Everything spiked and got 5XX error and NGINX error - [alert] 12197#0: *2936829

Hi, Suddenly the CPU and Bandwidth spiked on its own 2 times and the site went down for 5-10 mins.

Image - Example link

Checking logs saw this error - [alert] 12197#0: *2936829 socket() failed (24: Too many open files) while connecting to upstream on NGINX

100’s of these error entries from the same 4-5 IPS.

Example link Image -

Read a few places, to increase files, some said it could be server-side problem contact admins. Can someone help with a solution so we do not face this.

Thanks website - www.gadgetbridge.

P.S strange thing was when I tried opening DO community page, I got a 502 error here also.

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

It happened again today, same IP address all from one point in Kansas.

Hi @SP1,

There are two ways to go about this.

The first would be to increase the limits on your Nginx configuration to see if that will appear again.

You can change the maximum number of file descriptors a process can create by modifying the /etc/sysctl.conf file and adding the fs.file-max setting. Set fs.file-max=50000 to allow processes to create 50000 file descriptors.

Then you can modify the security limits in /etc/security/limits.conf. You can set these by adding two lines nginx soft nofile 10000 and nginx hard nofile 30000 . Then run sysctl -p to verify our change.

Finally, open up your /etc/nginx/nginx/conf file and add the worker_rlimit_nofile directive like so worker_rlimit_nofile 30000;. Then reload nginx.

The second suggestion is that you’ve been a target of a DDoS and it’s not something specific with your Droplet to worry about. If it was me, I’ll wait before making the above changes, I don’t think they are necessary most of the time and see when the next time this error appears the IP addresses that are accessing your website.