Introduction
You might have noticed this error in your Nginx log file at some point, especially on larger WordPress sites.
2024/08/22 00:46:09 [alert] 364292#364292: setrlimit(RLIMIT_NOFILE, 25562325) failed (1: Operation not permitted)
What is setrlimit?
A Linux system has limits on what resources a process (application can utilize. It’s safeguards the system from keeling over.
A linux system as a number of limits, the C programming language has a function called setrlimit, which sets the maximum number of file descriptors that a process can open. A file descriptor is used to interact with an I/O resource such as a file or network socket.
When a process is running as root, setrlimit will increase the default operating system’s maximum number of open file descriptors, essentially open files and sockets. However, this command is restricted if an application is not running as root, the restrictions are set within /etc/security/limits.conf
For Nginx, the main process runs as root; however, the child process runs as www-data, which is a restricted account and can’t run setrlimit as it doesn’t have the appropriate permissions.
How can I increase the maximum number of file descriptors that a process can use?
There have two steps you’ll need to complete to increase the maximum number of file descriptors a process can use. Below are the steps.
Step 1 – Verifying and Setting sysctl file-max and nr_open values
First, we need to confirm that the operating system defaults will allow for an increase.
Check sysctl for file-max and nr_open values
> cat /proc/sys/fs/file-max 1048576 > cat /proc/sys/fs/nr_open 1048576
If the value is below the number mentioned in the error message (25562325) million, you’ll need to increase the value. You can do so by editing /etc/sysctl.conf
and add or modify the following line:
fs.file-max = 39326654 fs.nr_open=39326654
If you’re on GridPane, then fs.file-max will already be set to 39326654, but fs.nr_open will not be. So update this value and save the file.
You now need to apply the changes; make sure to have sysctl read the /etc/sysctl.conf file by running the following command
sysctl -p
Then verify the changes
> cat /proc/sys/fs/file-max 39326654 > cat /proc/sys/fs/nr_open 39326654
Step 2 – Allowing www-data to setrlimit to 39326654
Edit /etc/security/limits.conf and add the following
www-data soft nofile 1000000 www-data hard nofile 39326654
This will set the soft limit at 1,000,000 of which can be increased to 39,326,654 via setrlimit. This can be confirmed by running the following
❯ sudo -u www-data /bin/bash -c "ulimit -n" 1000000 ❯ sudo -u www-data /bin/bash -c "ulimit -Hn" 39326654
Viola, you’re good to go!
Conclusion
The Nginx error will no longer be showing, but keep an eye on the log as the requirement for more open descriptors might crop up again.