Re: [users@httpd] Apache 2.2.3 and 'File Descriptor Limits'

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



[ Jim Jagielski ]

> On Sep 27, 2006, at 9:13 AM, Kenneth Svee wrote:
>
>> [ Jim Jagielski ]
>>
>>> Kenneth Svee wrote:
>>>>
>>>> I've ported the old config to Apache 2.2, and we're about 11
>>>> vhosts over the limit on the new build. The 1.3.37-server works.
>>>> The 2.2.3-server starts if i comment out 11 vhosts. With 10
>>>> vhosts commented out, the server dumps this to the "global"
>>>> error_log, and dies:
>>>>
>>>>   [Tue Sep 26 17:16:41 2006] [error] (24)Too many open files: could
>>>>   not open mime types config file /our/path/to/mime.types.
>>>>   Configuration Failed
>>>>
>>>> With 9 vhosts removed it dies with the following message:
>>>>
>>>>   Unable to open logs
>>>>
>>>> We used the HIGH_SLACK_LINE-flag for our Apache-2.2.3-build as
>>>> well, even though the docs[3] say nothing about it. What's the
>>>> proper way to do this for Apache 2.2.3?
>>>
>>> It doesn't exist in 2.2.
>>
>> Meaning it will not work, or that it should work automatically? Is
>> there a way for me to make it work?
>
> Apache 2.2 doesn't take any special care in "adjusting" fd's in the
> way that the optional slack'ing in Apache 1.3 did. The assumption is
> that the admin takes care of ensuring that the kernel allows for
> sufficient fd's or, if that's not possible, one configures Apache to
> be as lean and mean with fd's as possible (eg: combining all
> CustomLogs and ErrorLogs, using worker MPM, etc...)

To sum up a bit of work here:

The reason why my 2.2-server does not start is because I've got too
many VirtualHosts in the config. Apache it self does fine at opening
all the logs (last logfile gets fd #274), and goes on to open a couple
more (mime.types and a file in /tmp/) before it starts to read the
certificate files for the SSL-enabled VirtualHosts. This is where it
fails.

We use OpenSSL as our SSL-library for mod_ssl. When mod_ssl open the
first certificate file via the OpenSSL BIO_new_file() (from
crypto/bio/bss_file.c in the OpenSSL source) it uses fopen() to open
the certificate file. On Solaris (Solaris 8 at least) fopen() cannot
open files when the descriptor is greater than 255 (due to using and
unsigned char in the _file-field of the FILE-struct). As Apache has
already opened 274 descriptors this fopen() fails, and Apache goes
down.

Apparently [1] using 64-bit binaries will possibly solve this issue,
but this is (for several reasons I won't go into here) not something
we can do. The alternatives, as Jim mentions, seem to be to
reconfigure the server to combine logs, or split it up to get the
number of VirtualHosts down to a manageble level.

(And if the certificates could been opened earlier in the startup
process, that would probably also solve the issue, but is most likely
not a good idea, nor feasible to (re)implement in the server. The
problem is 32bit Solaris 8 and OpenSSL, not Apache.)

[1] http://sunsolve.sun.com/search/document.do?assetkey=1-30-01406-1


Rgds,
Kenneth Svee

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux