Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Too many open files
åÝ£ ÄÏÂÁ×ÌÀ:
ðÒÏÂÏ×ÁÌ × nginx.conf ÐÒÏÐÉÓÙ×ÁÔØ:
user nginx;
îÏ ×Ó£ ÒÁ×ÎÏ ÚÎÁÞÅÎÉÅ ÌÉÍÉÔÁ Max open files ÏÎ ÂÅÒ£Ô ÉÚ ÏÇÒÁÎÉÞÅÎÉÊ
root'a, ÐÏÓËÏÌØËÕ ÍÁÓÔÅÒ ÐÒÏÃÅÓÓ ÚÁÐÕÓËÁÅÔÓÑ ÏÔ ÎÅÇÏ.
worker_rlimit_nofile ÓÔÁ×ÉÌ ÏÇÒÏÍÎÙÊ ÎÏ ÜÔÏ ÎÉËÁË ÎÅ ÐÏÍÏÇÌÏ - ÐÏËÁ ÎÅ
×ÙÐÏÌÎÉÔØ ulimit -n 5000 ÐÏÄ ÒÕÔÏÍ ÜÆÆÅËÔÁ ÎÉËÁËÏÇÏ ÎÅÔ.
÷ÏÔ ÔÏÌØËÏ ËÁË ÐÅÒÍÁÎÅÎÔÎÏ Õ×ÅÌÉÞÉÔØ ÓÔÁÎÄÁÒÔÎÙÊ ÌÉÍÉÔ ÄÌÑ ÒÕÔÁ -
ÏÓÔÁ£ÔÓÑ ×ÏÐÒÏÓ.
17 ÉÀÌÑ 2009 Ç. 6:08 ÐÏÌØÚÏ×ÁÔÅÌØ áÌÅËÓÅÊ (systeamx@xxxxxxxxx) ÎÁÐÉÓÁÌ:
> C ËÁÎÁÌÏÍ ×Ó£ × ÐÏÒÑÄËÅ, ÂÏÌØÛÅ 1024 ÆÁÊÌÏ× ÉÚ-ÚÁ bytes-log'Ï× ÄÌÑ
> ËÁÖÄÏÇÏ ÄÏÍÅÎÁ.
>
> óÅÊÞÁÓ ÐÏÐÒÏÂÏ×ÁÌ ulimit -n 5000 (ÐÏÄ ÒÕÔÏÍ), ÐÏÓÌÅ ÜÔÏÇÏ nginx
> ÚÁÐÕÓËÁÅÔÓÑ ÂÅÚ ÏÛÉÂÏË.
>
> ëÁË ÍÏÖÎÏ ÅÇÏ ÚÁÐÕÓÔÉÔØ ÏÔ ÐÏÌØÚÏ×ÁÔÅÌÑ nginx? îÕÖÎÏ ËÁË-ÔÏ ÉÚÍÅÎÑÔØ
> init ÓËÒÉÐÔ ÎÁÓËÏÌØËÏ Ñ ÐÏÎÉÍÁÀ É ÐÒÏÐÉÓÙ×ÁÔØ ÒÁÚÒÅÛÅÎÉÑ ×
> /etc/sudoers.
> ïÂØÑÓÎÉÔÅ ÐÏÄÒÏÂÎÅÅ ÐÏÖÁÌÕÊÓÔÁ.
>
> é ÅÝ£:
>
> root@*** [~]# for pid in $(pgrep nginx); do cat /proc/$pid/limits; done
> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
> Max open files š š š š š š5000 š š š š š š š š 5000 š š š š š š š š files
> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
> Max nice priority š š š š 0 š š š š š š š š š š0
> Max realtime priority š š 0 š š š š š š š š š š0
> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
> Max open files š š š š š š20192 š š š š š š š š20192 š š š š š š š šfiles
> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
> Max nice priority š š š š 0 š š š š š š š š š š0
> Max realtime priority š š 0 š š š š š š š š š š0
> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
> Max open files š š š š š š20192 š š š š š š š š20192 š š š š š š š šfiles
> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
> Max nice priority š š š š 0 š š š š š š š š š š0
> Max realtime priority š š 0 š š š š š š š š š š0
> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
> Max open files š š š š š š20192 š š š š š š š š20192 š š š š š š š šfiles
> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
> Max nice priority š š š š 0 š š š š š š š š š š0
> Max realtime priority š š 0 š š š š š š š š š š0
> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
> Max open files š š š š š š20192 š š š š š š š š20192 š š š š š š š šfiles
> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
> Max nice priority š š š š 0 š š š š š š š š š š0
> Max realtime priority š š 0 š š š š š š š š š š0
> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>
>
> 15 ÉÀÌÑ 2009 Ç. 12:09 ÐÏÌØÚÏ×ÁÔÅÌØ Gena Makhomed (gmm@xxxxxxxxx) ÎÁÐÉÓÁÌ:
>> On Wednesday, July 15, 2009 at 9:06:10, Artyom Nosov wrote:
>>
>>>> security-ÕÑÚ×ÉÍÏÓÔÅÊ × nginx ÐÏËÁ ÅÝÅ ÎÅ ÂÙÌÏ ÏÂÎÁÒÕÖÅÎÏ.
>>>> É ÓÏÇÌÁÓÎÏ ÒÅÊÔÉÎÇÕ http://wiki.opennet.ru/SecurityTop
>>>> nginx ×ÈÏÄÉÔ × ÞÉÓÌÏ ÐÒÏÇÒÁÍÍ Ó ÏÔÌÉÞÎÏÊ ÂÅÚÏÐÁÓÎÏÓÔØÀ.
>>
>> AN> òÅÊÔÉÎÇ ÜÔÏÔ ÓÌÕÖÉÔØ ÍÏÖÅÔ ÒÁÚ×Å ÞÔÏ ÄÌÑ ÕÓÔÒÁÛÅÎÉÑ ÎÏ×ÏÂÒÁÎÃÅ×.
>>
>> ÒÅÊÔÉÎÇ ÜÔÏÔ - ÄÌÑ ÔÏÇÏ ÞÔÏÂÙ ÍÏÖÎÏ ÂÙÌÏ ×ÙÂÒÁÔØ ÂÏÌÅÅ ÎÁÄÅÖÎÕÀ ÐÒÏÇÒÁÍÍÕ
>> ÉÚ ÎÅÓËÏÌØËÉÈ ×ÁÒÉÁÎÔÏ×: sendmail/exim/postfix, proftpd/wuftpd/vsftpd É Ô.Ð.
>>
>> AN> ëÁË ×ÅÒÎÏ ÚÁÍÅÔÉÌ ÏÄÉÎ ÉÚ ÅÇÏ ÒÅÄÁËÔÏÒÏ×: Á postfix^Wnginx
>> AN> ÓÏÂÒÁÎÎÙÊ Ó OpenSSL ÔÏÖÅ ÎÅÐÒÅÍÅÎÎÏ ÚÁ×ÏÒÁÞÉ×ÁÔØ × chroot?
>>
>> ÎÅÔ. ÎÏ ÂÅÚÏÐÁÓÎÏÓÔØ Õ nginx ÂÅÚ OpenSSL ×ÙÛÅ ÞÅÍ Õ nginx+OpenSSL.
>> PS ÍÅÖÄÕ ÐÒÏÞÉÍ, "chroot is not and never has been a security tool".
>>
>> --
>> Best regards,
>> šGena
>>
>>
>>
>
|