PingAuthorize

Setting the file descriptor limit

PingAuthorize Server allows for an unlimited number of connections. The following steps describe how to manually increase the file descriptor limit on the operating system.

About this task

If the operating system relies on systemd, see the Linux operating system documentation for instructions on setting the file descriptor limit.

Steps

  1. Display the current fs.file-max limit of the system.

    sysctl fs.file-max

    The fs.file-max limit is the maximum server-wide file limit you can set without tuning the kernel parameters in the proc file system.

  2. Edit the /etc/sysctl.conf file.

    If there is a line that sets the value of the fs.file-max property, make sure that its value is set to at least 1.5 times the per-process limit. If there is no line that sets a value for this property, add the following to the end of the file (100000 is just an example here; specify a value of at least 1.5 times the per-process limit).

    fs.file-max = 100000

  3. Display the current hard limit of the system.

    ulimit -aH

    The open files (-n) value is the maximum number of open files per process limit.

    Verify that its value is set to at least 65535.

  4. Edit the /etc/security/limits.conf file.

    If the file contains lines that set the soft and hard limits for the number of file descriptors, verify that the values are set to 65535. If the properties are absent, add the following lines to the end of the file, before #End of file, inserting a tab between the columns.

    *   soft   nofile   65535
*   hard   nofile   65535

    The number of open file descriptors is limited by the physical memory available to the host. You can determine this limit with the following command.

    cat /proc/sys/fs/file-max

    If the file-max value is significantly higher than the 65535 limit, consider increasing the file descriptor limit to between 10% and 15% of the system-wide file descriptor limit. For example, if the file-max value is 810752, you could set the file descriptor limit to 100000. If the file-max value is lower than 65535, the host is likely not sized appropriately.

  5. Reboot the server.

  6. Verify that the file descriptor limit is set to 65535.

    ulimit -n

  7. For RedHat 7 or later, modify the /etc/security/limits.d/20-nproc.conf file to set limits for the open files and max user processes.

    Add or edit the following lines if they do not already exist.

    * soft nproc 65536
* soft nofile 65536
* hard nproc 65536
* hard nofile 65536
root soft nproc unlimited

Next steps

After the operating system limit is set, use one of the following methods to configure the number of file descriptors that the server uses:

  • Use a NUM_FILE_DESCRIPTORS environment variable.

  • Create a config/num-file-descriptors file with a single line, such as NUM_FILE_DESCRIPTORS=12345.

If these values are not set, the default value of 65535 is used.

This optional step ensures that the server shuts down safely before it reaches the file descriptor limit.