Increse ulimit per user

Community Support
1

Hi everyone,

I’m running HestiaCP on Ubuntu with Apache + Nginx as a reverse proxy and PHP-FPM 8.0.
Each web domain runs under its own user, as usual with Hestia.

I have some background jobs that run either:

  • through Supervisor, or

  • via PHP CLI scripts (not through FPM, but same user environment).

These operations open many simultaneous connections (API calls, files, sockets, etc.), and they sometimes hit the default ulimit -n = 1024 for that user.

I’ve already tried to:

  • Set higher limits in /etc/security/limits.conf

  • Add LimitNOFILE=65535 in php8.0-fpm.service

  • Add rlimit_files = 65535 in the PHP-FPM pool config

  • Restarted PHP-FPM and verified via /proc/<pid>/limits

However, the limit for user-level processes still stays at 1024.

So my question is:
:backhand_index_pointing_right: What’s the proper way in HestiaCP to increase ulimit / open file descriptors per user in a persistent way — so it applies both to PHP-FPM workers and to CLI/Supervisor tasks started under that same user?

Thanks in advance!

2

Hi @andreaplansol,

That should work for php cli. What did you modify/add to the limits.conf file?

3

Hi @sahsanu ,

added at the end of the file 2 lines:

name_of_the_user soft nofile 2048
name_of_the_user hard nofile 4096

But if i log as the user and i type:

ulimit -n

I get 1024 :thinking:

4

If you log in as the user using su - name_of_the_user and then run ulimit -n, do you get 1024 or 2048?

5

Unfortunately still

1024

6

Create the file with the conf in /etc/security/limits.d/

In this example the user name is name_of_the_user, replace it with the actual user:

echo -e 'name_of_the_user    soft    nofile    2048\nname_of_the_user    hard    nofile    4096' > /etc/security/limits.d/name_of_the_user.conf

And try again using su - name_of_the_user

1 Like
7

That worked!:confetti_ball:
Those limit will also be taken into account when running php script in a queue with supervisor with same user?

Or with php-fpm?

8

I don’t know how supervisor is started but if the user starts it via command line, it should use the same limits. Just check it.

Run supervisor.
Get the current pid for that supervisor process.
Check the limits used for that pid.

cat /proc/HereThePID/limits

PHP-FPM uses the default limit used by systemd or in your case, as you added LimitNOFILE=65535 to the service, it will use that limit.

9

I’m afraid it still show the last limit, btw i restarted supervisor

Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size 0 unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 31204 31204 processes
Max open files 1024 524288 files
Max locked memory 8388608 8388608 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 31204 31204 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us

10

I think i found a way, i needed to override configs of supervisor with

sudo systemctl edit supervisor.service

setting something like:
[Service]
LimitNOFILE=65535

and then restart it. Thank you!:grinning_face:

2 Likes