[stunnel-users] more than 1000 concurrent connections?
Yucong Sun (叶雨飞)
sunyucong at gmail.com
Tue Jul 3 03:58:39 CEST 2012
First performance recommendation is to disable libwrap support:
./configure --disable-libwrap && make clean && make && make install
On Mon, Jul 2, 2012 at 6:52 PM, Trenton Ashburn <tashburn at gmail.com> wrote:
>
> Sven -
>
> The error I'm getting is "java.io.IOException: Connection reset by peer" on
> the 1017th connection.
>
> "ulimit -n" shows:
>
> 999999
>
> "lsof -n -p 6595" shows:
>
> COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> stunnel 6595 ec2-user cwd DIR 202,1 4096 2 /
> stunnel 6595 ec2-user rtd DIR 202,1 4096 2 /
> stunnel 6595 ec2-user txt REG 202,1 2510282 8807
> /usr/local/bin/stunnel
> stunnel 6595 ec2-user mem REG 202,1 1903208 7619
> /lib64/libc-2.12.so
> stunnel 6595 ec2-user mem REG 202,1 138328 7643
> /lib64/libpthread-2.12.so
> stunnel 6595 ec2-user mem REG 202,1 113432 7629
> /lib64/libnsl-2.12.so
> stunnel 6595 ec2-user mem REG 202,1 14584 7651
> /lib64/libutil-2.12.so
> stunnel 6595 ec2-user mem REG 202,1 19536 7625
> /lib64/libdl-2.12.so
> stunnel 6595 ec2-user mem REG 202,1 154464 17671
> /lib64/ld-2.12.so
> stunnel 6595 ec2-user 0u CHR 1,3 0t0 19
> /dev/null
> stunnel 6595 ec2-user 1u CHR 1,3 0t0 19
> /dev/null
> stunnel 6595 ec2-user 2u CHR 1,3 0t0 19
> /dev/null
> stunnel 6595 ec2-user 4r FIFO 0,8 0t0 534916 pipe
> stunnel 6595 ec2-user 5w FIFO 0,8 0t0 534916 pipe
> stunnel 6595 ec2-user 6u unix 0xffff880001d26900 0t0 534919 socket
> stunnel 6595 ec2-user 7u IPv4 534920 0t0 TCP
> *:commplex-link (LISTEN)
>
> "cat /etc/security/limits.conf" shows:
>
> # /etc/security/limits.conf
> #
> #Each line describes a limit for a user in the form:
> #
> #<domain> <type> <item> <value>
> #
> #Where:
> #<domain> can be:
> # - an user name
> # - a group name, with @group syntax
> # - the wildcard *, for default entry
> # - the wildcard %, can be also used with %group syntax,
> # for maxlogin limit
> #
> #<type> can have the two values:
> # - "soft" for enforcing the soft limits
> # - "hard" for enforcing hard limits
> #
> #<item> can be one of the following:
> # - core - limits the core file size (KB)
> # - data - max data size (KB)
> # - fsize - maximum filesize (KB)
> # - memlock - max locked-in-memory address space (KB)
> # - nofile - max number of open files
> # - rss - max resident set size (KB)
> # - stack - max stack size (KB)
> # - cpu - max CPU time (MIN)
> # - nproc - max number of processes
> # - as - address space limit (KB)
> # - maxlogins - max number of logins for this user
> # - maxsyslogins - max number of logins on the system
> # - priority - the priority to run user process with
> # - locks - max number of file locks the user can hold
> # - sigpending - max number of pending signals
> # - msgqueue - max memory used by POSIX message queues (bytes)
> # - nice - max nice priority allowed to raise to values: [-20, 19]
> # - rtprio - max realtime priority
> #
> #<domain> <type> <item> <value>
> #
>
> #* soft core 0
> #* hard rss 10000
> #@student hard nproc 20
> #@faculty soft nproc 20
> #@faculty hard nproc 50
> #ftp hard nproc 0
> #@student - maxlogins 4
> * - nofile 999999
>
> # End of file
>
>
> I believe that these settings should all allow way more than 1016
> connections.
>
> Any other clues for me?
>
> Cheers,
>
> - Trent
>
>
>
>
>
>
> On Mon, Jul 2, 2012 at 6:06 AM, Sven Ulland <sveniu at opera.com> wrote:
>>
>> On 07/02/2012 05:21 AM, Trenton Ashburn wrote:
>>>
>>> My client that's connecting to my server behind stunnel just gets
>>> it's connection attempts refused.
>>
>>
>> You're sure it's refused, not a timeout? Is the stunnel process
>> running into the max limit of open file descriptors (default is likely
>> to be 1024)? See 'ulimit -n', 'lsof -n -p <pid_of_stunnel>',
>> /etc/security/limits.conf, etc.
>>
>> Sven
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
More information about the stunnel-users
mailing list