CentOS 7 raise nofile limit for Nginx

Updated at by

Two ways to raise the nofile/max open files/file descriptors/file handles limit for Nginx in Centos 7. With Nginx running, checking current limit on master process

cat /proc/$(cat /var/run/nginx.pid)/limits|grep open.files

Max open files            1024                 4096                 files

And worker processes

ps --ppid $(cat /var/run/nginx.pid) -o %p|sed '1d'|xargs -I{} cat /proc/{}/limits|grep open.files

Max open files            1024                 4096                 files     
Max open files            1024                 4096                 files 

Trying with the worker_rlimit_nofile directive in /etc/nginx/nginx.conf fails as SELinux policy doesn't allow setrlimit. This is shown in /var/log/nginx/error.log

015/07/24 12:46:40 [alert] 12066#0: setrlimit(RLIMIT_NOFILE, 2342) failed (13: Permission denied)

And in /var/log/audit/audit.log

type=AVC msg=audit(1437731200.211:366): avc:  denied  { setrlimit } for  pid=12066 comm="nginx" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process

Raise the limit by extending nginx.service configuration.

This will set fd limits for both, master and worker processes. Remove the worker_rlimit_nofile from /etc/nginx/nginx.conf and create a directory for nginx.service configuration

mkdir /etc/systemd/system/nginx.service.d

Add following to /etc/systemd/system/nginx.service.d/nofile_limit.conf


Reload systemd daemon configuration and restart nginx

systemctl daemon-reload
systemctl restart nginx.service

Or set SELinux boolean httpd_setrlimit to true

This will set fd limits for the worker processes. Leave the worker_rlimit_nofile directive in /etc/nginx/nginx.conf and run the following as root

setsebool -P httpd_setrlimit 1

Wrong ways suggested by someone somewhere

  • Adding LimitNOFILE to /usr/lib/systemd/system/nginx.service, instead you can extend or override it. RHEL 7 - Documentation
  • Editing /etc/security/limits.d/30-nginx.conf or similar. It has no effect as /etc/security/limits.conf only sets limits for users logged in via PAM.

Share on FacebookShare on Facebook Share on TwitterShare on Twitter

Leave a comment