RAaz Kumar .com

wordpress tutorials seo hosting etc

linux security limits.conf deciding user limits process limits for nginx server

 

cat /etc/security/limits.conf

nofilemax number of open file descriptors

nprocmax number of processes

 

Optimizing for lemp stack

 

* soft nofile 1024000
* hard nofile 1024000
* soft nproc 640000
* hard nproc 640000
root soft nproc 1000000
root soft nproc 100000
root soft nofile 100000
root hard nofile 100000

 

Means any user except root  (mysql, www-data or nginx, php-fpm user also www-data) and other redis, memcached etc)

System level limits configured at sysctl.conf

fs.file.max= max available files descriptors (10% of RAM is safe 1GB = 1M files)

fs.nr_open=  open files for process

 

you may check current running process by htop command

Current opened files & max files by  this command

 

reloading security/limits.conf

/etc/ssh/sshd_config has UsePAM yes

Reload ssh service

service reload sshd

reload /etc/security/limits.conf without reboot server

1 : session required pam

2: add dynamic setting in command line & permanent in conf file

No but you should close all active sessions windows. They still remember the old values. In other words, log out and back in. Every remote new session or a local secure shell take effect of the limits changes.

Changing setting values with Ulimit command

ulimit command is pretty useful but changes or not permanent.

if system restarts data will be wiped in memory.

for permanent changes  to save a file. limits.conf

 

ulimit command is helpful to know current settings and adjust new settings instantly in shared memory.

follow ulimit command tutorial here.

root@instance-1:~# cat /etc/security/limits.conf
# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain> <type> <item> <value>
#
#Where:
#<domain> can be:
# – a user name
# – a group name, with @group syntax
# – the wildcard *, for default entry
# – the wildcard %, can be also used with %group syntax,
# for max login limit
# – NOTE: group and wildcard limits are not applied to root.
# To apply a limit to the root user, <domain> must be
# the literal username root.
#
#<type> can have the two values:
# – “soft” for enforcing the soft limits
# – “hard” for enforcing hard limits
#
#<item> can be one of the following:
# – core – limits the core file size (KB)
# – data – max data size (KB)
# – fsize – maximum file size (KB)
# – memlock – max locked-in-memory address space (KB)
# – nofilemax number of open file descriptors
# – rss – max resident set size (KB)
# – stack – max stack size (KB)
# – cpu – max CPU time (MIN)
# – nprocmax number of processes
# – as – address space limit (KB)
# – maxlogins – max number of logins for this user
# – maxsyslogins – max number of logins on the system
# – priority – the priority to run user process with
# – locks – max number of file locks the user can hold
# – sigpending – max number of pending signals
# – msgqueue – max memory used by POSIX message queues (bytes)
# – nice – max nice priority allowed to raise to values: [-20, 19]
# – rtprio – max realtime priority
# – chroot – change root to directory (Debian-specific)
#
#<domain> <type> <item> <value>
#

#* soft core 0

#root hard core 100000
#* hard rss 10000
#@student hard nproc 20
#@faculty soft nproc 20
#@faculty hard nproc 50
#ftp hard nproc 0
#ftp – chroot /ftp
#@student – maxlogins 4

# End of file

 

Every process need at least 1-3 file descriptors or open files, every network connection = process/ thread

 

Don’t’ forget to set No Limit files values in mysql.php-fpm,nginx config files

verify those because those are mostly system defaults.

Faqs on etc/security/limits.conf

What is soft limit and hard limit in Linux?

soft limit can stretch upto hard limit. (maximum value that is allowed for the soft limit.)

A soft limit can be changed by the process at any time

Hard limit needed root access. (can only be raised by root)

root@instance-1:~# ulimit -Hn
100000
root@instance-1:~# ulimit -Sn
100000

root@instance-1:~# ulimit -n (default is soft limit for process)
100000

Do changes in ETC security limits Conf require a reboot?

Yep! only /etc/security/limis.conf

to avoid use ulimit command to set values shared memory until restart

also add same values in sysctl.conf and security/limits.conf

 

How do I increase the file descriptor limit in Linux?

first you have to increase at system level based on 10% of RAM in Kilobytes.
and user level limit security/limits.conf

How do I increase open limit in Linux?

first check the current open file limit for current logged in user
root@instance-1:~# ulimit -n
100000
its for current logged in user,
2nd step also check sysctl,conf
to know system wide limits
root@instance-1:~# cat /proc/sys/fs/file-max
2097152
above 2097152/1000= 2097 Equals to 10% 2 GB
sysctl -w fs.file-max=1000000
sysctl -p
3 edit nano /etc/security/limits.conf
nginx soft nofile 4096
nginx hard nofile 10240

Server Admin Cloud

 

Installing Nginx LEMP On ubuntu

Installing apache Lamp ubuntu

nginx fastcgi cache enable

php – fpm install  & Configuration

Opcache install & Configure

php -fpm pool manager explained

Mysql Install & Configuration

Redis Object cache install & configure

 

Nginx as Reverse Proxy and Load balancer

Load Balance / auto scaling in google cloud

Linux Commands PDF

Mysql Commands Pdf

Letsencrypt tutorial

mysqldump export & import 

Pagespeed Module install & configure

nginx.conf best file

mysql.conf best file

upgrade ubuntu

wordpress

 

Top 5  WP Google Analytics Plugins

WP Backup Plugins

Wp Comment Plugins

Top wordpress Security Plugins

WP Seo Plugins

WP Caching Plugins

Best Adsense Plugins for WordPress

Wp social Sharing Plugins

autoshare social media plugins

WP speed Optimization Plugins

Speedup WordPress google Score

More Wp tuts