CentOS 7 raise nofile limit for Nginx
Updated at by ospiTwo ways to raise the nofile/max open files/file descriptors/file handles limit for Nginx in Centos 7. With Nginx running, checking current limit on master process
cat /proc/$(cat /var/run/nginx.pid)/limits|grep open.files
Max open files 1024 4096 files
And worker processes
ps --ppid $(cat /var/run/nginx.pid) -o %p|sed '1d'|xargs -I{} cat /proc/{}/limits|grep open.files
Max open files 1024 4096 files
Max open files 1024 4096 files
Trying with the worker_rlimit_nofile directive in /etc/nginx/nginx.conf fails as SELinux policy doesn't allow setrlimit. This is shown in /var/log/nginx/error.log
015/07/24 12:46:40 [alert] 12066#0: setrlimit(RLIMIT_NOFILE, 2342) failed (13: Permission denied)
And in /var/log/audit/audit.log
type=AVC msg=audit(1437731200.211:366): avc: denied { setrlimit } for pid=12066 comm="nginx" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process
Raise the limit by extending nginx.service configuration.
This will set fd limits for both, master and worker processes. Remove the worker_rlimit_nofile from /etc/nginx/nginx.conf and create a directory for nginx.service configuration
mkdir /etc/systemd/system/nginx.service.d
Add following to /etc/systemd/system/nginx.service.d/nofile_limit.conf
[Service]
LimitNOFILE=7777
Reload systemd daemon configuration and restart nginx
systemctl daemon-reload
systemctl restart nginx.service
Or set SELinux boolean httpd_setrlimit to true
This will set fd limits for the worker processes. Leave the worker_rlimit_nofile directive in /etc/nginx/nginx.conf and run the following as root
setsebool -P httpd_setrlimit 1
Wrong ways suggested by someone somewhere
- Adding LimitNOFILE to
/usr/lib/systemd/system/nginx.service, instead you can extend or override it. RHEL 7 - Documentation - Editing
/etc/security/limits.d/30-nginx.confor similar. It has no effect as/etc/security/limits.confonly sets limits for users logged in via PAM.