Nginx Error: setrlimit(RLIMIT_NOFILE, 25562325) failed (1: Operation not permitted)

Introduction

You might have noticed this error in your Nginx log file at some point, especially on larger WordPress sites.

2024/08/22 00:46:09 [alert] 364292#364292: setrlimit(RLIMIT_NOFILE, 25562325) failed (1: Operation not permitted)

What is setrlimit?

A Linux system has limits on what resources a process (application can utilize. It’s safeguards the system from keeling over.

A linux system as a number of limits, the C programming language has a function called setrlimit, which sets the maximum number of file descriptors that a process can open. A file descriptor is used to interact with an I/O resource such as a file or network socket.

When a process is running as root, setrlimit will increase the default operating system’s maximum number of open file descriptors, essentially open files and sockets. However, this command is restricted if an application is not running as root, the restrictions are set within /etc/security/limits.conf

For Nginx, the main process runs as root; however, the child process runs as www-data, which is a restricted account and can’t run setrlimit as it doesn’t have the appropriate permissions.

How can I increase the maximum number of file descriptors that a process can use?

There have two steps you’ll need to complete to increase the maximum number of file descriptors a process can use. Below are the steps.

Step 1 – Verifying and Setting sysctl file-max and nr_open values

First, we need to confirm that the operating system defaults will allow for an increase.

Check sysctl for file-max and nr_open values

> cat /proc/sys/fs/file-max
1048576
> cat /proc/sys/fs/nr_open
1048576

If the value is below the number mentioned in the error message (25562325) million, you’ll need to increase the value. You can do so by editing /etc/sysctl.conf and add or modify the following line:

fs.file-max = 39326654
fs.nr_open=39326654

If you’re on GridPane, then fs.file-max will already be set to 39326654, but fs.nr_open will not be. So update this value and save the file.

You now need to apply the changes; make sure to have sysctl read the /etc/sysctl.conf file by running the following command

sysctl -p

Then verify the changes

> cat /proc/sys/fs/file-max
39326654
> cat /proc/sys/fs/nr_open
39326654

Step 2 – Allowing www-data to setrlimit to 39326654

Edit /etc/security/limits.conf and add the following

www-data soft nofile 1000000
www-data hard nofile 39326654

This will set the soft limit at 1,000,000 of which can be increased to 39,326,654 via setrlimit. This can be confirmed by running the following

❯ sudo -u www-data /bin/bash -c "ulimit -n"                                                                                                                                                           
1000000
❯ sudo -u www-data /bin/bash -c "ulimit -Hn"                                                                                                                                                          
39326654

Viola, you’re good to go!

Conclusion

The Nginx error will no longer be showing, but keep an eye on the log as the requirement for more open descriptors might crop up again.