Tuning max concurrent connections
If you anticipate a high number of concurrent connections through your PrivX setup, you should adjust the nginx configuration file on each PrivX server instance to increase the max file descriptor nginx limits beyond the defaults (which equate to roughly 500 concurrent connections per server).
Edit /etc/nginx/nginx.conf file on your PrivX instance(s) and add "worker_rlimit_nofile 16384;" and set worker_connections setting to higher value like so:
...
user nginx;
# auto will try to autodetect the number of CPUs and set process count accordingly.
# The worker_rlimit_nofile value below is for CPU count of 4.
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# should be at least twice as large as worker_connections,
# or rather worker_processes * worker_connections
worker_rlimit_nofile 16384;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/\*.conf;
events {
worker_connections 4096; # sockets per worker process
}
...
Note that worker_rlimit_nofile value must be equivalent or larger than number of worker_processes * worker_connections.
After completing these steps, tell SELinux to allow nginx process to modify rlimit:
setsebool -P httpd_setrlimit 1
or you will get an error
# tail -f /var/log/nginx/error.log
2023/10/21 07:16:40 [alert] 72357#0: setrlimit(RLIMIT_NOFILE, 16384) failed (13: Permission denied)
After this, execute "service nginx restart". This will raise your maximum connections limit to approximately 8000 connections (two file descriptors per connection) for this server instance.
You should also verify the per-process hard limit of open files to be large enough for nginx process:
# for pid in $(pgrep nginx); do echo "PID: $pid"; grep "Max open files" /proc/$pid/limits | awk '{print "Hard limit of open files: " $5}'; done
PID: 75512
Hard limit of open files: 262144
PID: 75513
Hard limit of open files: 262144
PID: 75514
Hard limit of open files: 262144
Also verify your system-wide limit on open file descriptors is larger than your worker_rlimit_nofile * worker_processes:
# sysctl fs.file-max
fs.file-max = 782142
If you have an HA (High Availability) setup, ensure that you also make equivalent configuration changes to the systemd startup scripts on your load balancer host. The precise steps to follow will vary depending on the host OS and the specific load balancer software in use.