Inode limit:
Tune Linux for Performance
etc/sysctl.conf
fs.file-max = 2097152
File descriptors/ max of open files
/etc/sysctl.conf
# Increase size of file handles and inode cache fs.file-max = 2097152
Show all system parameters with their values (default or changed)
sysctl -A
Show values of parameters modified by you
sysctl -p
what is ulimit and how to change it permanently?
Setting Soft/Hard
NoFiles 32768/65536
Filesize unlimited/unlimited
Data unlimited/unlimited
Stack unlimited/unlimited
Memory unlimited/unlimited
Coredump unlimited/unlimited
2. set permanent ulimit values at /etc/security/limits.conf
Restart the system:
esadmin system stopall
esadmin system startall
fs.file-max = 9223372036854775807
root@instance-1:~#
core file size (blocks, -c) 0
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 31814
max locked memory (kbytes, -l) 65536
max memory size (kbytes, -m) unlimited
open files (-n) 1024
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) 8192
cpu time (seconds, -t) unlimited
max user processes (-u) 31814
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
core file size (blocks, -c) unlimited
data seg size (kbytes, -d) unlimited
scheduling priority (-e) 0
file size (blocks, -f) unlimited
pending signals (-i) 31814
max locked memory (kbytes, -l) 65536
max memory size (kbytes, -m) unlimited
open files (-n) 1048576
pipe size (512 bytes, -p) 8
POSIX message queues (bytes, -q) 819200
real-time priority (-r) 0
stack size (kbytes, -s) unlimited
cpu time (seconds, -t) unlimited
max user processes (-u) 31814
virtual memory (kbytes, -v) unlimited
file locks (-x) unlimited
root@instance-1:~#
what is ulimit in linux?
Difference between hard & soft ulimits in linux?
A soft limit is like a warning and hard limit is a real max limit
0
unlimited
31814
118
ps -C httpd | wc -l
12
2
98
To know many file descriptors per process*?
data: Max data size (in KB)
fsize: Max file size (in KB).
memlock: Max locked-in-memory address space (in KB).
nofile: Max number of file descriptors
stack: Max size of the stack (in KB).
cpu: Maximum CPU time (in MIN).
maxlogins: Maximum number of logins for the current user/group
priority: Set the priority of the user’s processes
rtprio: Max priority in real-time.
do changes in /etc/security/limits.conf require a reboot?
No but you should close all active sessions windows.
fs.file-max vs ulimit
ulimit shows the per-process maximum open files by user
ulimit -n
1024
(system wide limit) file-max is the maximum File Descriptors (FD) enforced on a kernel level, which cannot be surpassed by all processes without increasing.
root@instance-1:~# cat /proc/sys/fs/file-max
9223372036854775807
temporary change ulimits for user until restart
-n processes
root@instance-1:~# ulimit -n
1024
ulimit -n 2048
root@instance-1:~# ulimit -n 2048
root@instance-1:~# ulimit -n
2048
root@instance-1:~#
What;s the difference between file descriptor and inode limits?
file descriptor: it is just an integer number that uniquely represents an opened file in operating system
-
User Level FD Limits
- /etc/security/limits.conf
-
www-data soft nproc 100000www-data soft nofile 10000012soft nofile 4096hard nofile 4096two file descriptors for each connection increase no file to support highload by os.File Descriptors (FD)worker_rlimit_nofile 100000;
nano /etc/sysctl.conf
### IMPROVE SYSTEM MEMORY MANAGEMENT ###
# Increase size of file handles and inode cachefs.file-max = 2097152# Do less swappingvm.swappiness = 10vm.dirty_ratio = 60vm.dirty_background_ratio = 2### GENERAL NETWORK SECURITY OPTIONS ###
# Number of times SYNACKs for passive TCP connection.net.ipv4.tcp_synack_retries = 2# Allowed local port rangenet.ipv4.ip_local_port_range = 2000 65535# Protect Against TCP Time-Waitnet.ipv4.tcp_rfc1337 = 1# Decrease the time default value for tcp_fin_timeout connectionnet.ipv4.tcp_fin_timeout = 15# Decrease the time default value for connections to keep alivenet.ipv4.tcp_keepalive_time = 300net.ipv4.tcp_keepalive_probes = 5net.ipv4.tcp_keepalive_intvl = 15### TUNING NETWORK PERFORMANCE ###
# Default Socket Receive Buffernet.core.rmem_default = 31457280# Maximum Socket Receive Buffernet.core.rmem_max = 12582912# Default Socket Send Buffernet.core.wmem_default = 31457280# Maximum Socket Send Buffernet.core.wmem_max = 12582912# Increase number of incoming connectionsnet.core.somaxconn = 65535# Increase number of incoming connections backlognet.core.netdev_max_backlog = 65535# Increase the maximum amount of option memory buffersnet.core.optmem_max = 25165824# Increase the maximum total buffer-space allocatable# This is measured in units of pages (4096 bytes)net.ipv4.tcp_mem = 65535 131072 262144net.ipv4.udp_mem = 65535 131072 262144# Increase the read-buffer space allocatablenet.ipv4.tcp_rmem = 8192 87380 16777216net.ipv4.udp_rmem_min = 16384# Increase the write-buffer-space allocatablenet.ipv4.tcp_wmem = 8192 65535 16777216net.ipv4.udp_wmem_min = 16384# Increase the tcp-time-wait buckets pool size to prevent simple DOS attacks
net.ipv4.tcp_max_tw_buckets = 1440000net.ipv4.tcp_tw_recycle = 1net.ipv4.tcp_tw_reuse = 1Paste this (at the end of the file) to /etc/security/limits.conf (using nano /etc/security/limits.conf) and save it,nginx soft nofile 2097152nginx hard nofile 2097152www-data soft nofile 2097152www-data hard nofile 2097152Paste this (at the end of the file) to /etc/pam.d/common-session (using nano /etc/pam.d/common-session) and save it,session required pam_limits.soChange listen.backlog in /etc/php5/fpm/pool.d/www.conf (using nano /etc/php5/fpm/pool.d/www.conf) and save it,listen.backlog = 65535 //default to systemChange worker_rlimit_nofile in /etc/nginx/nginx.conf (using nano /etc/nginx/nginx.conf) and save it,worker_rlimit_nofile 99999;And finally reboot 🙂Ephemeral ports – When used as a proxyTune file descriptor limits on Linux
Updating Default Kernel Parameter Settings
kernel.shmmax=1073741824 for 64-bit
kernel.msgmni=1024
fs.file-max=8192
kernel.sem=”250 32000 32 1024″
ubuntu 20.04 server optimization
-
Disable unnecessary daemons to save memory & cpu
Tuned – Automatic Performance Tuning of CentOS/RHEL Servers
how to apply changes to /etc/security/limits.conf immediately
applies after reboot
without reboot, modify /etc/pam.d/common-session by adding this line at the end of file:
session required pam_limits.so
logout & login