worker_rlimit_nofile
will set the limit for file descriptors for the worker processes as oppose to the user running nginx. If other programs running under this user will not be able to gracefully handle running out of file descriptiors then you should set this limit slightly less then what is for the user.
First, What is using your file descriptors?
- Each active connection to a client
- Using proxy_pass? That will open a socket to the host:port handling these requests
- Using proxy_pass to a local port? Thats another open socket. (For the owner of that process)
- static files being served by nginx
Why would the limit per worker be less than the OS limit?
This is controlled by the OS because the worker is not the only process running on the machine. To change it for the user running nginx see below. It would be very bad if your workers used up all of the file descriptors available to all processes, don't set your limits so that is possible.
#/etc/sysctl.conf
#This sets the value you see when running cat /proc/sys/fs/file-max
fs.file-max = 65536"
#/etc/security/limits.conf
#this sets the defaults for all users
* soft nofile 4096
* hard nofile 4096
#This overrides the default for user `usernamehere`
usernamehere soft nofile 10240
usernamehere hard nofile 10240
After those security limit changes I believe I still had to increase the softlimit for the user using ulimit
.
How do I find out what my limit is now?
ulimit -a
Will display all the limits associated with the user you run it as.
I finally found the problem, it seems upstart doesn't use the parameters defined at /etc/security/limits.conf, so when I launch mysql through the service command (and so, under upstart), it overrides those defined limits and uses the default 1024.
The solution is to modify the mysql.conf file that defines the upstart service, it is located at /etc/init/mysql.conf and add the following lines before the pre-start block:
# NB: Upstart scripts do not respect
# /etc/security/limits.conf, so the open-file limits
# settings need to be applied here.
limit nofile 32000 32000
limit nproc 32000 32000
The first value defines the soft limit, the other, the hard limit, once added those lines, the service works as expected applying the values defined at the my.conf file.
This limitation should apply for every upstart service that it is defined at /etc/init, so if any service has the same problem with the open files limit, this solution should work either.
Best Answer
In Linux, you can see if that option has changed the limits of the process by running:
Where
<PID>
is the process ID of nginex. Test on a development environment.If that option is not changing the limits or if you have a too restrictive hard limit you need to change the
nofile
in the /etc/security/limits.conf file.