[stunnel-users] more than 1000 concurrent connections?

Yucong Sun (叶雨飞) sunyucong at gmail.com
Tue Jul 3 03:58:39 CEST 2012


First performance recommendation is to disable libwrap support:
./configure --disable-libwrap && make clean && make && make install


On Mon, Jul 2, 2012 at 6:52 PM, Trenton Ashburn <tashburn at gmail.com> wrote:
>
> Sven -
>
> The error I'm getting is "java.io.IOException: Connection reset by peer" on
> the 1017th connection.
>
> "ulimit -n" shows:
>
> 999999
>
> "lsof -n -p 6595" shows:
>
> COMMAND  PID     USER   FD   TYPE             DEVICE SIZE/OFF   NODE NAME
> stunnel 6595 ec2-user  cwd    DIR              202,1     4096      2 /
> stunnel 6595 ec2-user  rtd    DIR              202,1     4096      2 /
> stunnel 6595 ec2-user  txt    REG              202,1  2510282   8807
> /usr/local/bin/stunnel
> stunnel 6595 ec2-user  mem    REG              202,1  1903208   7619
> /lib64/libc-2.12.so
> stunnel 6595 ec2-user  mem    REG              202,1   138328   7643
> /lib64/libpthread-2.12.so
> stunnel 6595 ec2-user  mem    REG              202,1   113432   7629
> /lib64/libnsl-2.12.so
> stunnel 6595 ec2-user  mem    REG              202,1    14584   7651
> /lib64/libutil-2.12.so
> stunnel 6595 ec2-user  mem    REG              202,1    19536   7625
> /lib64/libdl-2.12.so
> stunnel 6595 ec2-user  mem    REG              202,1   154464  17671
> /lib64/ld-2.12.so
> stunnel 6595 ec2-user    0u   CHR                1,3      0t0     19
> /dev/null
> stunnel 6595 ec2-user    1u   CHR                1,3      0t0     19
> /dev/null
> stunnel 6595 ec2-user    2u   CHR                1,3      0t0     19
> /dev/null
> stunnel 6595 ec2-user    4r  FIFO                0,8      0t0 534916 pipe
> stunnel 6595 ec2-user    5w  FIFO                0,8      0t0 534916 pipe
> stunnel 6595 ec2-user    6u  unix 0xffff880001d26900      0t0 534919 socket
> stunnel 6595 ec2-user    7u  IPv4             534920      0t0    TCP
> *:commplex-link (LISTEN)
>
> "cat /etc/security/limits.conf" shows:
>
> # /etc/security/limits.conf
> #
> #Each line describes a limit for a user in the form:
> #
> #<domain>        <type>  <item>  <value>
> #
> #Where:
> #<domain> can be:
> #        - an user name
> #        - a group name, with @group syntax
> #        - the wildcard *, for default entry
> #        - the wildcard %, can be also used with %group syntax,
> #                 for maxlogin limit
> #
> #<type> can have the two values:
> #        - "soft" for enforcing the soft limits
> #        - "hard" for enforcing hard limits
> #
> #<item> can be one of the following:
> #        - core - limits the core file size (KB)
> #        - data - max data size (KB)
> #        - fsize - maximum filesize (KB)
> #        - memlock - max locked-in-memory address space (KB)
> #        - nofile - max number of open files
> #        - rss - max resident set size (KB)
> #        - stack - max stack size (KB)
> #        - cpu - max CPU time (MIN)
> #        - nproc - max number of processes
> #        - as - address space limit (KB)
> #        - maxlogins - max number of logins for this user
> #        - maxsyslogins - max number of logins on the system
> #        - priority - the priority to run user process with
> #        - locks - max number of file locks the user can hold
> #        - sigpending - max number of pending signals
> #        - msgqueue - max memory used by POSIX message queues (bytes)
> #        - nice - max nice priority allowed to raise to values: [-20, 19]
> #        - rtprio - max realtime priority
> #
> #<domain>      <type>  <item>         <value>
> #
>
> #*               soft    core            0
> #*               hard    rss             10000
> #@student        hard    nproc           20
> #@faculty        soft    nproc           20
> #@faculty        hard    nproc           50
> #ftp             hard    nproc           0
> #@student        -       maxlogins       4
> *                -       nofile          999999
>
> # End of file
>
>
> I believe that these settings should all allow way more than 1016
> connections.
>
> Any other clues for me?
>
> Cheers,
>
> - Trent
>
>
>
>
>
>
> On Mon, Jul 2, 2012 at 6:06 AM, Sven Ulland <sveniu at opera.com> wrote:
>>
>> On 07/02/2012 05:21 AM, Trenton Ashburn wrote:
>>>
>>> My client that's connecting to my server behind stunnel just gets
>>> it's connection attempts refused.
>>
>>
>> You're sure it's refused, not a timeout? Is the stunnel process
>> running into the max limit of open file descriptors (default is likely
>> to be 1024)? See 'ulimit -n', 'lsof -n -p <pid_of_stunnel>',
>> /etc/security/limits.conf, etc.
>>
>> Sven
>> _______________________________________________
>> stunnel-users mailing list
>> stunnel-users at stunnel.org
>> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>
>
>
> _______________________________________________
> stunnel-users mailing list
> stunnel-users at stunnel.org
> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
>



More information about the stunnel-users mailing list