cat /etc/security/limits.conf
nofile – max number of open file descriptors
nproc – max number of processes
Optimizing for lemp stack
* soft nofile 1024000
* hard nofile 1024000
* soft nproc 640000
* hard nproc 640000
root soft nproc 1000000
root soft nproc 100000
root soft nofile 100000
root hard nofile 100000
Means any user except root (mysql, www-data or nginx, php-fpm user also www-data) and other redis, memcached etc)
System level limits configured at sysctl.conf
fs.file.max= max available files descriptors (10% of RAM is safe 1GB = 1M files)
fs.nr_open= open files for process
you may check current running process by htop command
Current opened files & max files by this command
reloading security/limits.conf
/etc/ssh/sshd_config has UsePAM yes
Reload ssh service
service reload sshd
reload /etc/security/limits.conf without reboot server
1 : session required pam
2: add dynamic setting in command line & permanent in conf file
No but you should close all active sessions windows. They still remember the old values. In other words, log out and back in. Every remote new session or a local secure shell take effect of the limits changes.
Changing setting values with Ulimit command
ulimit command is pretty useful but changes or not permanent.
if system restarts data will be wiped in memory.
for permanent changes to save a file. limits.conf
ulimit command is helpful to know current settings and adjust new settings instantly in shared memory.
follow ulimit command tutorial here.
root@instance-1:~# cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# – a user name
# – a group name, with @group syntax
# – the wildcard *, for default entry
# – the wildcard %, can be also used with %group syntax,
# for max login limit
# – NOTE: group and wildcard limits are not applied to root.
# To apply a limit to the root user, <domain> must be
# the literal username root.
#
#<type> can have the two values:
# – “soft” for enforcing the soft limits
# – “hard” for enforcing hard limits
#
#<item> can be one of the following:
# – core – limits the core file size (KB)
# – data – max data size (KB)
# – fsize – maximum file size (KB)
# – memlock – max locked-in-memory address space (KB)
# – nofile – max number of open file descriptors
# – rss – max resident set size (KB)
# – stack – max stack size (KB)
# – cpu – max CPU time (MIN)
# – nproc – max number of processes
# – as – address space limit (KB)
# – maxlogins – max number of logins for this user
# – maxsyslogins – max number of logins on the system
# – priority – the priority to run user process with
# – locks – max number of file locks the user can hold
# – sigpending – max number of pending signals
# – msgqueue – max memory used by POSIX message queues (bytes)
# – nice – max nice priority allowed to raise to values: [-20, 19]
# – rtprio – max realtime priority
# – chroot – change root to directory (Debian-specific)
#
#<domain> <type> <item> <value>
#
#* soft core 0
#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp – chroot /ftp
#@student – maxlogins 4
# End of file
Every process need at least 1-3 file descriptors or open files, every network connection = process/ thread
Don’t’ forget to set No Limit files values in mysql.php-fpm,nginx config files
verify those because those are mostly system defaults.
Faqs on etc/security/limits.conf
What is soft limit and hard limit in Linux?
soft limit can stretch upto hard limit. (maximum value that is allowed for the soft limit.)
A soft limit can be changed by the process at any time
Hard limit needed root access. (can only be raised by root)
root@instance-1:~# ulimit -Hn
100000
root@instance-1:~# ulimit -Sn
100000
root@instance-1:~# ulimit -n (default is soft limit for process)
100000
Do changes in ETC security limits Conf require a reboot?
Yep! only /etc/security/limis.conf
to avoid use ulimit command to set values shared memory until restart
also add same values in sysctl.conf and security/limits.conf
How do I increase the file descriptor limit in Linux?
How do I increase open limit in Linux?
100000
2097152
nginx hard nofile 10240