[stunnel-users] more than 1000 concurrent connections?
Trenton Ashburn
tashburn at gmail.com
Tue Jul 3 21:19:33 CEST 2012
Yucong -
I just tried your suggestion below, and got the same result: 1019
connections, then:
java.io.IOException: Connection reset by peer
My server behind stunnel can handle 100,000+ connections directly (when i
bypass stunnel and don't use SSL).
I also got a netty-based SSL server to handle 15000 connections on the same
ec2 instance.
I continue to be unable to get stunnel past 1019 connections, however.
- Trent
On Mon, Jul 2, 2012 at 9:58 PM, Yucong Sun (叶雨飞) <sunyucong at gmail.com>wrote:
> First performance recommendation is to disable libwrap support:
> ./configure --disable-libwrap && make clean && make && make install
>
>
> On Mon, Jul 2, 2012 at 6:52 PM, Trenton Ashburn <tashburn at gmail.com>
> wrote:
> >
> > Sven -
> >
> > The error I'm getting is "java.io.IOException: Connection reset by peer"
> on
> > the 1017th connection.
> >
> > "ulimit -n" shows:
> >
> > 999999
> >
> > "lsof -n -p 6595" shows:
> >
> > COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
> > stunnel 6595 ec2-user cwd DIR 202,1 4096 2 /
> > stunnel 6595 ec2-user rtd DIR 202,1 4096 2 /
> > stunnel 6595 ec2-user txt REG 202,1 2510282 8807
> > /usr/local/bin/stunnel
> > stunnel 6595 ec2-user mem REG 202,1 1903208 7619
> > /lib64/libc-2.12.so
> > stunnel 6595 ec2-user mem REG 202,1 138328 7643
> > /lib64/libpthread-2.12.so
> > stunnel 6595 ec2-user mem REG 202,1 113432 7629
> > /lib64/libnsl-2.12.so
> > stunnel 6595 ec2-user mem REG 202,1 14584 7651
> > /lib64/libutil-2.12.so
> > stunnel 6595 ec2-user mem REG 202,1 19536 7625
> > /lib64/libdl-2.12.so
> > stunnel 6595 ec2-user mem REG 202,1 154464 17671
> > /lib64/ld-2.12.so
> > stunnel 6595 ec2-user 0u CHR 1,3 0t0 19
> > /dev/null
> > stunnel 6595 ec2-user 1u CHR 1,3 0t0 19
> > /dev/null
> > stunnel 6595 ec2-user 2u CHR 1,3 0t0 19
> > /dev/null
> > stunnel 6595 ec2-user 4r FIFO 0,8 0t0 534916 pipe
> > stunnel 6595 ec2-user 5w FIFO 0,8 0t0 534916 pipe
> > stunnel 6595 ec2-user 6u unix 0xffff880001d26900 0t0 534919
> socket
> > stunnel 6595 ec2-user 7u IPv4 534920 0t0 TCP
> > *:commplex-link (LISTEN)
> >
> > "cat /etc/security/limits.conf" shows:
> >
> > # /etc/security/limits.conf
> > #
> > #Each line describes a limit for a user in the form:
> > #
> > #<domain> <type> <item> <value>
> > #
> > #Where:
> > #<domain> can be:
> > # - an user name
> > # - a group name, with @group syntax
> > # - the wildcard *, for default entry
> > # - the wildcard %, can be also used with %group syntax,
> > # for maxlogin limit
> > #
> > #<type> can have the two values:
> > # - "soft" for enforcing the soft limits
> > # - "hard" for enforcing hard limits
> > #
> > #<item> can be one of the following:
> > # - core - limits the core file size (KB)
> > # - data - max data size (KB)
> > # - fsize - maximum filesize (KB)
> > # - memlock - max locked-in-memory address space (KB)
> > # - nofile - max number of open files
> > # - rss - max resident set size (KB)
> > # - stack - max stack size (KB)
> > # - cpu - max CPU time (MIN)
> > # - nproc - max number of processes
> > # - as - address space limit (KB)
> > # - maxlogins - max number of logins for this user
> > # - maxsyslogins - max number of logins on the system
> > # - priority - the priority to run user process with
> > # - locks - max number of file locks the user can hold
> > # - sigpending - max number of pending signals
> > # - msgqueue - max memory used by POSIX message queues (bytes)
> > # - nice - max nice priority allowed to raise to values: [-20, 19]
> > # - rtprio - max realtime priority
> > #
> > #<domain> <type> <item> <value>
> > #
> >
> > #* soft core 0
> > #* hard rss 10000
> > #@student hard nproc 20
> > #@faculty soft nproc 20
> > #@faculty hard nproc 50
> > #ftp hard nproc 0
> > #@student - maxlogins 4
> > * - nofile 999999
> >
> > # End of file
> >
> >
> > I believe that these settings should all allow way more than 1016
> > connections.
> >
> > Any other clues for me?
> >
> > Cheers,
> >
> > - Trent
> >
> >
> >
> >
> >
> >
> > On Mon, Jul 2, 2012 at 6:06 AM, Sven Ulland <sveniu at opera.com> wrote:
> >>
> >> On 07/02/2012 05:21 AM, Trenton Ashburn wrote:
> >>>
> >>> My client that's connecting to my server behind stunnel just gets
> >>> it's connection attempts refused.
> >>
> >>
> >> You're sure it's refused, not a timeout? Is the stunnel process
> >> running into the max limit of open file descriptors (default is likely
> >> to be 1024)? See 'ulimit -n', 'lsof -n -p <pid_of_stunnel>',
> >> /etc/security/limits.conf, etc.
> >>
> >> Sven
> >> _______________________________________________
> >> stunnel-users mailing list
> >> stunnel-users at stunnel.org
> >> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >
> >
> >
> > _______________________________________________
> > stunnel-users mailing list
> > stunnel-users at stunnel.org
> > http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120703/094f4222/attachment.html>
More information about the stunnel-users
mailing list