<div><br></div><div>Yucong -</div><div><br></div>I just tried your suggestion below, and got the same result: 1019 connections, then:<p class="p1"><span class="s1"> java.io.IOException</span>: Connection reset by peer</p>
My server behind stunnel can handle 100,000+ connections directly (when i bypass stunnel and don't use SSL).<div><br></div><div>I also got a netty-based SSL server to handle 15000 connections on the same ec2 instance.</div>
<div><br></div><div>I continue to be unable to get stunnel past 1019 connections, however.<br><div><br></div><div>- Trent<br><br><br><div class="gmail_quote">On Mon, Jul 2, 2012 at 9:58 PM, Yucong Sun (叶雨飞) <span dir="ltr"><<a href="mailto:sunyucong@gmail.com" target="_blank">sunyucong@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">First performance recommendation is to disable libwrap support:<br>
./configure --disable-libwrap && make clean && make && make install<br>
<br>
<br>
On Mon, Jul 2, 2012 at 6:52 PM, Trenton Ashburn <<a href="mailto:tashburn@gmail.com">tashburn@gmail.com</a>> wrote:<br>
><br>
> Sven -<br>
><br>
> The error I'm getting is "java.io.IOException: Connection reset by peer" on<br>
> the 1017th connection.<br>
><br>
> "ulimit -n" shows:<br>
><br>
> 999999<br>
><br>
> "lsof -n -p 6595" shows:<br>
><br>
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME<br>
> stunnel 6595 ec2-user cwd DIR 202,1 4096 2 /<br>
> stunnel 6595 ec2-user rtd DIR 202,1 4096 2 /<br>
> stunnel 6595 ec2-user txt REG 202,1 2510282 8807<br>
> /usr/local/bin/stunnel<br>
> stunnel 6595 ec2-user mem REG 202,<a href="tel:1%20%201903208%20%20%207619" value="+19032087619">1 1903208 7619</a><br>
> /lib64/<a href="http://libc-2.12.so" target="_blank">libc-2.12.so</a><br>
> stunnel 6595 ec2-user mem REG 202,1 138328 7643<br>
> /lib64/<a href="http://libpthread-2.12.so" target="_blank">libpthread-2.12.so</a><br>
> stunnel 6595 ec2-user mem REG 202,1 113432 7629<br>
> /lib64/<a href="http://libnsl-2.12.so" target="_blank">libnsl-2.12.so</a><br>
> stunnel 6595 ec2-user mem REG 202,1 14584 7651<br>
> /lib64/<a href="http://libutil-2.12.so" target="_blank">libutil-2.12.so</a><br>
> stunnel 6595 ec2-user mem REG 202,1 19536 7625<br>
> /lib64/<a href="http://libdl-2.12.so" target="_blank">libdl-2.12.so</a><br>
> stunnel 6595 ec2-user mem REG 202,<a href="tel:1%20%20%20154464%20%2017671" value="+15446417671">1 154464 17671</a><br>
> /lib64/<a href="http://ld-2.12.so" target="_blank">ld-2.12.so</a><br>
> stunnel 6595 ec2-user 0u CHR 1,3 0t0 19<br>
> /dev/null<br>
> stunnel 6595 ec2-user 1u CHR 1,3 0t0 19<br>
> /dev/null<br>
> stunnel 6595 ec2-user 2u CHR 1,3 0t0 19<br>
> /dev/null<br>
> stunnel 6595 ec2-user 4r FIFO 0,8 0t0 534916 pipe<br>
> stunnel 6595 ec2-user 5w FIFO 0,8 0t0 534916 pipe<br>
> stunnel 6595 ec2-user 6u unix 0xffff880001d26900 0t0 534919 socket<br>
> stunnel 6595 ec2-user 7u IPv4 534920 0t0 TCP<br>
> *:commplex-link (LISTEN)<br>
><br>
> "cat /etc/security/limits.conf" shows:<br>
><br>
> # /etc/security/limits.conf<br>
> #<br>
> #Each line describes a limit for a user in the form:<br>
> #<br>
> #<domain> <type> <item> <value><br>
> #<br>
> #Where:<br>
> #<domain> can be:<br>
> # - an user name<br>
> # - a group name, with @group syntax<br>
> # - the wildcard *, for default entry<br>
> # - the wildcard %, can be also used with %group syntax,<br>
> # for maxlogin limit<br>
> #<br>
> #<type> can have the two values:<br>
> # - "soft" for enforcing the soft limits<br>
> # - "hard" for enforcing hard limits<br>
> #<br>
> #<item> can be one of the following:<br>
> # - core - limits the core file size (KB)<br>
> # - data - max data size (KB)<br>
> # - fsize - maximum filesize (KB)<br>
> # - memlock - max locked-in-memory address space (KB)<br>
> # - nofile - max number of open files<br>
> # - rss - max resident set size (KB)<br>
> # - stack - max stack size (KB)<br>
> # - cpu - max CPU time (MIN)<br>
> # - nproc - max number of processes<br>
> # - as - address space limit (KB)<br>
> # - maxlogins - max number of logins for this user<br>
> # - maxsyslogins - max number of logins on the system<br>
> # - priority - the priority to run user process with<br>
> # - locks - max number of file locks the user can hold<br>
> # - sigpending - max number of pending signals<br>
> # - msgqueue - max memory used by POSIX message queues (bytes)<br>
> # - nice - max nice priority allowed to raise to values: [-20, 19]<br>
> # - rtprio - max realtime priority<br>
> #<br>
> #<domain> <type> <item> <value><br>
> #<br>
><br>
> #* soft core 0<br>
> #* hard rss 10000<br>
> #@student hard nproc 20<br>
> #@faculty soft nproc 20<br>
> #@faculty hard nproc 50<br>
> #ftp hard nproc 0<br>
> #@student - maxlogins 4<br>
> * - nofile 999999<br>
><br>
> # End of file<br>
><br>
><br>
> I believe that these settings should all allow way more than 1016<br>
> connections.<br>
><br>
> Any other clues for me?<br>
><br>
> Cheers,<br>
><br>
> - Trent<br>
><br>
><br>
><br>
><br>
><br>
><br>
> On Mon, Jul 2, 2012 at 6:06 AM, Sven Ulland <<a href="mailto:sveniu@opera.com">sveniu@opera.com</a>> wrote:<br>
>><br>
>> On 07/02/2012 05:21 AM, Trenton Ashburn wrote:<br>
>>><br>
>>> My client that's connecting to my server behind stunnel just gets<br>
>>> it's connection attempts refused.<br>
>><br>
>><br>
>> You're sure it's refused, not a timeout? Is the stunnel process<br>
>> running into the max limit of open file descriptors (default is likely<br>
>> to be 1024)? See 'ulimit -n', 'lsof -n -p <pid_of_stunnel>',<br>
>> /etc/security/limits.conf, etc.<br>
>><br>
>> Sven<br>
>> _______________________________________________<br>
>> stunnel-users mailing list<br>
>> <a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
>> <a href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users" target="_blank">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</a><br>
><br>
><br>
><br>
> _______________________________________________<br>
> stunnel-users mailing list<br>
> <a href="mailto:stunnel-users@stunnel.org">stunnel-users@stunnel.org</a><br>
> <a href="http://stunnel.mirt.net/mailman/listinfo/stunnel-users" target="_blank">http://stunnel.mirt.net/mailman/listinfo/stunnel-users</a><br>
><br>
</blockquote></div><br></div></div>