hello, after updating to 1.9.4, Nginx won’t start anymore and these errors had showed up:
the size 10485760 of shared memory zone "SSL" conflicts with already declared size 20971520 in /etc/nginx/conf.d/domains/sub.domain.com.ssl.conf:12
what could be the cause of this? removing this from the ssl configs fixes the issue:
ssl_session_cache shared:SSL:10m;
but we have a lot of domain and this will take us longer, also are new added domains will be affected?
we also had to add this to /etc/nginx/nginx.conf:limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s;limit_req_zone $binary_remote_addr zone=static:10m rate=100r/s;
just to make nginx work again. these are the errors:nginx: [emerg] zero size shared memory zone “api”nginx: [emerg] zero size shared memory zone “static”
nu01
August 20, 2025, 4:00pm
3
You already had this:
ssl_session_cache shared:SSL:10m
opened 05:28PM - 15 Feb 25 UTC
closed 07:06AM - 04 Mar 25 UTC
help wanted
question
Hello,
I use nginx to proxy a large number of single requests (i.e. no sessions … involved, just one request w/o any cookies or stickiness requirements) to a very distributed API, and to guarantee fast DNS resolution when this API switches IPs, I use `resolve` directive in my config:
```sh
upstream api-keepalive-https {
zone api-keepalive-https 65536k;
resolver 1.1.1.1 9.9.9.9 1.0.0.1 valid=10 ipv6=off;
server api.example.com:443 max_fails=5 fail_timeout=30s resolve;
keepalive 16;
}
server {
listen 127.0.0.1:8080;
location / {
proxy_pass https://api-keepalive-https/;
proxy_set_header Host api-keepalive-https;
proxy_set_header Connection "";
proxy_http_version 1.1;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie Vary;
}
server_name api-keepalive-https;
}
```
Such setup works fine, but I had to increase zone memory significantly to avoid `ngx_slab_alloc() failed: no memory in upstream zone` errors. This is a concern to me, as number of requests probably would grow and I possible will keep hitting memory limits down the line.
Is there a way to set a timeout for upstream zones, to purge stale data from a zone sooner and to release memory faster?
Or maybe such configuration (with `upstream {server...}` block and with dynamic name resolution) can be re-written without using shared memory and `resolve` directive?
Thank you in advance.
opened 12:38AM - 08 Oct 15 UTC
closed 11:17PM - 27 Apr 17 UTC
bug
area: nginx
Steps to reproduce:
1. Put `ssl_session_cache shared:SSL:10m;` in your Nginx con… figs somewhere.
2. Run letsencrypt with the nginx authenticator.
Expected results: works
Actual results:
`2015-10-08 00:30:17,856:ERROR:letsencrypt_nginx.configurator:Nginx Restart Failed!
nginx: [emerg] the size 1048576 of shared memory zone "SSL" conflicts with already declared size 10485760 in /etc/letsencrypt/options-ssl-nginx.conf:1`
Contents of /etc/letsencrypt/options-ssl-nginx.conf:
```
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 1440m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
# Using list of ciphers from "Bulletproof SSL and TLS"
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA";
```
nginx, ssl
BTW, did you try: killall -9 nginx and restarting the server once?
Also, what template are you using for nginx? Maybe that template has some default settings.