Commit 71f8c866 authored by Bùi Bá Trường's avatar Bùi Bá Trường

Modify

parent 401cbf9c
Pipeline #423 passed with stages
in 2 minutes and 11 seconds
{
"insecure-registries": ["192.168.1.204:8081"]
}
\ No newline at end of file
# /etc/security/limits.conf
#
* - nofile 1000000
* - nproc 1000000
# End of file
[centos_repo]
name=Centos Repo
baseurl=http://192.168.1.204:8081/repository/centos-7/
enabled=1
gpgcheck=0
[epel_repo]
name=EPEL Repo
baseurl=http://192.168.1.204:8081/repository/fedora/
enabled=1
gpgcheck=0
[global]
trusted-host = 10.60.129.132
10.240.201.50
#index = http://10.60.129.132:8081/repository/PyPI/pypi/
#index-url = http://10.60.129.132:8081/repository/PyPI/simple/
#extra-index-url = http://10.60.129.132:8081/repository/PyPI/simple/
index = http://10.240.201.50:8081/repository/pypi/pypi/
index-url = http://10.240.201.50:8081/repository/pypi/simple
extra-index-url = http://10.240.201.50:8081/repository/pypi/simple/
# /etc/sysctl.conf
# Increase number of incoming connections
#net.core.somaxconn=1024
# Increase the maximum amount of option memory buffers
net.core.optmem_max=25165824
# Increase Linux auto tuning TCP buffer limits
# min, default, and max number of bytes to use
# set max to at least 4MB, or higher if you use very high BDP paths
net.core.rmem_default=8388608
net.core.rmem_max=16777216
net.core.wmem_max=16777216
net.core.netdev_max_backlog=65536
# Decrease the time default value for tcp_fin_timeout connection
net.ipv4.tcp_fin_timeout=15
# Number of times SYNACKs for passive TCP connection.
net.ipv4.tcp_synack_retries=2
net.ipv4.tcp_syn_retries=2
# Decrease the time default value for connections to keep alive
net.ipv4.tcp_keepalive_time=300
net.ipv4.tcp_keepalive_probes=5
net.ipv4.tcp_keepalive_intvl=15
# Enable timestamps as defined in RFC1323:
net.ipv4.tcp_timestamps=1
# Allowed local port range
net.ipv4.ip_local_port_range=2000 65000
# Turn on window scaling which can enlarge the transfer window:
net.ipv4.tcp_window_scaling=1
# Limit syn backlog to prevent overflow
net.ipv4.tcp_max_syn_backlog=30000
# Avoid a smurf attack
net.ipv4.icmp_echo_ignore_broadcasts=1
# Turn on protection for bad icmp error messages
net.ipv4.icmp_ignore_bogus_error_responses=1
# Turn on syncookies for SYN flood attack protection
net.ipv4.tcp_syncookies=1
# Protect Against TCP Time-Wait
net.ipv4.tcp_rfc1337=1
# Turn on and log spoofed, source routed, and redirect packets
net.ipv4.conf.all.log_martians=1
net.ipv4.conf.default.log_martians=1
# No source routed packets here
net.ipv4.conf.all.accept_source_route=0
net.ipv4.conf.default.accept_source_route=0
# Turn on reverse path filtering
net.ipv4.conf.all.rp_filter=0
# Make sure no one can alter the routing tables
net.ipv4.conf.all.accept_redirects=0
net.ipv4.conf.default.accept_redirects=0
net.ipv4.conf.all.secure_redirects=0
net.ipv4.conf.default.secure_redirects=0
# Don't act as a router
net.ipv4.ip_forward=1
net.ipv4.conf.all.send_redirects=0
net.ipv4.conf.default.send_redirects=0
# Turn on execshild protection
kernel.randomize_va_space=2
# Optimization for port usefor LBs Increase system file descriptor limit
fs.file-max=5000000
# Allow for more PIDs (to reduce rollover problems); may break some programs 32768
kernel.pid_max=65536
# Increase TCP max buffer size setable using setsockopt()
net.ipv4.tcp_rmem=4096 87380 16777216
net.ipv4.tcp_wmem=4096 87380 16777216
# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets=1440000
net.ipv4.tcp_tw_recycle=1
net.ipv4.tcp_tw_reuse=1
# !! Disable ipv6 for security (!! Optional if you're using ipv6 !!)
net.ipv6.conf.all.disable_ipv6=1
vm.max_map_count=262144
net.ipv4.ip_nonlocal_bind=1
net.unix.max_dgram_qlen=128
net.ipv4.conf.default.rp_filter=0
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment