Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Too many open files
úÁÍÅÔÉÌ ÞÔÏ ÌÉÍÉÔ ÐÏÌÕÞÉÌÏÓØ ÓÍÅÎÉÔØ ÔÏÌØËÏ ÎÁ ÏÄÎÏÍ ÓÅÒ×ÅÒÅ - ÎÁ
ÏÓÔÁÌØÎÙÈ 4096 É ÎÅ ÍÅÎÑÅÔÓÑ ÎÉËÕÄÁ.
Nginx ÐÒÏÂÏ×ÁÌ ÚÁÐÕÓËÁÔØ ÐÏ ÒÁÚÎÏÍÕ ÎÅ ÐÏÍÏÇÌÏ. îÁ×ÅÒÎÏÅ ÔÏÌØËÏ
ÐÒÏÐÉÓÙ×ÁÔØ ulimit -n ÎÁÐÒÑÍÕÀ.
17 ÉÀÌÑ 2009 Ç. 16:24 ÐÏÌØÚÏ×ÁÔÅÌØ Artyom Nosov (chip@xxxxxxxxxxxx) ÎÁÐÉÓÁÌ:
> ëÁË ÁÌØÔÅÒÎÁÔÉ×ÎÙÊ ×ÁÒÉÁÎÔ, ÍÏÖÎÏ ÐÒÏÐÉÓÁÔØ × /etc/sysconfig/nginx (ÅÓÌÉ
> nginx ÕÓÔÁÎÁ×ÌÉ×ÁÌÓÑ ÉÚ EPEL ÜÔÏÔ ÆÁÊÌ ÐÏÄËÌÀÞÁÅÔÓÑ ÓËÒÉÐÔÏÍ
> /etc/init.d/nginx) ÓÔÒÏÞËÕ
>
> ulimit -n <ÎÅÏÂÈÏÄÉÍÏ_ËÏÌÉÞÅÓÔ×Ï>
>
> áÌÅËÓÅÊ wrote:
>>
>> ëÁÖÅÔÓÑ ÐÏÎÑÌ × Þ£Í ÂÙÌÁ ÐÒÏÂÌÅÍÁ.
>>
>> ÷ /etc/security/limits.conf ÎÅ ÂÙÌÏ ÐÒÏÐÉÓÁÎÏ ÈÁÒÄ ÌÉÍÉÔÁ, Ñ ÄÕÍÁÌ ÞÔÏ
>> ÒÁÎÅÅ ÅÇÏ ÐÒÏÐÉÓÁÌ ÎÏ ×ÉÄÉÍÏ ×Ó£-ÔÁËÉ ÎÅÔ.
>> ëÁË ÔÏÌØËÏ ÐÒÏÐÉÓÁÌ ÓÒÁÚÕ ÓÔÁÌÏ ×ÙÄÁ×ÁÔØ
>> root@*** [~]# ulimit -n
>> 50000
>>
>> é nginx ÂÏÌØÛÅ ÎÅ ÒÕÇÁÅÔÓÑ.
>>
>> 17 ÉÀÌÑ 2009 Ç. 6:17 ÐÏÌØÚÏ×ÁÔÅÌØ áÌÅËÓÅÊ (systeamx@xxxxxxxxx) ÎÁÐÉÓÁÌ:
>>>
>>> åÝ£ ÄÏÂÁ×ÌÀ:
>>>
>>> ðÒÏÂÏ×ÁÌ × nginx.conf ÐÒÏÐÉÓÙ×ÁÔØ:
>>>
>>> user nginx;
>>>
>>> îÏ ×Ó£ ÒÁ×ÎÏ ÚÎÁÞÅÎÉÅ ÌÉÍÉÔÁ Max open files ÏÎ ÂÅÒ£Ô ÉÚ ÏÇÒÁÎÉÞÅÎÉÊ
>>> root'a, ÐÏÓËÏÌØËÕ ÍÁÓÔÅÒ ÐÒÏÃÅÓÓ ÚÁÐÕÓËÁÅÔÓÑ ÏÔ ÎÅÇÏ.
>>> worker_rlimit_nofile ÓÔÁ×ÉÌ ÏÇÒÏÍÎÙÊ ÎÏ ÜÔÏ ÎÉËÁË ÎÅ ÐÏÍÏÇÌÏ - ÐÏËÁ ÎÅ
>>> ×ÙÐÏÌÎÉÔØ ulimit -n 5000 ÐÏÄ ÒÕÔÏÍ ÜÆÆÅËÔÁ ÎÉËÁËÏÇÏ ÎÅÔ.
>>>
>>> ÷ÏÔ ÔÏÌØËÏ ËÁË ÐÅÒÍÁÎÅÎÔÎÏ Õ×ÅÌÉÞÉÔØ ÓÔÁÎÄÁÒÔÎÙÊ ÌÉÍÉÔ ÄÌÑ ÒÕÔÁ -
>>> ÏÓÔÁ£ÔÓÑ ×ÏÐÒÏÓ.
>>>
>>> 17 ÉÀÌÑ 2009 Ç. 6:08 ÐÏÌØÚÏ×ÁÔÅÌØ áÌÅËÓÅÊ (systeamx@xxxxxxxxx) ÎÁÐÉÓÁÌ:
>>>>
>>>> C ËÁÎÁÌÏÍ ×Ó£ × ÐÏÒÑÄËÅ, ÂÏÌØÛÅ 1024 ÆÁÊÌÏ× ÉÚ-ÚÁ bytes-log'Ï× ÄÌÑ
>>>> ËÁÖÄÏÇÏ ÄÏÍÅÎÁ.
>>>>
>>>> óÅÊÞÁÓ ÐÏÐÒÏÂÏ×ÁÌ ulimit -n 5000 (ÐÏÄ ÒÕÔÏÍ), ÐÏÓÌÅ ÜÔÏÇÏ nginx
>>>> ÚÁÐÕÓËÁÅÔÓÑ ÂÅÚ ÏÛÉÂÏË.
>>>>
>>>> ëÁË ÍÏÖÎÏ ÅÇÏ ÚÁÐÕÓÔÉÔØ ÏÔ ÐÏÌØÚÏ×ÁÔÅÌÑ nginx? îÕÖÎÏ ËÁË-ÔÏ ÉÚÍÅÎÑÔØ
>>>> init ÓËÒÉÐÔ ÎÁÓËÏÌØËÏ Ñ ÐÏÎÉÍÁÀ É ÐÒÏÐÉÓÙ×ÁÔØ ÒÁÚÒÅÛÅÎÉÑ ×
>>>> /etc/sudoers.
>>>> ïÂØÑÓÎÉÔÅ ÐÏÄÒÏÂÎÅÅ ÐÏÖÁÌÕÊÓÔÁ.
>>>>
>>>> é ÅÝ£:
>>>>
>>>> root@*** [~]# for pid in $(pgrep nginx); do cat /proc/$pid/limits; done
>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>> Units
>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>> šbytes
>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>> šbytes
>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>> šbytes
>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>> šprocesses
>>>> Max open files š š š š š š5000 š š š š š š š š 5000
>>>> files
>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>> šbytes
>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>> šlocks
>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>> šsignals
>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>> bytes
>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>> Units
>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>> šbytes
>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>> šbytes
>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>> šbytes
>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>> šprocesses
>>>> Max open files š š š š š š20192 š š š š š š š š20192
>>>> šfiles
>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>> šbytes
>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>> šlocks
>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>> šsignals
>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>> bytes
>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>> Units
>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>> šbytes
>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>> šbytes
>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>> šbytes
>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>> šprocesses
>>>> Max open files š š š š š š20192 š š š š š š š š20192
>>>> šfiles
>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>> šbytes
>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>> šlocks
>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>> šsignals
>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>> bytes
>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>> Units
>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>> šbytes
>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>> šbytes
>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>> šbytes
>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>> šprocesses
>>>> Max open files š š š š š š20192 š š š š š š š š20192
>>>> šfiles
>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>> šbytes
>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>> šlocks
>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>> šsignals
>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>> bytes
>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>> Units
>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>> šbytes
>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>> šbytes
>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>> šbytes
>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>> šprocesses
>>>> Max open files š š š š š š20192 š š š š š š š š20192
>>>> šfiles
>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>> šbytes
>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>> šbytes
>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>> šlocks
>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>> šsignals
>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>> bytes
>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>>
>>>>
>>>> 15 ÉÀÌÑ 2009 Ç. 12:09 ÐÏÌØÚÏ×ÁÔÅÌØ Gena Makhomed (gmm@xxxxxxxxx)
>>>> ÎÁÐÉÓÁÌ:
>>>>>
>>>>> On Wednesday, July 15, 2009 at 9:06:10, Artyom Nosov wrote:
>>>>>
>>>>>>> security-ÕÑÚ×ÉÍÏÓÔÅÊ × nginx ÐÏËÁ ÅÝÅ ÎÅ ÂÙÌÏ ÏÂÎÁÒÕÖÅÎÏ.
>>>>>>> É ÓÏÇÌÁÓÎÏ ÒÅÊÔÉÎÇÕ http://wiki.opennet.ru/SecurityTop
>>>>>>> nginx ×ÈÏÄÉÔ × ÞÉÓÌÏ ÐÒÏÇÒÁÍÍ Ó ÏÔÌÉÞÎÏÊ ÂÅÚÏÐÁÓÎÏÓÔØÀ.
>>>>>
>>>>> AN> òÅÊÔÉÎÇ ÜÔÏÔ ÓÌÕÖÉÔØ ÍÏÖÅÔ ÒÁÚ×Å ÞÔÏ ÄÌÑ ÕÓÔÒÁÛÅÎÉÑ ÎÏ×ÏÂÒÁÎÃÅ×.
>>>>>
>>>>> ÒÅÊÔÉÎÇ ÜÔÏÔ - ÄÌÑ ÔÏÇÏ ÞÔÏÂÙ ÍÏÖÎÏ ÂÙÌÏ ×ÙÂÒÁÔØ ÂÏÌÅÅ ÎÁÄÅÖÎÕÀ
>>>>> ÐÒÏÇÒÁÍÍÕ
>>>>> ÉÚ ÎÅÓËÏÌØËÉÈ ×ÁÒÉÁÎÔÏ×: sendmail/exim/postfix, proftpd/wuftpd/vsftpd É
>>>>> Ô.Ð.
>>>>>
>>>>> AN> ëÁË ×ÅÒÎÏ ÚÁÍÅÔÉÌ ÏÄÉÎ ÉÚ ÅÇÏ ÒÅÄÁËÔÏÒÏ×: Á postfix^Wnginx
>>>>> AN> ÓÏÂÒÁÎÎÙÊ Ó OpenSSL ÔÏÖÅ ÎÅÐÒÅÍÅÎÎÏ ÚÁ×ÏÒÁÞÉ×ÁÔØ × chroot?
>>>>>
>>>>> ÎÅÔ. ÎÏ ÂÅÚÏÐÁÓÎÏÓÔØ Õ nginx ÂÅÚ OpenSSL ×ÙÛÅ ÞÅÍ Õ nginx+OpenSSL.
>>>>> PS ÍÅÖÄÕ ÐÒÏÞÉÍ, "chroot is not and never has been a security tool".
>>>>>
>>>>> --
>>>>> Best regards,
>>>>> šGena
>>>>>
>>>>>
>>>>>
>
>
> --
> Sincerely,
>
> Artyom Nosov
> http://www.unixstyle.ru | JID chip@xxxxxxx | ICQ 128417264
>
>
|