[stunnel-users] more than 1000 concurrent connections?

Trenton Ashburn tashburn at gmail.com
Tue Jul 3 03:52:59 CEST 2012


Sven -

The error I'm getting is "java.io.IOException: Connection reset by peer" on
the 1017th connection.

"ulimit -n" shows:

999999

"lsof -n -p 6595" shows:

COMMAND  PID     USER   FD   TYPE             DEVICE SIZE/OFF   NODE NAME
stunnel 6595 ec2-user  cwd    DIR              202,1     4096      2 /
stunnel 6595 ec2-user  rtd    DIR              202,1     4096      2 /
stunnel 6595 ec2-user  txt    REG              202,1  2510282   8807
/usr/local/bin/stunnel
stunnel 6595 ec2-user  mem    REG              202,1  1903208   7619 /lib64/
libc-2.12.so
stunnel 6595 ec2-user  mem    REG              202,1   138328   7643 /lib64/
libpthread-2.12.so
stunnel 6595 ec2-user  mem    REG              202,1   113432   7629 /lib64/
libnsl-2.12.so
stunnel 6595 ec2-user  mem    REG              202,1    14584   7651 /lib64/
libutil-2.12.so
stunnel 6595 ec2-user  mem    REG              202,1    19536   7625 /lib64/
libdl-2.12.so
stunnel 6595 ec2-user  mem    REG              202,1   154464  17671 /lib64/
ld-2.12.so
stunnel 6595 ec2-user    0u   CHR                1,3      0t0     19
/dev/null
stunnel 6595 ec2-user    1u   CHR                1,3      0t0     19
/dev/null
stunnel 6595 ec2-user    2u   CHR                1,3      0t0     19
/dev/null
stunnel 6595 ec2-user    4r  FIFO                0,8      0t0 534916 pipe
stunnel 6595 ec2-user    5w  FIFO                0,8      0t0 534916 pipe
stunnel 6595 ec2-user    6u  unix 0xffff880001d26900      0t0 534919 socket
stunnel 6595 ec2-user    7u  IPv4             534920      0t0    TCP
*:commplex-link (LISTEN)

"cat /etc/security/limits.conf" shows:

# /etc/security/limits.conf
#
#Each line describes a limit for a user in the form:
#
#<domain>        <type>  <item>  <value>
#
#Where:
#<domain> can be:
#        - an user name
#        - a group name, with @group syntax
#        - the wildcard *, for default entry
#        - the wildcard %, can be also used with %group syntax,
#                 for maxlogin limit
#
#<type> can have the two values:
#        - "soft" for enforcing the soft limits
#        - "hard" for enforcing hard limits
#
#<item> can be one of the following:
#        - core - limits the core file size (KB)
#        - data - max data size (KB)
#        - fsize - maximum filesize (KB)
#        - memlock - max locked-in-memory address space (KB)
#        - nofile - max number of open files
#        - rss - max resident set size (KB)
#        - stack - max stack size (KB)
#        - cpu - max CPU time (MIN)
#        - nproc - max number of processes
#        - as - address space limit (KB)
#        - maxlogins - max number of logins for this user
#        - maxsyslogins - max number of logins on the system
#        - priority - the priority to run user process with
#        - locks - max number of file locks the user can hold
#        - sigpending - max number of pending signals
#        - msgqueue - max memory used by POSIX message queues (bytes)
#        - nice - max nice priority allowed to raise to values: [-20, 19]
#        - rtprio - max realtime priority
#
#<domain>      <type>  <item>         <value>
#

#*               soft    core            0
#*               hard    rss             10000
#@student        hard    nproc           20
#@faculty        soft    nproc           20
#@faculty        hard    nproc           50
#ftp             hard    nproc           0
#@student        -       maxlogins       4
*                -       nofile          999999

# End of file


I believe that these settings should all allow way more than 1016
connections.

Any other clues for me?

Cheers,

- Trent






On Mon, Jul 2, 2012 at 6:06 AM, Sven Ulland <sveniu at opera.com> wrote:

> On 07/02/2012 05:21 AM, Trenton Ashburn wrote:
>
>> My client that's connecting to my server behind stunnel just gets
>> it's connection attempts refused.
>>
>
> You're sure it's refused, not a timeout? Is the stunnel process
> running into the max limit of open file descriptors (default is likely
> to be 1024)? See 'ulimit -n', 'lsof -n -p <pid_of_stunnel>',
> /etc/security/limits.conf, etc.
>
> Sven
> ______________________________**_________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/**mailman/listinfo/stunnel-users<http://stunnel.mirt.net/mailman/listinfo/stunnel-users>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120702/8dd7945d/attachment.html>


More information about the stunnel-users mailing list