增加重启机制

2026-04-24 14:25:18 +08:00
parent 3c5246afb5
commit 97c6b99b58
4 changed files with 138 additions and 64 deletions
--- a/vps-xray/vps-xray-optimized.md
+++ b/vps-xray/vps-xray-optimized.md
@@ -196,17 +196,62 @@ net.ipv4.tcp_fin_timeout=15
 net.ipv4.tcp_keepalive_time=300
 net.ipv4.tcp_keepalive_intvl=30
 net.ipv4.tcp_keepalive_probes=5
-net.ipv4.tcp_max_tw_buckets=5000
+net.ipv4.tcp_max_tw_buckets=262144
 net.ipv4.tcp_max_syn_backlog=8192
 net.core.somaxconn=8192
 net.core.netdev_max_backlog=8192
 SYSEOF
 sysctl --system > /dev/null 2>&1

+# ======================== 文件描述符 + 服务加固 ========================
+# 防止长时间运行后 "too many open files" 导致新连接无法建立
+grep -q '99-xray-nofile' /etc/security/limits.conf 2>/dev/null || cat >> /etc/security/limits.conf << 'LIMITEOF'
+# 99-xray-nofile
+* soft nofile 1000000
+* hard nofile 1000000
+root soft nofile 1000000
+root hard nofile 1000000
+LIMITEOF
+
+# systemd 服务：提升 fd 上限 + 崩溃自动重启
+mkdir -p /etc/systemd/system/xray.service.d
+cat > /etc/systemd/system/xray.service.d/override.conf << 'OVERRIDE'
+[Service]
+LimitNOFILE=1000000
+Restart=always
+RestartSec=3
+OVERRIDE
+
+# ======================== 定时重启（每日凌晨 4 点）========================
+# 使用 systemd timer，释放内存碎片，防止长时间运行后性能衰退
+cat > /etc/systemd/system/xray-restart.service << 'RSVC'
+[Unit]
+Description=Daily restart of Xray
+After=network.target
+
+[Service]
+Type=oneshot
+ExecStart=/bin/systemctl restart xray
+RSVC
+
+cat > /etc/systemd/system/xray-restart.timer << 'RTMR'
+[Unit]
+Description=Daily restart Xray at 04:00 CST
+
+[Timer]
+OnCalendar=*-*-* 04:00:00
+TimeZone=Asia/Shanghai
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+RTMR
+
 # ======================== 启动服务 ========================
 systemctl daemon-reload
 systemctl restart xray
 systemctl enable xray
+systemctl enable --now xray-restart.timer

 # ======================== 验证运行状态 ========================
 sleep 2
@@ -274,6 +319,20 @@ allow-lan: false
 mode: rule
 log-level: info

+dns:
+  enable: true
+  ipv6: false
+  enhanced-mode: fake-ip
+  nameserver:
+    - 223.5.5.5
+    - 119.29.29.29
+  fallback:
+    - 8.8.8.8
+    - 1.1.1.1
+  fallback-filter:
+    geoip: true
+    geoip-code: CN
+
 proxies:
  - name: "VPS-Reality"
    type: vless
@@ -383,6 +442,18 @@ sysctl net.ipv4.tcp_congestion_control

 # 验证 443 端口监听
 ss -tlnp | grep 443
+
+# 查看定时重启计划（下次执行时间）
+systemctl list-timers xray-restart.timer
+
+# 手动触发一次定时重启任务
+systemctl start xray-restart.service
+
+# 关闭定时重启
+systemctl disable --now xray-restart.timer
+
+# 重新开启定时重启
+systemctl enable --now xray-restart.timer
 ```

 ---