I fixed this now, but I could find virtually no documentation about it online, so I'm writing this email to document what surely must be a common problem ...
I wanted to enable HTTP/2 support in Apache on Fedora 38. I followed the documentation here which worked [although it's way more complicated than it needs to be, why isn't HTTP/2 the default out of the box?] https://httpd.apache.org/docs/2.4/howto/http2.html Anyway the problem I had was that the server worked fine provided there were not too many clients (and by "too many" I mean a simple load test with 4-16 clients failed). Apache randomly threw 403 Forbidden errors, but with less load it gave a normal (2xx) response. The first problem is the error is misleading: [Wed Feb 22 13:24:52.013780 2023] [core:error] [pid 3047850:tid 3047899] (24)Too many open files: [remote 192.168.0.139:53738] AH00132: file permissions deny server access: /var/www/html/[filename] If you concentrate on the second part "file permissions deny server access" -- as I did -- then you'll be looking at file permissions, SELinux, restorecon, ausearch etc. That's a red herring, there is no permissions problem. The real error is the first part "Too many open files". It turns out that the default open file limit (1024!) is too low. To change this and fix the problem: # systemctl edit httpd This creates an "override" file to which you should add (or you could just create this file directly): # cat /etc/systemd/system/httpd.service.d/override.conf [Service] LimitNOFILE=65536 and then restart Apache for the change to take effect. Why on earth Apache needs > 1024 open files to serve a dozen clients is not clear at all. Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
