secondlife · Rider-Linden · Jun 30, 2025 · Jul 2, 2025 · Jul 2, 2025 · Jul 4, 2025
diff --git a/Dockerfile b/Dockerfile
@@ -16,6 +16,7 @@ ENV STATIC_LOCATIONS=
 ENV NO_ACCESS_LOGS=0
 ENV LOG_ONLY_5XX=0
 ENV WORKER_CONNECTIONS=1024
+
 EXPOSE 80
 STOPSIGNAL SIGQUIT
 ENTRYPOINT ["/docker-entrypoint.sh"]

diff --git a/README.md b/README.md
@@ -28,6 +28,7 @@ Pair nginx-proxy with your favorite upstream server (wsgi, uwsgi, asgi, et al.)
 | `NO_ACCESS_LOGS` | disable access logs completely | No | 0 | 1 |
 | `LOG_ONLY_5XX` | only log 5XX HTTP status access events | No | 0 | 1 |
 | `WORKER_CONNECTIONS` | Set the number of allowed worker connections | No | 1024 | 2048 |
+| `WORKER_FILE_LIMIT` | Set the number of available file descriptors | No | 2*WORKER_CONNECTIONS | 4096 |
 
 ### Hosting Static Assets
 
@@ -88,4 +89,4 @@ Notable differences from the official [nginx container][]
 [nginx container]: https://hub.docker.com/_/nginx
 [gomplate]: https://docs.gomplate.ca/
 [uwsgi]: https://uwsgi-docs.readthedocs.io/en/latest/
-[nginx status]: https://nginx.org/en/docs/http/ngx_http_stub_status_module.html
+[nginx status]: https://nginx.org/en/docs/http/ngx_http_stub_status_module.html
diff --git a/src/docker-entrypoint.d/00-render-templates.sh b/src/docker-entrypoint.d/00-render-templates.sh
@@ -16,6 +16,9 @@ function render_templates {
   done
 }
 
+export WORKER_FILE_LIMIT=${WORKER_FILE_LIMIT:=$(( WORKER_CONNECTIONS * 2 ))}
+export WSGI_TIMEOUT=${WSGI_TIMEOUT:-${KEEPALIVE_TIMEOUT}}
+
 render_templates "/etc/nginx/*.template" "/etc/nginx"
 render_templates "/etc/nginx/conf.d/*.template" "/etc/nginx/conf.d"
 render_templates "/etc/nginx/includes/*.template" "/etc/nginx/includes"
diff --git a/src/etc/nginx/conf.d/default.conf.template b/src/etc/nginx/conf.d/default.conf.template
@@ -1,4 +1,4 @@
-# Default configuration returns 400 in order to deny any request with an 
+# Default configuration returns 400 in order to deny any request with an
 # unrecognized host header (server_name.)
 {{ if (ne .Env.SERVER_NAME "_") }}
 server {
@@ -21,7 +21,7 @@ server {
   add_header X-Frame-Options "SAMEORIGIN";
   add_header X-XSS-Protection "1; mode=block";
   add_header X-Content-Type-Options "nosniff";
-  
+
   location / {
     {{ if (eq .Env.PROXY_UWSGI "1") }}
     include /etc/nginx/includes/uwsgi.conf;

diff --git a/src/etc/nginx/includes/uwsgi.conf.template b/src/etc/nginx/includes/uwsgi.conf.template
@@ -2,5 +2,5 @@ uwsgi_pass app;
 uwsgi_param HTTP_X_REQUEST_ID $request_id;
 uwsgi_param HTTP_HOST $host;
 include uwsgi_params;
-uwsgi_read_timeout {{ .Env.KEEPALIVE_TIMEOUT }};
-uwsgi_send_timeout {{ .Env.KEEPALIVE_TIMEOUT }};
+uwsgi_read_timeout {{ .Env.WSGI_TIMEOUT }};
+uwsgi_send_timeout {{ .Env.WSGI_TIMEOUT }};
diff --git a/src/etc/nginx/nginx.conf.template b/src/etc/nginx/nginx.conf.template
@@ -7,6 +7,7 @@ pid        /var/run/nginx.pid;
 # Used to zap Server header
 load_module /usr/lib/nginx/modules/ngx_http_headers_more_filter_module.so;
 
+worker_rlimit_nofile {{ .Env.WORKER_FILE_LIMIT }};
 events {
     worker_connections  {{ .Env.WORKER_CONNECTIONS }};
     use epoll;