How to Solve CentOS 7 raise nofile limit for Nginx

After long way troubleshooting for raising nginx setrlimit RLIMIT_NOFILE capability i found the ultimate solution and that work! here are how to solve problem in Centos 7 raise nofile limit failed for nginx.

CentOS 7 raise nofile limit for Nginx

Prerequisites :

1. Installed Nginx Server in Centos 7 OS
2. Login and Configure via SSHd
3. Installed nano as command line editor
4. Minimal VPS, Linux and Centos Command

Two ways to raise the nofile/max open files/file descriptors/file handles limit for Nginx in Centos 7. With Nginx running, checking current limit on master process. First at all, lets verify the existing settup :

cat /proc/$(cat /var/run/nginx.pid)/limits|grep open.files

Max open files            1024                 4096                 files

Trying with the worker_rlimit_nofile directive in /etc/nginx/nginx.conf fails as SELinux policy doesn't allow setrlimit. This is shown in /var/log/nginx/error.log

[root@amazon helenaberkovah]# tail -s 10 /var/log/nginx/error.log

[alert] 19865#0: setrlimit(RLIMIT_NOFILE, 120000) failed (13: Permission denied)

[alert] 19866#0: setrlimit(RLIMIT_NOFILE, 120000) failed (13: Permission denied)

And in Audit log :

[root@amazon helenaberkovah]# tail -s 20 /var/log/audit/audit.log

type=AVC msg=audit(1437731200.211:366): avc:  denied  { setrlimit } for  pid=12066 comm="nginx" scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=process

Raise the limit by extending nginx.service configuration.

This will set fd limits for both, master and worker processes. Remove the worker_rlimit_nofile from /etc/nginx/nginx.conf and create a directory for nginx.service configuration

mkdir /etc/systemd/system/nginx.service.d

Add following to /etc/systemd/system/nginx.service.d/nofile_limit.conf

[Service]
LimitNOFILE=500000

Now, add worker limit nofile to nginx configuration

nano /etc/nginx/nginx.conf
worker_rlimit_nofile 500000; #default from nginx suggestion is 8192

Reload systemd daemon configuration and restart nginx.

systemctl daemon-reload
systemctl restart nginx.service

verify again and now you can see lmit nofile max open file process has been upgraded succesfully.

[root@amazon helenaberkovah]# cat /proc/$(cat /var/run/nginx.pid)/limits|grep open.files
Max open files            500000               500000               files

Or set SELinux boolean httpd_setrlimit to true

This will set fd limits for the worker processes. Leave the worker_rlimit_nofile directive in /etc/nginx/nginx.conf and run the following as root.

setsebool -P httpd_setrlimit 1

Wrong ways in solving worker_rlimit_nofile

Common problem in solving this issue is always follow the broken information from a long year ago and nowaday the OS and syntax command was updated.

1. Adding LimitNOFILE to /usr/lib/systemd/system/nginx.service, instead you can extend or override it. Follow in RHEL 7 - Documentation
2. Editing /etc/security/limits.d/30-nginx.conf or similar. It has no effect as /etc/security/limits.conf only sets limits for users logged in via PAM.
3. Follow the old and broken configuration information

Somehow, many webmaster follow this instruction to raising up worker limit nofile process then was fail #lol

nano /etc/sysctl.conf

Add settup

net.core.somaxconn = 4096 # default 4096 /*huh*/

fs.file-max = 120000

then 

nano /etc/security/limits.conf

and insert

* soft nofile 120000

* hard nofile 120000

Lastly,

That's it! the right and simply way to how to resolve limit nofile for nginx. Hope this help and enjoy your days. Thank you :)