net.netfilter.nf_conntrack_tcp_timeout_established = 7200
# 端口范围
net.ipv4.ip_local_port_range = 1024 65535
# TIME_WAIT优化
net.ipv4.tcp_max_tw_buckets = 2000000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
EOF
# 验证BBR算法是否启用
sysctl net.ipv4.tcp_congestion_control
BBR算法优势: BBR(Bottleneck Bandwidth and Round-trip propagation time)是Google开发的拥塞控制算法,相比传统算法能显著提升高延迟网络的吞吐量。
2.3 文件系统优化
EXT4/XFS优化:
# 查看当前文件系统挂载选项
mount | grep -E "(ext4|xfs)"
# 优化EXT4挂载选项(编辑/etc/fstab)
# 原始行示例:/dev/sda1 / ext4 defaults 1 1
# 优化后:
/dev/sda1 / ext4 defaults,noatime,nodiratime,data=writeback,barrier=0 1 1
# XFS优化选项
/dev/sdb1 /data xfs defaults,noatime,nodiratime,allocsize=64m,logbufs=8 1 1
参数说明:
noatime:不更新文件访问时间,减少磁盘写入nodiratime:不更新目录访问时间data=writeback:EXT4的写回模式(性能更高,但数据一致性风险略增)allocsize=64m:XFS预分配块大小,适合大文件
三、存储性能优化
3.1 I/O调度器选择
不同的I/O调度器适用于不同场景:
# 查看当前I/O调度器
cat /sys/block/sda/queue/scheduler
# 临时修改(重启失效)
echo noop > /sys/block/sda/queue/scheduler # SSD推荐
echo deadline > /sys/block/sda/queue/scheduler # 机械硬盘推荐
echo cfq > /sys/block/sda/queue/scheduler # 桌面系统推荐
# 持久化配置(使用udev规则)
sudo tee /etc/udev/rules.d/60-ssd-scheduler.rules << EOF
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="noop"
ACTION=="add|change", KERNEL=="sd[a-z]", ATTR{queue/rotational}=="1", ATTR{queue/scheduler}="deadline"
EOF
# 重新加载udev规则
sudo udevadm control --reload-rules
调度器选择指南:
- noop:最简单,适合SSD(无寻道时间)
- deadline:保证请求截止时间,适合数据库
- cfq:公平调度,适合多用户桌面
- kyber:新型调度器,适合混合存储
3.2 RAID配置优化
硬件RAID vs 软件RAID:
# 安装mdadm管理软件RAID
sudo dnf install mdadm
# 创建RAID10(4块磁盘)
sudo mdadm --create --verbose /dev/md0 --level=10 --raid-devices=4 /dev/sdb /dev/sdc /dev/sdd /dev/sde
# 查看RAID状态
cat /proc/mdstat
# 优化RAID参数(针对SSD)
sudo mdadm --grow /dev/md0 --bitmap=internal # 启用位图加速重建
RAID配置建议:
- 数据库:RAID10(性能+冗余)
- 文件存储:RAID6(大容量+冗余)
- 日志存储:RAID0(纯性能,无冗余)
3.3 LVM性能优化
# 创建LVM卷组
sudo pvcreate /dev/sdb
sudo vgcreate vg_data /dev/sdb
sudo lvcreate -n lv_app -L 100G vg_data
# 优化LVM参数
sudo tee /etc/lvm/lvm.conf << EOF
# 增加缓存
global {
use_lvmetad = 1
lvmetad_socket = "/run/lvm/lvmetad-socket"
}
# 优化条带化(针对多磁盘)
activation {
stripe_size = 64 # 64KB条带大小
}
EOF
# 创建条带化LV(类似RAID0)
sudo lvcreate -n lv_stripe -L 200G -i 4 -I 64 vg_data # 4条带,64KB条带大小
四、应用层优化策略
4.1 Web服务器优化(Nginx)
Nginx配置优化示例:
# /etc/nginx/nginx.conf
worker_processes auto; # 自动根据CPU核心数设置
worker_rlimit_nofile 65535; # 每个worker进程最大打开文件数
events {
worker_connections 4096; # 每个worker最大连接数
use epoll; # Linux高性能事件模型
multi_accept on; # 一次接受多个连接
}
http {
# 连接优化
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
keepalive_requests 100;
# 缓冲优化
client_body_buffer_size 128k;
client_max_body_size 10m;
client_header_buffer_size 1k;
large_client_header_buffers 4 8k;
# Gzip压缩
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_proxied any;
gzip_comp_level 6;
gzip_types
text/plain
text/css
text/xml
text/javascript
application/javascript
application/xml+rss
application/json;
# 缓存配置
open_file_cache max=1000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;
# 虚拟主机配置
server {
listen 80;
server_name example.com;
# 静态资源缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
expires 1y;
add_header Cache-Control "public, immutable";
}
# PHP-FPM代理
location ~ \.php$ {
fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
# 优化缓冲
fastcgi_buffers 16 16k;
fastcgi_buffer_size 32k;
fastcgi_busy_buffers_size 256k;
}
}
}
Nginx性能测试:
# 安装ab测试工具
sudo dnf install httpd-tools
# 测试并发性能
ab -n 10000 -c 100 http://localhost/
# 使用wrk进行更真实的测试(需要编译)
git clone https://github.com/wg/wrk.git
cd wrk
make
./wrk -t4 -c400 -d30s http://localhost/
4.2 数据库优化(MySQL/MariaDB)
MySQL配置优化:
# /etc/my.cnf.d/server.cnf
[mysqld]
# 基础配置
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/run/mariadb/mariadb.pid
# 内存优化(根据服务器内存调整)
innodb_buffer_pool_size = 4G # 通常设为总内存的50-70%
innodb_log_file_size = 512M
innodb_log_buffer_size = 16M
innodb_flush_log_at_trx_commit = 2 # 1=完全ACID,2=性能更好
innodb_flush_method = O_DIRECT # 绕过OS缓存,直接写入磁盘
# 连接优化
max_connections = 200
thread_cache_size = 50
table_open_cache = 2000
table_definition_cache = 1400
# 查询缓存(MySQL 8.0已移除,MariaDB仍支持)
query_cache_type = 0 # 建议禁用,使用应用层缓存
# 日志优化(生产环境建议关闭)
slow_query_log = 1
slow_query_log_file = /var/log/mariadb/slow.log
long_query_time = 2
# InnoDB优化
innodb_file_per_table = 1
innodb_flush_neighbors = 0 # SSD优化
innodb_read_io_threads = 8
innodb_write_io_threads = 8
innodb_io_capacity = 2000 # SSD建议值
innodb_io_capacity_max = 4000
# 临时表优化
tmp_table_size = 256M
max_heap_table_size = 256M
# 索引优化
innodb_stats_on_metadata = 0 # 避免元数据统计开销
MySQL性能分析:
-- 查看慢查询日志
SHOW VARIABLES LIKE 'slow_query_log%';
SHOW VARIABLES LIKE 'long_query_time';
-- 分析表状态
SHOW TABLE STATUS LIKE 'your_table';
-- 查看当前连接
SHOW PROCESSLIST;
-- 查看InnoDB状态
SHOW ENGINE INNODB STATUS\G
-- 使用Performance Schema(MySQL 5.6+)
SELECT * FROM performance_schema.events_statements_summary_by_digest
ORDER BY SUM_TIMER_WAIT DESC LIMIT 10;
4.3 应用代码优化(Python示例)
数据库连接优化:
# 优化前:每次请求都创建新连接
import mysql.connector
def get_user_data(user_id):
conn = mysql.connector.connect(
host='localhost',
user='app_user',
password='password',
database='app_db'
)
cursor = conn.cursor()
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
result = cursor.fetchone()
cursor.close()
conn.close()
return result
# 优化后:使用连接池
from mysql.connector import pooling
# 创建连接池(应用启动时初始化一次)
db_pool = pooling.MySQLConnectionPool(
pool_name="app_pool",
pool_size=10, # 连接池大小
pool_reset_session=True,
host='localhost',
user='app_user',
password='password',
database='app_db'
)
def get_user_data_optimized(user_id):
conn = db_pool.get_connection()
try:
cursor = conn.cursor()
cursor.execute("SELECT * FROM users WHERE id = %s", (user_id,))
result = cursor.fetchone()
cursor.close()
return result
finally:
conn.close() # 连接归还到池中
异步编程优化:
# 使用asyncio提升I/O密集型应用性能
import asyncio
import aiohttp
import time
async def fetch_url(session, url):
async with session.get(url) as response:
return await response.text()
async def main():
urls = [
'https://example.com/api/data1',
'https://example.com/api/data2',
'https://example.com/api/data3',
'https://example.com/api/data4',
]
async with aiohttp.ClientSession() as session:
tasks = [fetch_url(session, url) for url in urls]
results = await asyncio.gather(*tasks)
return results
# 运行
if __name__ == "__main__":
start = time.time()
results = asyncio.run(main())
print(f"耗时: {time.time() - start:.2f}秒")
print(f"获取了 {len(results)} 个结果")
五、容器化应用优化
5.1 Docker容器优化
Dockerfile优化示例:
# 多阶段构建减少镜像大小
FROM alpine:3.18 AS builder
WORKDIR /app
COPY requirements.txt .
RUN apk add --no-cache gcc musl-dev && \
pip install --no-cache-dir -r requirements.txt
FROM alpine:3.18 AS runtime
WORKDIR /app
COPY --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages
COPY --from=builder /usr/local/bin /usr/local/bin
COPY . .
# 使用非root用户
RUN addgroup -g 1000 appuser && \
adduser -u 1000 -G appuser -s /bin/sh -D appuser && \
chown -R appuser:appuser /app
USER appuser
# 健康检查
HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
CMD python -c "import requests; requests.get('http://localhost:8000/health')"
# 优化运行时参数
CMD ["python", "-m", "uvicorn", "main:app", "--host", "0.0.0.0", "--port", "8000", "--workers", "4"]
Docker运行时优化:
# 优化容器资源限制
docker run -d \
--name myapp \
--memory=2g \
--memory-swap=2g \
--cpus="1.5" \
--cpu-shares=512 \
--restart=unless-stopped \
--log-opt max-size=10m \
--log-opt max-file=3 \
myapp:latest
# 使用Docker Compose优化
# docker-compose.yml
version: '3.8'
services:
web:
image: myapp:latest
deploy:
resources:
limits:
cpus: '1.5'
memory: 2G
reservations:
cpus: '0.5'
memory: 512M
ulimits:
nproc: 65535
nofile:
soft: 65535
hard: 65535
logging:
driver: "json-file"
options:
max-size: "10m"
max-file: "3"
5.2 Kubernetes优化
Pod资源优化:
# deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
spec:
replicas: 3
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: web
image: myapp:latest
resources:
requests:
memory: "256Mi"
cpu: "250m"
limits:
memory: "512Mi"
cpu: "500m"
livenessProbe:
httpGet:
path: /health
port: 8000
initialDelaySeconds: 30
periodSeconds: 10
readinessProbe:
httpGet:
path: /ready
port: 8000
initialDelaySeconds: 5
periodSeconds: 5
# 优化容器运行时
securityContext:
runAsNonRoot: true
runAsUser: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
六、监控与自动化优化
6.1 Prometheus + Grafana监控
安装Prometheus:
# 下载Prometheus
wget https://github.com/prometheus/prometheus/releases/download/v2.45.0/prometheus-2.45.0.linux-amd64.tar.gz
tar xvfz prometheus-*.tar.gz
cd prometheus-*
# 配置Prometheus(prometheus.yml)
global:
scrape_interval: 15s
evaluation_interval: 15s
scrape_configs:
- job_name: 'alma-linux'
static_configs:
- targets: ['localhost:9100'] # node_exporter
- job_name: 'nginx'
static_configs:
- targets: ['localhost:9113'] # nginx-prometheus-exporter
- job_name: 'mysql'
static_configs:
- targets: ['localhost:9104'] # mysqld_exporter
# 启动Prometheus
./prometheus --config.file=prometheus.yml
安装node_exporter(系统指标):
# 下载node_exporter
wget https://github.com/prometheus/node_exporter/releases/download/v1.6.1/node_exporter-1.6.1.linux-amd64.tar.gz
tar xvfz node_exporter-*.tar.gz
cd node_exporter-*
# 创建systemd服务
sudo tee /etc/systemd/system/node_exporter.service << EOF
[Unit]
Description=Node Exporter
After=network.target
[Service]
User=node_exporter
Group=node_exporter
Type=simple
ExecStart=/usr/local/bin/node_exporter \
--collector.cpu \
--collector.meminfo \
--collector.diskstats \
--collector.filesystem \
--collector.netdev \
--collector.systemd \
--collector.processes
[Install]
WantedBy=multi-user.target
EOF
# 启动服务
sudo systemctl daemon-reload
sudo systemctl enable --now node_exporter
6.2 自动化优化脚本
智能调优脚本:
#!/usr/bin/env python3
# auto_tuner.py
import subprocess
import json
import psutil
import time
from datetime import datetime
class SystemTuner:
def __init__(self):
self.metrics = {}
def collect_metrics(self):
"""收集系统指标"""
self.metrics['timestamp'] = datetime.now().isoformat()
# CPU
self.metrics['cpu_percent'] = psutil.cpu_percent(interval=1)
self.metrics['cpu_count'] = psutil.cpu_count()
# 内存
mem = psutil.virtual_memory()
self.metrics['memory_total'] = mem.total
self.metrics['memory_available'] = mem.available
self.metrics['memory_percent'] = mem.percent
# 磁盘
disk = psutil.disk_usage('/')
self.metrics['disk_total'] = disk.total
self.metrics['disk_used'] = disk.used
self.metrics['disk_percent'] = disk.percent
# 网络
net = psutil.net_io_counters()
self.metrics['net_bytes_sent'] = net.bytes_sent
self.metrics['net_bytes_recv'] = net.bytes_recv
return self.metrics
def adjust_vm_swappiness(self):
"""根据内存使用率调整vm.swappiness"""
if self.metrics['memory_percent'] > 80:
# 内存紧张,减少交换
subprocess.run(['sysctl', '-w', 'vm.swappiness=5'])
print("内存紧张,设置vm.swappiness=5")
elif self.metrics['memory_percent'] < 30:
# 内存充足,可以增加交换
subprocess.run(['sysctl', '-w', 'vm.swappiness=30'])
print("内存充足,设置vm.swappiness=30")
def adjust_tcp_params(self):
"""根据网络负载调整TCP参数"""
# 获取当前TCP连接数
result = subprocess.run(['ss', '-s'], capture_output=True, text=True)
if 'ESTAB' in result.stdout:
# 解析连接数
lines = result.stdout.split('\n')
for line in lines:
if 'ESTAB' in line:
parts = line.split()
if len(parts) > 1:
estab = int(parts[1])
if estab > 10000:
# 高连接数,优化TIME_WAIT
subprocess.run(['sysctl', '-w', 'net.ipv4.tcp_tw_reuse=1'])
subprocess.run(['sysctl', '-w', 'net.ipv4.tcp_fin_timeout=15'])
print(f"高连接数({estab}),优化TCP参数")
def optimize_nginx(self):
"""根据负载优化Nginx配置"""
# 检查Nginx进程数
result = subprocess.run(['ps', 'aux'], capture_output=True, text=True)
nginx_count = result.stdout.count('nginx: worker')
# 获取CPU核心数
cpu_count = psutil.cpu_count()
# 如果worker进程数少于CPU核心数,建议增加
if nginx_count < cpu_count:
print(f"建议增加Nginx worker进程数到{cpu_count}")
# 这里可以自动修改nginx.conf并重启
# subprocess.run(['nginx', '-s', 'reload'])
def run(self):
"""主循环"""
print("开始系统性能优化...")
while True:
self.collect_metrics()
print(f"\n[{self.metrics['timestamp']}]")
print(f"CPU: {self.metrics['cpu_percent']}%")
print(f"内存: {self.metrics['memory_percent']}%")
print(f"磁盘: {self.metrics['disk_percent']}%")
self.adjust_vm_swappiness()
self.adjust_tcp_params()
self.optimize_nginx()
# 保存指标到文件
with open('/var/log/performance/metrics.json', 'a') as f:
f.write(json.dumps(self.metrics) + '\n')
time.sleep(60) # 每分钟运行一次
if __name__ == "__main__":
tuner = SystemTuner()
tuner.run()
七、实战案例:电商网站性能优化
7.1 问题诊断
场景:某电商网站在促销期间出现响应缓慢,数据库查询超时。
诊断步骤:
# 1. 检查系统负载
uptime
htop
# 2. 检查I/O等待
iostat -x 1 5
# 3. 检查网络连接
ss -s
netstat -an | grep :80 | wc -l
# 4. 检查MySQL慢查询
tail -f /var/log/mariadb/slow.log
# 5. 检查Nginx访问日志
tail -f /var/log/nginx/access.log | awk '{print $1}' | sort | uniq -c | sort -nr | head -20
7.2 优化方案实施
1. 数据库优化:
-- 添加缺失的索引
ALTER TABLE orders ADD INDEX idx_user_status (user_id, status);
ALTER TABLE products ADD INDEX idx_category_price (category_id, price);
-- 优化慢查询
EXPLAIN SELECT * FROM orders WHERE user_id = 123 AND status = 'pending' ORDER BY created_at DESC LIMIT 20;
-- 分析表统计信息
ANALYZE TABLE orders;
ANALYZE TABLE products;
-- 优化大表(分区)
ALTER TABLE orders PARTITION BY RANGE (YEAR(created_at)) (
PARTITION p2023 VALUES LESS THAN (2024),
PARTITION p2024 VALUES LESS THAN (2025)
);
2. 应用层缓存:
# 使用Redis缓存热点数据
import redis
import json
from functools import wraps
# Redis连接池
redis_pool = redis.ConnectionPool(
host='localhost',
port=6379,
db=0,
max_connections=20
)
def cache_result(ttl=300):
"""装饰器:缓存函数结果"""
def decorator(func):
@wraps(func)
def wrapper(*args, **kwargs):
# 生成缓存键
key = f"{func.__name__}:{str(args)}:{str(kwargs)}"
# 尝试从缓存获取
r = redis.Redis(connection_pool=redis_pool)
cached = r.get(key)
if cached:
return json.loads(cached)
# 执行函数并缓存结果
result = func(*args, **kwargs)
r.setex(key, ttl, json.dumps(result))
return result
return wrapper
return decorator
@cache_result(ttl=60) # 缓存60秒
def get_product_details(product_id):
"""获取产品详情(数据库查询)"""
# 模拟数据库查询
return {"id": product_id, "name": "Product", "price": 99.99}
# 使用示例
product = get_product_details(123) # 第一次查询数据库
product = get_product_details(123) # 第二次从Redis获取
3. Nginx配置优化:
# 优化后的Nginx配置
upstream backend {
least_conn; # 最少连接负载均衡
server 127.0.0.1:8000 max_fails=3 fail_timeout=30s;
server 127.0.0.1:8001 max_fails=3 fail_timeout=30s;
server 127.0.0.1:8002 max_fails=3 fail_timeout=30s;
keepalive 32; # 保持连接
}
server {
listen 80;
server_name shop.example.com;
# 限流配置(防止DDoS)
limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;
location /api/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 超时设置
proxy_connect_timeout 5s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 缓冲优化
proxy_buffering on;
proxy_buffer_size 4k;
proxy_buffers 8 4k;
proxy_busy_buffers_size 8k;
}
# 静态资源缓存
location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff|woff2)$ {
expires 1y;
add_header Cache-Control "public, immutable";
access_log off;
}
}
4. 系统内核优化:
# 针对高并发Web服务器的内核优化
sudo tee /etc/sysctl.d/99-webserver.conf << EOF
# 网络优化
net.core.somaxconn = 65535
net.core.netdev_max_backlog = 65535
net.ipv4.tcp_max_syn_backlog = 65535
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_fin_timeout = 30
# 文件系统优化
fs.file-max = 2097152
fs.nr_open = 2097152
# 内存优化
vm.swappiness = 10
vm.vfs_cache_pressure = 50
# 网络缓冲区
net.core.rmem_max = 16777216
net.core.wmem_max = 16777216
net.ipv4.tcp_rmem = 4096 87380 16777216
net.ipv4.tcp_wmem = 4096 65536 16777216
EOF
sudo sysctl -p /etc/sysctl.d/99-webserver.conf
7.3 优化效果验证
# 使用ab进行压力测试
ab -n 10000 -c 100 -k http://shop.example.com/api/products/123
# 使用wrk进行更真实的测试
./wrk -t4 -c400 -d30s http://shop.example.com/api/products/123
# 监控优化前后对比
# 优化前:平均响应时间 500ms,吞吐量 200 req/s
# 优化后:平均响应时间 50ms,吞吐量 2000 req/s
八、性能优化最佳实践
8.1 优化原则
- 测量优先:优化前必须测量当前性能
- 渐进式优化:每次只修改一个参数,观察效果
- 理解业务:优化要符合业务场景(读多写少 vs 写多读少)
- 监控持续:优化后持续监控,防止性能退化
8.2 常见陷阱
- 过度优化:不必要的优化可能引入复杂性
- 忽略硬件限制:软件优化无法突破硬件瓶颈
- 单点优化:只优化一个组件可能造成瓶颈转移
- 忽略安全:性能优化不能牺牲安全性
8.3 持续优化流程
graph TD
A[监控系统] --> B{性能问题?}
B -->|是| C[诊断分析]
B -->|否| A
C --> D[制定优化方案]
D --> E[实施优化]
E --> F[验证效果]
F --> G{达到目标?}
G -->|是| H[文档化]
G -->|否| C
H --> A
九、总结
AlmaLinux性能优化是一个系统工程,需要从内核参数、存储配置、网络优化到应用层代码的全方位考虑。关键要点:
- 监控先行:使用sysstat、perf等工具建立性能基线
- 内核调优:根据应用场景调整虚拟内存、网络和文件系统参数
- 存储优化:选择合适的I/O调度器和RAID配置
- 应用优化:优化数据库查询、使用缓存、异步处理
- 容器化优化:合理配置资源限制和镜像构建
- 持续监控:建立自动化监控和调优机制
性能优化是一个持续的过程,需要根据业务发展和技术演进不断调整。建议建立性能优化知识库,记录每次优化的背景、方案和效果,形成组织的最佳实践。
通过本文的实战指南,您应该能够系统性地分析和优化AlmaLinux系统性能,从系统调优到应用层加速,全面提升服务质量和用户体验。