Nginx-ru mailing list archive (nginx-ru@sysoev.ru)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Too many open files
ëÁÖÅÔÓÑ ÐÏÎÑÌ × Þ£Í ÂÙÌÁ ÐÒÏÂÌÅÍÁ.
÷ /etc/security/limits.conf ÎÅ ÂÙÌÏ ÐÒÏÐÉÓÁÎÏ ÈÁÒÄ ÌÉÍÉÔÁ, Ñ ÄÕÍÁÌ ÞÔÏ
ÒÁÎÅÅ ÅÇÏ ÐÒÏÐÉÓÁÌ ÎÏ ×ÉÄÉÍÏ ×Ó£-ÔÁËÉ ÎÅÔ.
ëÁË ÔÏÌØËÏ ÐÒÏÐÉÓÁÌ ÓÒÁÚÕ ÓÔÁÌÏ ×ÙÄÁ×ÁÔØ
root@*** [~]# ulimit -n
50000
é nginx ÂÏÌØÛÅ ÎÅ ÒÕÇÁÅÔÓÑ.
17 ÉÀÌÑ 2009 Ç. 6:17 ÐÏÌØÚÏ×ÁÔÅÌØ áÌÅËÓÅÊ (systeamx@xxxxxxxxx) ÎÁÐÉÓÁÌ:
> åÝ£ ÄÏÂÁ×ÌÀ:
>
> ðÒÏÂÏ×ÁÌ × nginx.conf ÐÒÏÐÉÓÙ×ÁÔØ:
>
> user nginx;
>
> îÏ ×Ó£ ÒÁ×ÎÏ ÚÎÁÞÅÎÉÅ ÌÉÍÉÔÁ Max open files ÏÎ ÂÅÒ£Ô ÉÚ ÏÇÒÁÎÉÞÅÎÉÊ
> root'a, ÐÏÓËÏÌØËÕ ÍÁÓÔÅÒ ÐÒÏÃÅÓÓ ÚÁÐÕÓËÁÅÔÓÑ ÏÔ ÎÅÇÏ.
> worker_rlimit_nofile ÓÔÁ×ÉÌ ÏÇÒÏÍÎÙÊ ÎÏ ÜÔÏ ÎÉËÁË ÎÅ ÐÏÍÏÇÌÏ - ÐÏËÁ ÎÅ
> ×ÙÐÏÌÎÉÔØ ulimit -n 5000 ÐÏÄ ÒÕÔÏÍ ÜÆÆÅËÔÁ ÎÉËÁËÏÇÏ ÎÅÔ.
>
> ÷ÏÔ ÔÏÌØËÏ ËÁË ÐÅÒÍÁÎÅÎÔÎÏ Õ×ÅÌÉÞÉÔØ ÓÔÁÎÄÁÒÔÎÙÊ ÌÉÍÉÔ ÄÌÑ ÒÕÔÁ -
> ÏÓÔÁ£ÔÓÑ ×ÏÐÒÏÓ.
>
> 17 ÉÀÌÑ 2009 Ç. 6:08 ÐÏÌØÚÏ×ÁÔÅÌØ áÌÅËÓÅÊ (systeamx@xxxxxxxxx) ÎÁÐÉÓÁÌ:
>> C ËÁÎÁÌÏÍ ×Ó£ × ÐÏÒÑÄËÅ, ÂÏÌØÛÅ 1024 ÆÁÊÌÏ× ÉÚ-ÚÁ bytes-log'Ï× ÄÌÑ
>> ËÁÖÄÏÇÏ ÄÏÍÅÎÁ.
>>
>> óÅÊÞÁÓ ÐÏÐÒÏÂÏ×ÁÌ ulimit -n 5000 (ÐÏÄ ÒÕÔÏÍ), ÐÏÓÌÅ ÜÔÏÇÏ nginx
>> ÚÁÐÕÓËÁÅÔÓÑ ÂÅÚ ÏÛÉÂÏË.
>>
>> ëÁË ÍÏÖÎÏ ÅÇÏ ÚÁÐÕÓÔÉÔØ ÏÔ ÐÏÌØÚÏ×ÁÔÅÌÑ nginx? îÕÖÎÏ ËÁË-ÔÏ ÉÚÍÅÎÑÔØ
>> init ÓËÒÉÐÔ ÎÁÓËÏÌØËÏ Ñ ÐÏÎÉÍÁÀ É ÐÒÏÐÉÓÙ×ÁÔØ ÒÁÚÒÅÛÅÎÉÑ ×
>> /etc/sudoers.
>> ïÂØÑÓÎÉÔÅ ÐÏÄÒÏÂÎÅÅ ÐÏÖÁÌÕÊÓÔÁ.
>>
>> é ÅÝ£:
>>
>> root@*** [~]# for pid in $(pgrep nginx); do cat /proc/$pid/limits; done
>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
>> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
>> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
>> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
>> Max open files š š š š š š5000 š š š š š š š š 5000 š š š š š š š š files
>> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
>> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
>> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
>> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
>> Max nice priority š š š š 0 š š š š š š š š š š0
>> Max realtime priority š š 0 š š š š š š š š š š0
>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
>> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
>> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
>> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
>> Max open files š š š š š š20192 š š š š š š š š20192 š š š š š š š šfiles
>> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
>> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
>> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
>> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
>> Max nice priority š š š š 0 š š š š š š š š š š0
>> Max realtime priority š š 0 š š š š š š š š š š0
>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
>> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
>> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
>> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
>> Max open files š š š š š š20192 š š š š š š š š20192 š š š š š š š šfiles
>> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
>> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
>> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
>> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
>> Max nice priority š š š š 0 š š š š š š š š š š0
>> Max realtime priority š š 0 š š š š š š š š š š0
>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
>> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
>> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
>> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
>> Max open files š š š š š š20192 š š š š š š š š20192 š š š š š š š šfiles
>> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
>> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
>> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
>> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
>> Max nice priority š š š š 0 š š š š š š š š š š0
>> Max realtime priority š š 0 š š š š š š š š š š0
>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit š š š š š Units
>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>> Max file size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max data size š š š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max stack size š š š š š š8388608 š š š š š š šunlimited š š š š š šbytes
>> Max core file size š š š š0 š š š š š š š š š šunlimited š š š š š šbytes
>> Max resident set š š š š šunlimited š š š š š šunlimited š š š š š šbytes
>> Max processes š š š š š š 57344 š š š š š š š š57344 š š š š š š š šprocesses
>> Max open files š š š š š š20192 š š š š š š š š20192 š š š š š š š šfiles
>> Max locked memory š š š š 65536 š š š š š š š š65536 š š š š š š š šbytes
>> Max address space š š š š unlimited š š š š š šunlimited š š š š š šbytes
>> Max file locks š š š š š šunlimited š š š š š šunlimited š š š š š šlocks
>> Max pending signals š š š 57344 š š š š š š š š57344 š š š š š š š šsignals
>> Max msgqueue size š š š š 819200 š š š š š š š 819200 š š š š š š š bytes
>> Max nice priority š š š š 0 š š š š š š š š š š0
>> Max realtime priority š š 0 š š š š š š š š š š0
>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>
>>
>> 15 ÉÀÌÑ 2009 Ç. 12:09 ÐÏÌØÚÏ×ÁÔÅÌØ Gena Makhomed (gmm@xxxxxxxxx) ÎÁÐÉÓÁÌ:
>>> On Wednesday, July 15, 2009 at 9:06:10, Artyom Nosov wrote:
>>>
>>>>> security-ÕÑÚ×ÉÍÏÓÔÅÊ × nginx ÐÏËÁ ÅÝÅ ÎÅ ÂÙÌÏ ÏÂÎÁÒÕÖÅÎÏ.
>>>>> É ÓÏÇÌÁÓÎÏ ÒÅÊÔÉÎÇÕ http://wiki.opennet.ru/SecurityTop
>>>>> nginx ×ÈÏÄÉÔ × ÞÉÓÌÏ ÐÒÏÇÒÁÍÍ Ó ÏÔÌÉÞÎÏÊ ÂÅÚÏÐÁÓÎÏÓÔØÀ.
>>>
>>> AN> òÅÊÔÉÎÇ ÜÔÏÔ ÓÌÕÖÉÔØ ÍÏÖÅÔ ÒÁÚ×Å ÞÔÏ ÄÌÑ ÕÓÔÒÁÛÅÎÉÑ ÎÏ×ÏÂÒÁÎÃÅ×.
>>>
>>> ÒÅÊÔÉÎÇ ÜÔÏÔ - ÄÌÑ ÔÏÇÏ ÞÔÏÂÙ ÍÏÖÎÏ ÂÙÌÏ ×ÙÂÒÁÔØ ÂÏÌÅÅ ÎÁÄÅÖÎÕÀ ÐÒÏÇÒÁÍÍÕ
>>> ÉÚ ÎÅÓËÏÌØËÉÈ ×ÁÒÉÁÎÔÏ×: sendmail/exim/postfix, proftpd/wuftpd/vsftpd É Ô.Ð.
>>>
>>> AN> ëÁË ×ÅÒÎÏ ÚÁÍÅÔÉÌ ÏÄÉÎ ÉÚ ÅÇÏ ÒÅÄÁËÔÏÒÏ×: Á postfix^Wnginx
>>> AN> ÓÏÂÒÁÎÎÙÊ Ó OpenSSL ÔÏÖÅ ÎÅÐÒÅÍÅÎÎÏ ÚÁ×ÏÒÁÞÉ×ÁÔØ × chroot?
>>>
>>> ÎÅÔ. ÎÏ ÂÅÚÏÐÁÓÎÏÓÔØ Õ nginx ÂÅÚ OpenSSL ×ÙÛÅ ÞÅÍ Õ nginx+OpenSSL.
>>> PS ÍÅÖÄÕ ÐÒÏÞÉÍ, "chroot is not and never has been a security tool".
>>>
>>> --
>>> Best regards,
>>> šGena
>>>
>>>
>>>
>>
>
|
