CLOSE_WAIT means that the local end of the connection has received a FIN from the other end, but the OS is waiting for the program at the local end to actually close its connection.
The problem is your program running on the local machine is not closing the socket. It is not a TCP tuning issue. A connection can (and quite correctly) stay in CLOSE_WAIT forever while the program holds the connection open.
Once the local program closes the socket, the OS can send the FIN to the remote end which transitions you to LAST_ACK while you wait for the ACK of the FIN. Once that is received, the connection is finished and drops from the connection table (if your end is in CLOSE_WAIT you do not end up in the TIME_WAIT state).
To forcibly close sockets in the CLOSE_WAIT state using the ss command, you can use the --tcp option to specify that you want to view TCP sockets, and the state CLOSE-WAIT option to specify that you only want to view sockets that are in the CLOSE_WAIT state. For example:
$ ss --tcp state CLOSE-WAIT
This will display a list of all TCP sockets that are in the CLOSE_WAIT state.
To forcibly close these sockets, you can use the --kill option. This will send a signal to the socket, causing it to be closed. For example:
$ ss --tcp state CLOSE-WAIT --kill
You can also use the --tcp option to filter the sockets that you want to close based on various criteria. For example, you can use the dport option to specify a specific port number, or the dst option to specify a specific destination IP address. For example:
$ ss --tcp state CLOSE-WAIT '( dport = 22 or dst 1.1.1.1 )' --kill
This will forcibly close all TCP sockets in the CLOSE_WAIT state that are connected to port 22 or have a destination IP address of 1.1.1.1.
It is important to note that using the ss command to forcibly close sockets can have unintended consequences, as it may disrupt ongoing network connections. It is generally a good idea to use this command with caution, and only when it is necessary to do so.
To forcibly close sockets in the CLOSE_WAIT state using the ss command, you can use the --tcp option to specify that you want to view TCP sockets, and the state CLOSE-WAIT option to specify that you only want to view sockets that are in the CLOSE_WAIT state. For example:
$ ss --tcp state CLOSE-WAIT
$ ss --tcp state CLOSE-WAIT --kill
You can also use the --tcp option to filter the sockets that you want to close based on various criteria. For example, you can use the dport option to specify a specific port number, or the dst option to specify a specific destination IP address. For example:
$ ss --tcp state CLOSE-WAIT '( dport = 22 or dst 1.1.1.1 )' --kill
sudo netstat -tonp | grep jsvc | grep --regexp="127.0.0.1:443" --regexp="127.0.0.1:80" | grep CLOSE_WAIT