Check the ulimit by running the docker file

Rahulkumar ChoudharyRahulkumar Choudhary
3 min read

What’s the goal?

The goal is to query the current system resource limit (e.g., RLIMIT_NOFILE, which controls the maximum number of open file descriptors) and expose it through an Nginx endpoint as part of the response.

How are we going to achieve this?

  1. Writing a script (e.g., Bash, Python) to query the system resource limit.

  2. Configuring Nginx to execute this script when a specific URL is accessed.

Lets get started with the hands-on!

Step 1: Write the Script

The script will use the ulimit command to fetch the current file descriptor limit (RLIMIT_NOFILE). For this example, we'll use a Bash script.

Example: Bash Script (rlimit.sh)

#!/bin/bash
# Fetch the maximum number of open file descriptors
RLIMIT_NOFILE=$(ulimit -n)
echo "RLIMIT_NOFILE=${RLIMIT_NOFILE}"

  • Here,

    • ulimit -n: Returns the soft limit on the number of open file descriptors.

    • echo: Outputs the result in a simple format.

  • Save this script as rlimit.sh in a directory accessible to Nginx (e.g., /usr/local/bin/).

  • Make the script executable using the following command:

      chmod +x /usr/local/bin/rlimit.sh

Step 2: Install and Configure a FastCGI Wrapper

Nginx cannot execute scripts directly. Instead, it relies on FastCGI (or similar mechanisms like proxy_pass) to interface with external programs.

Install a FastCGI Wrapper

On most Linux distributions, you can install the spawn-fcgi utility:

sudo apt-get install spawn-fcgi

Run the Script as a FastCGI Service

You need to start the spawn-fcgi service to run your script. For example:

spawn-fcgi -a 127.0.0.1 -p 9000 -n /usr/local/bin/rlimit.sh

  • Here,

    • -a 127.0.0.1: Binds the service to localhost.

    • -p 9000: Specifies the port to listen on.

    • -n: Runs the script in non-daemon mode.

    • /usr/local/bin/rlimit.sh: Path to the script.

To keep this service running persistently, consider setting it up as a systemd service or using a process manager like supervisord.

Step 3: Configure Nginx

Modify your Nginx configuration to route requests to the FastCGI service.

Example Nginx Configuration

server {
    listen 80;

    location /rlimit {
        # Set the response type
        default_type text/plain;

        # Pass the request to the FastCGI service
        fastcgi_pass 127.0.0.1:9000;

        # Required FastCGI parameters (standard for scripts)
        fastcgi_param SCRIPT_FILENAME /usr/local/bin/rlimit.sh;
    }
}

  • Here,

    • fastcgi_pass: Routes requests to the FastCGI service running the script.

    • fastcgi_param SCRIPT_FILENAME: Specifies the script to execute.

After editing the configuration, test and reload Nginx using the following commands:

sudo nginx -t
sudo systemctl reload nginx

Step 4: Test the Setup

Use curl to send a request to the /rlimit endpoint:

curl http://localhost/rlimit

Expected Response

RLIMIT_NOFILE=65536

This indicates that the script successfully queried the RLIMIT_NOFILE value and returned it through Nginx.

Step 5: Automate the FastCGI Service

To ensure the FastCGI service runs automatically on system boot:

Create a systemd Service

Create a service file at /etc/systemd/system/rlimit-fastcgi.service:

[Unit]
Description=FastCGI Wrapper for rlimit.sh
After=network.target

[Service]
ExecStart=/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -n /usr/local/bin/rlimit.sh
Restart=always

[Install]
WantedBy=multi-user.target

Reload systemd and enable the service using the following commands:

sudo systemctl daemon-reload
sudo systemctl enable rlimit-fastcgi.service
sudo systemctl start rlimit-fastcgi.service

Security and Optimization points to consider:

  • Script Permissions: Ensure only the necessary users have execute permissions on the script.

  • Resource Limits: If querying other system limits, ensure you don't expose sensitive information unintentionally.

  • Caching: If limits don’t change frequently, consider caching the output to reduce script execution overhead.

Conclusion

Through the use of a custom script and FastCGI, this setup allows system-level resource limits (rlimit) to be dynamically exposed through Nginx.

Thank you; I'm happy that my blog was able to assist you with your use case. If you have any queries please don't hesitate to ask on the following platform where you can catch up with me.

Catch up with me here!

1
Subscribe to my newsletter

Read articles from Rahulkumar Choudhary directly inside your inbox. Subscribe to the newsletter, and don't miss out.

Dockerlinux ulimitnginxsystemdBashfastcgi

Written by

Rahulkumar Choudhary
Rahulkumar Choudhary

Cloud & DevOps Engineer crafting peak-performance solutions. Tech enthusiast embracing innovation. Blogging on DevOps & Cloud, simplifying complexities.