How to increase file descriptor limits for Nginx

High‑concurrency Nginx deployments can exhaust the default per‑process file descriptor limit, triggering errors like too many open files and failed connection accepts. Raising the limit removes an artificial ceiling that can turn a traffic spike into dropped connections and upstream timeouts.

On Linux, sockets, log files, cache files, and many other resources are represented as file descriptors, and the kernel enforces a per‑process open-files limit (RLIMIT_NOFILE). When Nginx is started by systemd, the unit’s LimitNOFILE sets the maximum descriptors the master and worker processes can inherit. The worker_rlimit_nofile directive can request a specific limit for workers, but it cannot exceed the service limit or the kernel’s own maximum.

Reverse proxies often consume multiple descriptors per request (client + upstream), and extra headroom is needed for listening sockets, log files, open file caches, and keepalive connections. Values that exceed the kernel per‑process ceiling (exposed via /proc/sys/fs/nr_open/) can prevent nginx.service from starting, while values that are too low cap effective worker_connections regardless of CPU capacity. A systemd unit override is required for service-managed deployments because login-shell limits in /etc/security/limits.conf do not apply to systemd services.

1. Pick a target open-files limit for nginx.

   65535 is a common starting point for busy sites; raise only when monitoring shows consistent near-limit usage. Keep worker_connections comfortably below the per-worker limit to leave room for logs, caches, and upstream sockets.

2. Check the kernel per-process open-files ceiling.

   $ cat /proc/sys/fs/nr_open
   1048576

   LimitNOFILE values above this ceiling cannot be applied.

3. Check the current LimitNOFILE value for nginx.service.

   $ sudo systemctl show nginx -p LimitNOFILE
   LimitNOFILE=1024

   Some distributions ship a higher default (often 65536) in the vendor unit file.

4. Open a systemd drop-in override for nginx.

   $ sudo systemctl edit nginx

   The editor typically opens /etc/systemd/system/nginx.service.d/override.conf.

5. Set LimitNOFILE under a Service section in the drop-in file.

   [Service]
   LimitNOFILE=65535

   A value above /proc/sys/fs/nr_open/ can prevent nginx.service from starting (often reported as Failed at step LIMITS).

6. Reload systemd unit files.

   $ sudo systemctl daemon-reload

   No output indicates success.

7. Restart nginx to apply the new unit limits.

   $ sudo systemctl restart nginx

   A restart closes existing connections; schedule for low-traffic windows when possible.

8. Confirm nginx.service is active.

   $ sudo systemctl status nginx
   ● nginx.service - A high performance web server and a reverse proxy server
        Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
        Active: active (running) since Mon 2025-12-08 09:41:12 UTC; 8min ago
          Docs: man:nginx(8)
   ##### snipped #####

9. Edit /etc/nginx/nginx.conf/.

   $ sudoedit /etc/nginx/nginx.conf

   Additional configuration may be included from /etc/nginx/conf.d/ or /etc/nginx/sites-enabled/ depending on the distribution.

10. Set worker_rlimit_nofile in the main context to match the service limit.

    worker_processes auto;
    worker_rlimit_nofile 65535;

    Keep worker_rlimit_nofile at or below the LimitNOFILE value set in systemd.

11. Set worker_connections in the events block.

    events {
        worker_connections 16384;
    }

    Reverse-proxying may consume at least two descriptors per active request (client + upstream).

12. Test the nginx configuration syntax.

    $ sudo nginx -t
    nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
    nginx: configuration file /etc/nginx/nginx.conf test is successful

13. Reload nginx to apply configuration changes.

    $ sudo systemctl reload nginx

    A reload rereads configuration without a full service restart.

14. Get the nginx master process PID.

    $ pgrep -xo nginx
    1234

15. Verify the process open-files limit.

    $ sudo grep -i "Max open files" /proc/1234/limits
    Max open files            65535                65535                files