[stunnel-users] more than 1000 concurrent connections?

Trenton Ashburn tashburn at gmail.com
Tue Jul 3 21:19:33 CEST 2012


Yucong -

I just tried your suggestion below, and got the same result: 1019
connections, then:

        java.io.IOException: Connection reset by peer
My server behind stunnel can handle 100,000+ connections directly (when i
bypass stunnel and don't use SSL).

I also got a netty-based SSL server to handle 15000 connections on the same
ec2 instance.

I continue to be unable to get stunnel past 1019 connections, however.

-  Trent


On Mon, Jul 2, 2012 at 9:58 PM, Yucong Sun (叶雨飞) <sunyucong at gmail.com>wrote:

> First performance recommendation is to disable libwrap support:
> ./configure --disable-libwrap && make clean && make && make install
>
>
> On Mon, Jul 2, 2012 at 6:52 PM, Trenton Ashburn <tashburn at gmail.com>
> wrote:
> >
> > Sven -
> >
> > The error I'm getting is "java.io.IOException: Connection reset by peer"
> on
> > the 1017th connection.
> >
> > "ulimit -n" shows:
> >
> > 999999
> >
> > "lsof -n -p 6595" shows:
> >
> > COMMAND  PID     USER   FD   TYPE             DEVICE SIZE/OFF   NODE NAME
> > stunnel 6595 ec2-user  cwd    DIR              202,1     4096      2 /
> > stunnel 6595 ec2-user  rtd    DIR              202,1     4096      2 /
> > stunnel 6595 ec2-user  txt    REG              202,1  2510282   8807
> > /usr/local/bin/stunnel
> > stunnel 6595 ec2-user  mem    REG              202,1 1903208 7619
> > /lib64/libc-2.12.so
> > stunnel 6595 ec2-user  mem    REG              202,1   138328   7643
> > /lib64/libpthread-2.12.so
> > stunnel 6595 ec2-user  mem    REG              202,1   113432   7629
> > /lib64/libnsl-2.12.so
> > stunnel 6595 ec2-user  mem    REG              202,1    14584   7651
> > /lib64/libutil-2.12.so
> > stunnel 6595 ec2-user  mem    REG              202,1    19536   7625
> > /lib64/libdl-2.12.so
> > stunnel 6595 ec2-user  mem    REG              202,1 154464 17671
> > /lib64/ld-2.12.so
> > stunnel 6595 ec2-user    0u   CHR                1,3      0t0     19
> > /dev/null
> > stunnel 6595 ec2-user    1u   CHR                1,3      0t0     19
> > /dev/null
> > stunnel 6595 ec2-user    2u   CHR                1,3      0t0     19
> > /dev/null
> > stunnel 6595 ec2-user    4r  FIFO                0,8      0t0 534916 pipe
> > stunnel 6595 ec2-user    5w  FIFO                0,8      0t0 534916 pipe
> > stunnel 6595 ec2-user    6u  unix 0xffff880001d26900      0t0 534919
> socket
> > stunnel 6595 ec2-user    7u  IPv4             534920      0t0    TCP
> > *:commplex-link (LISTEN)
> >
> > "cat /etc/security/limits.conf" shows:
> >
> > # /etc/security/limits.conf
> > #
> > #Each line describes a limit for a user in the form:
> > #
> > #<domain>        <type>  <item>  <value>
> > #
> > #Where:
> > #<domain> can be:
> > #        - an user name
> > #        - a group name, with @group syntax
> > #        - the wildcard *, for default entry
> > #        - the wildcard %, can be also used with %group syntax,
> > #                 for maxlogin limit
> > #
> > #<type> can have the two values:
> > #        - "soft" for enforcing the soft limits
> > #        - "hard" for enforcing hard limits
> > #
> > #<item> can be one of the following:
> > #        - core - limits the core file size (KB)
> > #        - data - max data size (KB)
> > #        - fsize - maximum filesize (KB)
> > #        - memlock - max locked-in-memory address space (KB)
> > #        - nofile - max number of open files
> > #        - rss - max resident set size (KB)
> > #        - stack - max stack size (KB)
> > #        - cpu - max CPU time (MIN)
> > #        - nproc - max number of processes
> > #        - as - address space limit (KB)
> > #        - maxlogins - max number of logins for this user
> > #        - maxsyslogins - max number of logins on the system
> > #        - priority - the priority to run user process with
> > #        - locks - max number of file locks the user can hold
> > #        - sigpending - max number of pending signals
> > #        - msgqueue - max memory used by POSIX message queues (bytes)
> > #        - nice - max nice priority allowed to raise to values: [-20, 19]
> > #        - rtprio - max realtime priority
> > #
> > #<domain>      <type>  <item>         <value>
> > #
> >
> > #*               soft    core            0
> > #*               hard    rss             10000
> > #@student        hard    nproc           20
> > #@faculty        soft    nproc           20
> > #@faculty        hard    nproc           50
> > #ftp             hard    nproc           0
> > #@student        -       maxlogins       4
> > *                -       nofile          999999
> >
> > # End of file
> >
> >
> > I believe that these settings should all allow way more than 1016
> > connections.
> >
> > Any other clues for me?
> >
> > Cheers,
> >
> > - Trent
> >
> >
> >
> >
> >
> >
> > On Mon, Jul 2, 2012 at 6:06 AM, Sven Ulland <sveniu at opera.com> wrote:
> >>
> >> On 07/02/2012 05:21 AM, Trenton Ashburn wrote:
> >>>
> >>> My client that's connecting to my server behind stunnel just gets
> >>> it's connection attempts refused.
> >>
> >>
> >> You're sure it's refused, not a timeout? Is the stunnel process
> >> running into the max limit of open file descriptors (default is likely
> >> to be 1024)? See 'ulimit -n', 'lsof -n -p <pid_of_stunnel>',
> >> /etc/security/limits.conf, etc.
> >>
> >> Sven
> >> _______________________________________________
> >> stunnel-users mailing list
> >> stunnel-users at stunnel.org
> >> http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >
> >
> >
> > _______________________________________________
> > stunnel-users mailing list
> > stunnel-users at stunnel.org
> > http://stunnel.mirt.net/mailman/listinfo/stunnel-users
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.stunnel.org/pipermail/stunnel-users/attachments/20120703/094f4222/attachment.html>


More information about the stunnel-users mailing list