Re: nginx.conf file limits

Stuart Henderson Fri, 25 Apr 2014 09:35:29 -0700

On 2014/04/21 19:10, Johnw wrote:
> Hi, would you like to add RLIMIT_NPROC setting to nginx.conf?
> 
> Because I do not want/need nginx child run any command/fork
> so, I want set RLIMIT_NPROC=0 to nginx child process, but nginx ignore
> /etc/login.conf setting.


While I think this is a nice idea, it should be submitted upstream
rather than added to OpenBSD.

> Thank you.
> 
> Index: src/core/nginx.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/nginx/src/core/nginx.c,v
> retrieving revision 1.8
> diff -u -u -r1.8 nginx.c
> --- src/core/nginx.c    15 May 2013 18:52:00 -0000    1.8
> +++ src/core/nginx.c    21 Apr 2014 10:49:29 -0000
> @@ -104,6 +104,13 @@
>        0,
>        NULL },
> 
> +    { ngx_string("worker_rlimit_nproc"),
> +      NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
> +      ngx_conf_set_num_slot,
> +      0,
> +      offsetof(ngx_core_conf_t, rlimit_nproc),
> +      NULL },
> +
>      { ngx_string("worker_rlimit_nofile"),
>        NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
>        ngx_conf_set_num_slot,
> @@ -963,6 +970,7 @@
>      ccf->worker_processes = NGX_CONF_UNSET;
>      ccf->debug_points = NGX_CONF_UNSET;
> 
> +    ccf->rlimit_nproc = NGX_CONF_UNSET;
>      ccf->rlimit_nofile = NGX_CONF_UNSET;
>      ccf->rlimit_core = NGX_CONF_UNSET;
>      ccf->rlimit_sigpending = NGX_CONF_UNSET;
> Index: src/core/ngx_cycle.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/nginx/src/core/ngx_cycle.h,v
> retrieving revision 1.5
> diff -u -u -r1.5 ngx_cycle.h
> --- src/core/ngx_cycle.h    1 Jun 2013 16:12:54 -0000    1.5
> +++ src/core/ngx_cycle.h    21 Apr 2014 10:49:29 -0000
> @@ -79,6 +79,7 @@
>       ngx_int_t                worker_processes;
>       ngx_int_t                debug_points;
> 
> +     ngx_int_t                rlimit_nproc;
>       ngx_int_t                rlimit_nofile;
>       ngx_int_t                rlimit_sigpending;
>       off_t                    rlimit_core;
> Index: src/os/unix/ngx_process_cycle.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c,v
> retrieving revision 1.12
> diff -u -u -r1.12 ngx_process_cycle.c
> --- src/os/unix/ngx_process_cycle.c    15 May 2013 18:52:01 -0000    1.12
> +++ src/os/unix/ngx_process_cycle.c    21 Apr 2014 10:49:30 -0000
> @@ -950,6 +950,17 @@
>                            ccf->username, ccf->group);
>          }
> 
> +    if (ccf->rlimit_nproc != NGX_CONF_UNSET) {
> +            rlmt.rlim_cur = (rlim_t) ccf->rlimit_nproc;
> +            rlmt.rlim_max = (rlim_t) ccf->rlimit_nproc;
> +
> +        if (setrlimit(RLIMIT_NPROC, &rlmt) == -1) {
> +                ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
> +                "setrlimit(RLIMIT_NPROC, %i) failed",
> +                ccf->rlimit_nproc);
> +        }
> +    }
> +
>          if (setuid(ccf->user) == -1) {
>              ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
>                            "setuid(%d) failed", ccf->user);

> Index: src/core/nginx.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/nginx/src/core/nginx.c,v
> retrieving revision 1.8
> diff -u -u -r1.8 nginx.c
> --- src/core/nginx.c  15 May 2013 18:52:00 -0000      1.8
> +++ src/core/nginx.c  21 Apr 2014 10:49:29 -0000
> @@ -104,6 +104,13 @@
>        0,
>        NULL },
>  
> +    { ngx_string("worker_rlimit_nproc"),
> +      NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
> +      ngx_conf_set_num_slot,
> +      0,
> +      offsetof(ngx_core_conf_t, rlimit_nproc),
> +      NULL },
> +
>      { ngx_string("worker_rlimit_nofile"),
>        NGX_MAIN_CONF|NGX_DIRECT_CONF|NGX_CONF_TAKE1,
>        ngx_conf_set_num_slot,
> @@ -963,6 +970,7 @@
>      ccf->worker_processes = NGX_CONF_UNSET;
>      ccf->debug_points = NGX_CONF_UNSET;
>  
> +    ccf->rlimit_nproc = NGX_CONF_UNSET;
>      ccf->rlimit_nofile = NGX_CONF_UNSET;
>      ccf->rlimit_core = NGX_CONF_UNSET;
>      ccf->rlimit_sigpending = NGX_CONF_UNSET;
> Index: src/core/ngx_cycle.h
> ===================================================================
> RCS file: /cvs/src/usr.sbin/nginx/src/core/ngx_cycle.h,v
> retrieving revision 1.5
> diff -u -u -r1.5 ngx_cycle.h
> --- src/core/ngx_cycle.h      1 Jun 2013 16:12:54 -0000       1.5
> +++ src/core/ngx_cycle.h      21 Apr 2014 10:49:29 -0000
> @@ -79,6 +79,7 @@
>       ngx_int_t                worker_processes;
>       ngx_int_t                debug_points;
>  
> +     ngx_int_t                rlimit_nproc;
>       ngx_int_t                rlimit_nofile;
>       ngx_int_t                rlimit_sigpending;
>       off_t                    rlimit_core;
> Index: src/os/unix/ngx_process_cycle.c
> ===================================================================
> RCS file: /cvs/src/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c,v
> retrieving revision 1.12
> diff -u -u -r1.12 ngx_process_cycle.c
> --- src/os/unix/ngx_process_cycle.c   15 May 2013 18:52:01 -0000      1.12
> +++ src/os/unix/ngx_process_cycle.c   21 Apr 2014 10:49:30 -0000
> @@ -950,6 +950,17 @@
>                            ccf->username, ccf->group);
>          }
>  
> +     if (ccf->rlimit_nproc != NGX_CONF_UNSET) {
> +            rlmt.rlim_cur = (rlim_t) ccf->rlimit_nproc;
> +            rlmt.rlim_max = (rlim_t) ccf->rlimit_nproc;
> +
> +         if (setrlimit(RLIMIT_NPROC, &rlmt) == -1) {
> +                ngx_log_error(NGX_LOG_ALERT, cycle->log, ngx_errno,
> +                             "setrlimit(RLIMIT_NPROC, %i) failed",
> +                             ccf->rlimit_nproc);
> +         }
> +     }
> +
>          if (setuid(ccf->user) == -1) {
>              ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
>                            "setuid(%d) failed", ccf->user);

Re: nginx.conf file limits

Reply via email to