ðòïåëôù 


  áòèé÷ 


Apache-Talk @lexa.ru 

Inet-Admins @info.east.ru 

Filmscanners @halftone.co.uk 

Security-alerts @yandex-team.ru 

nginx-ru @sysoev.ru 


  óôáôøé 


  ðåòóïîáìøîïå 


  ðòïçòáííù 



ðéûéôå
ðéóøíá












     áòèé÷ :: nginx-ru
Nginx-ru mailing list archive (nginx-ru@sysoev.ru)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Too many open files



ðÏÓÌÅ ÔÏÇÏ ËÁË ÐÒÏÐÉÓÁÌ
ulimit -n 50000

× /etc/sysconfig/nginx

÷Ù×ÏÄ ËÏÍÁÎÄÙ for pid in $(pgrep nginx); do cat /proc/$pid/limits;
done ÐÏËÁÚÙ×ÁÅÔ:
Max open files            8192

á × nginx.conf ÉÍÅÅÍ:
worker_rlimit_nofile  8192;

ô.Å nginx ÓÔÁÌ ÕÓÔÁÎÁ×ÌÉ×ÁÔØ ÌÉÍÉÔ ÓÏÇÌÁÓÎÏ ÜÔÏÊ ÄÉÒÅËÔÉ×Å, ÄÏ ÜÔÏÇÏ
ÏÎ ÎÅ ÍÅÎÑÌÓÑ ×ÉÄÉÍÏ ÐÏ ÔÏÍÕ ÞÔÏ nginx ÎÅ ÍÏÇ ÅÇÏ ÐÏÍÅÎÑÔØ ÉÚ-ÚÁ
ÓÔÁÎÄÁÒÔÎÏÇÏ ÌÉÍÉÔÁ × 1024 ÉÌÉ 4096.

17 ÉÀÌÑ 2009 Ç. 20:38 ÐÏÌØÚÏ×ÁÔÅÌØ áÌÅËÓÅÊ (systeamx@xxxxxxxxx) ÎÁÐÉÓÁÌ:
> úÁÍÅÔÉÌ ÞÔÏ ÌÉÍÉÔ ÐÏÌÕÞÉÌÏÓØ ÓÍÅÎÉÔØ ÔÏÌØËÏ ÎÁ ÏÄÎÏÍ ÓÅÒ×ÅÒÅ - ÎÁ
> ÏÓÔÁÌØÎÙÈ 4096 É ÎÅ ÍÅÎÑÅÔÓÑ ÎÉËÕÄÁ.
> Nginx ÐÒÏÂÏ×ÁÌ ÚÁÐÕÓËÁÔØ ÐÏ ÒÁÚÎÏÍÕ ÎÅ ÐÏÍÏÇÌÏ. îÁ×ÅÒÎÏÅ ÔÏÌØËÏ
> ÐÒÏÐÉÓÙ×ÁÔØ ulimit -n ÎÁÐÒÑÍÕÀ.
>
> 17 ÉÀÌÑ 2009 Ç. 16:24 ÐÏÌØÚÏ×ÁÔÅÌØ Artyom Nosov (chip@xxxxxxxxxxxx) ÎÁÐÉÓÁÌ:
>> ëÁË ÁÌØÔÅÒÎÁÔÉ×ÎÙÊ ×ÁÒÉÁÎÔ, ÍÏÖÎÏ ÐÒÏÐÉÓÁÔØ × /etc/sysconfig/nginx (ÅÓÌÉ
>> nginx ÕÓÔÁÎÁ×ÌÉ×ÁÌÓÑ ÉÚ EPEL ÜÔÏÔ ÆÁÊÌ ÐÏÄËÌÀÞÁÅÔÓÑ ÓËÒÉÐÔÏÍ
>> /etc/init.d/nginx) ÓÔÒÏÞËÕ
>>
>> ulimit -n <ÎÅÏÂÈÏÄÉÍÏ_ËÏÌÉÞÅÓÔ×Ï>
>>
>> áÌÅËÓÅÊ wrote:
>>>
>>> ëÁÖÅÔÓÑ ÐÏÎÑÌ × Þ£Í ÂÙÌÁ ÐÒÏÂÌÅÍÁ.
>>>
>>> ÷ /etc/security/limits.conf ÎÅ ÂÙÌÏ ÐÒÏÐÉÓÁÎÏ ÈÁÒÄ ÌÉÍÉÔÁ, Ñ ÄÕÍÁÌ ÞÔÏ
>>> ÒÁÎÅÅ ÅÇÏ ÐÒÏÐÉÓÁÌ ÎÏ ×ÉÄÉÍÏ ×Ó£-ÔÁËÉ ÎÅÔ.
>>> ëÁË ÔÏÌØËÏ ÐÒÏÐÉÓÁÌ ÓÒÁÚÕ ÓÔÁÌÏ ×ÙÄÁ×ÁÔØ
>>> root@*** [~]# ulimit -n
>>> 50000
>>>
>>> é nginx ÂÏÌØÛÅ ÎÅ ÒÕÇÁÅÔÓÑ.
>>>
>>> 17 ÉÀÌÑ 2009 Ç. 6:17 ÐÏÌØÚÏ×ÁÔÅÌØ áÌÅËÓÅÊ (systeamx@xxxxxxxxx) ÎÁÐÉÓÁÌ:
>>>>
>>>> åÝ£ ÄÏÂÁ×ÌÀ:
>>>>
>>>> ðÒÏÂÏ×ÁÌ × nginx.conf ÐÒÏÐÉÓÙ×ÁÔØ:
>>>>
>>>> user nginx;
>>>>
>>>> îÏ ×Ó£ ÒÁ×ÎÏ ÚÎÁÞÅÎÉÅ ÌÉÍÉÔÁ Max open files ÏÎ ÂÅÒ£Ô ÉÚ ÏÇÒÁÎÉÞÅÎÉÊ
>>>> root'a, ÐÏÓËÏÌØËÕ ÍÁÓÔÅÒ ÐÒÏÃÅÓÓ ÚÁÐÕÓËÁÅÔÓÑ ÏÔ ÎÅÇÏ.
>>>> worker_rlimit_nofile ÓÔÁ×ÉÌ ÏÇÒÏÍÎÙÊ ÎÏ ÜÔÏ ÎÉËÁË ÎÅ ÐÏÍÏÇÌÏ - ÐÏËÁ ÎÅ
>>>> ×ÙÐÏÌÎÉÔØ ulimit -n 5000 ÐÏÄ ÒÕÔÏÍ ÜÆÆÅËÔÁ ÎÉËÁËÏÇÏ ÎÅÔ.
>>>>
>>>> ÷ÏÔ ÔÏÌØËÏ ËÁË ÐÅÒÍÁÎÅÎÔÎÏ Õ×ÅÌÉÞÉÔØ ÓÔÁÎÄÁÒÔÎÙÊ ÌÉÍÉÔ ÄÌÑ ÒÕÔÁ -
>>>> ÏÓÔÁ£ÔÓÑ ×ÏÐÒÏÓ.
>>>>
>>>> 17 ÉÀÌÑ 2009 Ç. 6:08 ÐÏÌØÚÏ×ÁÔÅÌØ áÌÅËÓÅÊ (systeamx@xxxxxxxxx) ÎÁÐÉÓÁÌ:
>>>>>
>>>>> C ËÁÎÁÌÏÍ ×Ó£ × ÐÏÒÑÄËÅ, ÂÏÌØÛÅ 1024 ÆÁÊÌÏ× ÉÚ-ÚÁ bytes-log'Ï× ÄÌÑ
>>>>> ËÁÖÄÏÇÏ ÄÏÍÅÎÁ.
>>>>>
>>>>> óÅÊÞÁÓ ÐÏÐÒÏÂÏ×ÁÌ ulimit -n 5000 (ÐÏÄ ÒÕÔÏÍ), ÐÏÓÌÅ ÜÔÏÇÏ nginx
>>>>> ÚÁÐÕÓËÁÅÔÓÑ ÂÅÚ ÏÛÉÂÏË.
>>>>>
>>>>> ëÁË ÍÏÖÎÏ ÅÇÏ ÚÁÐÕÓÔÉÔØ ÏÔ ÐÏÌØÚÏ×ÁÔÅÌÑ nginx? îÕÖÎÏ ËÁË-ÔÏ ÉÚÍÅÎÑÔØ
>>>>> init ÓËÒÉÐÔ ÎÁÓËÏÌØËÏ Ñ ÐÏÎÉÍÁÀ É ÐÒÏÐÉÓÙ×ÁÔØ ÒÁÚÒÅÛÅÎÉÑ ×
>>>>> /etc/sudoers.
>>>>> ïÂØÑÓÎÉÔÅ ÐÏÄÒÏÂÎÅÅ ÐÏÖÁÌÕÊÓÔÁ.
>>>>>
>>>>> é ÅÝ£:
>>>>>
>>>>> root@*** [~]# for pid in $(pgrep nginx); do cat /proc/$pid/limits; done
>>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>>> Units
>>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>>> šbytes
>>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>>> šbytes
>>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>>> šprocesses
>>>>> Max open files š š š š š š5000 š š š š š š š š 5000
>>>>> files
>>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>>> šbytes
>>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>>> šlocks
>>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>>> šsignals
>>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>>> bytes
>>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>>> Units
>>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>>> šbytes
>>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>>> šbytes
>>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>>> šprocesses
>>>>> Max open files š š š š š š20192 š š š š š š š š20192
>>>>> šfiles
>>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>>> šbytes
>>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>>> šlocks
>>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>>> šsignals
>>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>>> bytes
>>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>>> Units
>>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>>> šbytes
>>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>>> šbytes
>>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>>> šprocesses
>>>>> Max open files š š š š š š20192 š š š š š š š š20192
>>>>> šfiles
>>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>>> šbytes
>>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>>> šlocks
>>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>>> šsignals
>>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>>> bytes
>>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>>> Units
>>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>>> šbytes
>>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>>> šbytes
>>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>>> šprocesses
>>>>> Max open files š š š š š š20192 š š š š š š š š20192
>>>>> šfiles
>>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>>> šbytes
>>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>>> šlocks
>>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>>> šsignals
>>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>>> bytes
>>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>>> Limit š š š š š š š š š š Soft Limit š š š š š Hard Limit
>>>>> Units
>>>>> Max cpu time š š š š š š šunlimited š š š š š šunlimited š š š š š šms
>>>>> Max file size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max data size š š š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max stack size š š š š š š8388608 š š š š š š šunlimited
>>>>> šbytes
>>>>> Max core file size š š š š0 š š š š š š š š š šunlimited
>>>>> šbytes
>>>>> Max resident set š š š š šunlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max processes š š š š š š 57344 š š š š š š š š57344
>>>>> šprocesses
>>>>> Max open files š š š š š š20192 š š š š š š š š20192
>>>>> šfiles
>>>>> Max locked memory š š š š 65536 š š š š š š š š65536
>>>>> šbytes
>>>>> Max address space š š š š unlimited š š š š š šunlimited
>>>>> šbytes
>>>>> Max file locks š š š š š šunlimited š š š š š šunlimited
>>>>> šlocks
>>>>> Max pending signals š š š 57344 š š š š š š š š57344
>>>>> šsignals
>>>>> Max msgqueue size š š š š 819200 š š š š š š š 819200
>>>>> bytes
>>>>> Max nice priority š š š š 0 š š š š š š š š š š0
>>>>> Max realtime priority š š 0 š š š š š š š š š š0
>>>>> Max realtime timeout š š šunlimited š š š š š šunlimited š š š š š šus
>>>>>
>>>>>
>>>>> 15 ÉÀÌÑ 2009 Ç. 12:09 ÐÏÌØÚÏ×ÁÔÅÌØ Gena Makhomed (gmm@xxxxxxxxx)
>>>>> ÎÁÐÉÓÁÌ:
>>>>>>
>>>>>> On Wednesday, July 15, 2009 at 9:06:10, Artyom Nosov wrote:
>>>>>>
>>>>>>>> security-ÕÑÚ×ÉÍÏÓÔÅÊ × nginx ÐÏËÁ ÅÝÅ ÎÅ ÂÙÌÏ ÏÂÎÁÒÕÖÅÎÏ.
>>>>>>>> É ÓÏÇÌÁÓÎÏ ÒÅÊÔÉÎÇÕ http://wiki.opennet.ru/SecurityTop
>>>>>>>> nginx ×ÈÏÄÉÔ × ÞÉÓÌÏ ÐÒÏÇÒÁÍÍ Ó ÏÔÌÉÞÎÏÊ ÂÅÚÏÐÁÓÎÏÓÔØÀ.
>>>>>>
>>>>>> AN> òÅÊÔÉÎÇ ÜÔÏÔ ÓÌÕÖÉÔØ ÍÏÖÅÔ ÒÁÚ×Å ÞÔÏ ÄÌÑ ÕÓÔÒÁÛÅÎÉÑ ÎÏ×ÏÂÒÁÎÃÅ×.
>>>>>>
>>>>>> ÒÅÊÔÉÎÇ ÜÔÏÔ - ÄÌÑ ÔÏÇÏ ÞÔÏÂÙ ÍÏÖÎÏ ÂÙÌÏ ×ÙÂÒÁÔØ ÂÏÌÅÅ ÎÁÄÅÖÎÕÀ
>>>>>> ÐÒÏÇÒÁÍÍÕ
>>>>>> ÉÚ ÎÅÓËÏÌØËÉÈ ×ÁÒÉÁÎÔÏ×: sendmail/exim/postfix, proftpd/wuftpd/vsftpd É
>>>>>> Ô.Ð.
>>>>>>
>>>>>> AN> ëÁË ×ÅÒÎÏ ÚÁÍÅÔÉÌ ÏÄÉÎ ÉÚ ÅÇÏ ÒÅÄÁËÔÏÒÏ×: Á postfix^Wnginx
>>>>>> AN> ÓÏÂÒÁÎÎÙÊ Ó OpenSSL ÔÏÖÅ ÎÅÐÒÅÍÅÎÎÏ ÚÁ×ÏÒÁÞÉ×ÁÔØ × chroot?
>>>>>>
>>>>>> ÎÅÔ. ÎÏ ÂÅÚÏÐÁÓÎÏÓÔØ Õ nginx ÂÅÚ OpenSSL ×ÙÛÅ ÞÅÍ Õ nginx+OpenSSL.
>>>>>> PS ÍÅÖÄÕ ÐÒÏÞÉÍ, "chroot is not and never has been a security tool".
>>>>>>
>>>>>> --
>>>>>> Best regards,
>>>>>> šGena
>>>>>>
>>>>>>
>>>>>>
>>
>>
>> --
>> Sincerely,
>>
>> Artyom Nosov
>> http://www.unixstyle.ru | JID chip@xxxxxxx | ICQ 128417264
>>
>>
>


 




Copyright © Lexa Software, 1996-2009.