Hi,
I am having some issues with my server where connections are getting dropped once I hit a hard limit of around 350 connections. This may or may not be an issue with my stunnel configuration, but I ran across some old posts saying that stunnel by default has a hard limit of around 500 connections and, to get around this, to set FD_SETSIZE at compile time (I found this on the troubleshooting page - http://www.stunnel.org/faq/troubleshooting.html). However, one of the release notes recently also had a comment saying 'no more FD_SETSIZE limit!' - http://www.mail-archive.com/openssl-users@openssl.org/msg38373.html. So my questions are:
1) Does FD_SETSIZE still exist in Stunnel 4.34 and could it be a reason why I am seeing a limit on the number of people that can make a connection? I already tried running stunnel after setting ulimit -Hn and ulimit -Sn to 4096, and it did not seem to make a difference.
2) More noobish question - how do I set the FD_SETSIZE at compile time? I saw in the troubleshooting that it said to do "-DFD_SETSIZE=4096" at compile time. Is this something I should be adding in one of the Makefiles?
Some more info about my setup: - I am using stunnel as a layer in front of Node.js to secure websockets and HTTP connections. - I'm running stunnel 4.34 - I am running stunnel from a startup script in /etc/init.d - it runs as a daemon process - I run stunnel with no params, but with this config file - http://pastebin.com/3Yr80ma1 - uname -a output: Linux gomockingbird.com 2.6.18.8-linode22 #1 SMP Tue Nov 10 16:12:12 UTC 2009 i686 GNU/Linux
- gcc -v output: Using built-in specs. Target: i486-linux-gnu Configured with: ../src/configure -v --with-pkgversion='Ubuntu 4.3.3-5ubuntu4' --with-bugurl=file:///usr/share/doc/gcc-4.3/README.Bugs --enable-languages=c,c++,fortran,objc,obj-c++ --prefix=/usr --enable-shared --with-system-zlib --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --enable-nls --with-gxx-include-dir=/usr/include/c++/4.3 --program-suffix=-4.3 --enable-clocale=gnu --enable-libstdcxx-debug --enable-objc-gc --enable-mpfr --enable-targets=all --with-tune=generic --enable-checking=release --build=i486-linux-gnu --host=i486-linux-gnu --target=i486-linux-gnu Thread model: posix gcc version 4.3.3 (Ubuntu 4.3.3-5ubuntu4)
- openssl version output: OpenSSL 0.9.8g 19 Oct 2007
Thanks in advance for any help!
-- Saikat