diff --git a/core/admin/start.py b/core/admin/start.py index 9574bbb7..24f31e07 100755 --- a/core/admin/start.py +++ b/core/admin/start.py @@ -64,7 +64,7 @@ test_unsupported() cmdline = [ "gunicorn", - "--threads", f"{os.cpu_count()}", + "--threads", os.environ.get('CPU_COUNT', '1'), # If SUBNET6 is defined, gunicorn must listen on IPv6 as well as IPv4 "-b", f"{'[::]' if os.environ.get('SUBNET6') else '0.0.0.0'}:8080", "--logger-class mailu.Logger", diff --git a/core/base/libs/socrate/socrate/system.py b/core/base/libs/socrate/socrate/system.py index c5046f4c..f494a7b7 100644 --- a/core/base/libs/socrate/socrate/system.py +++ b/core/base/libs/socrate/socrate/system.py @@ -141,6 +141,8 @@ def clean_env(): for item in os.environ.get('TLS', ALL_PORTS).split(','): if item in PORTS_REQUIRING_TLS: os.environ[f'TLS_{item}']='True' + if 'CPU_COUNT' not in os.environ: + os.environ['CPU_COUNT'] = str(os.cpu_count()) def drop_privs_to(username='mailu'): pwnam = getpwnam(username) diff --git a/core/dovecot/conf/dovecot.conf b/core/dovecot/conf/dovecot.conf index 9c92aca6..03709b2e 100644 --- a/core/dovecot/conf/dovecot.conf +++ b/core/dovecot/conf/dovecot.conf @@ -137,12 +137,22 @@ service imap-login { inet_listener imap { port = 143 } + service_count = 0 + client_limit = 25000 + process_min_avail = {{ CPU_COUNT }} + process_limit = {{ CPU_COUNT }} + vsz_limit = 256M } service pop3-login { inet_listener pop3 { port = 110 } + service_count = 0 + client_limit = 25000 + process_min_avail = {{ CPU_COUNT }} + process_limit = {{ CPU_COUNT }} + vsz_limit = 256M } ############### @@ -166,6 +176,11 @@ service managesieve-login { inet_listener sieve { port = 4190 } + service_count = 0 + client_limit = 25000 + process_min_avail = {{ CPU_COUNT }} + process_limit = {{ CPU_COUNT }} + vsz_limit = 256M } protocol sieve { @@ -223,4 +238,4 @@ service anvil { # Extensions ############### -!include_try /overrides/dovecot.conf +!include_try /overrides/dovecot/proxy.conf diff --git a/core/nginx/dovecot/proxy.conf b/core/nginx/dovecot/proxy.conf index 8decfc77..d7fcbb0a 100644 --- a/core/nginx/dovecot/proxy.conf +++ b/core/nginx/dovecot/proxy.conf @@ -87,6 +87,11 @@ service managesieve-login { inet_listener sieve-webmail { port = 14190 } + service_count = 0 + client_limit = 25000 + process_min_avail = {{ CPU_COUNT }} + process_limit = {{ CPU_COUNT }} + vsz_limit = 256M } {% endif %} @@ -114,6 +119,11 @@ service imap-login { inet_listener imap-webmail { port = 10143 } + service_count = 0 + client_limit = 25000 + process_min_avail = {{ CPU_COUNT }} + process_limit = {{ CPU_COUNT }} + vsz_limit = 256M } service pop3-login { @@ -132,6 +142,11 @@ service pop3-login { {% endif %} } {% endif %} + service_count = 0 + client_limit = 25000 + process_min_avail = {{ CPU_COUNT }} + process_limit = {{ CPU_COUNT }} + vsz_limit = 256M } recipient_delimiter = {{ RECIPIENT_DELIMITER }} @@ -161,4 +176,11 @@ service submission-login { inet_listener submission-webmail { port = 10025 } + service_count = 0 + client_limit = 25000 + process_min_avail = {{ CPU_COUNT }} + process_limit = {{ CPU_COUNT }} + vsz_limit = 256M } + +!include_try /overrides/dovecot.conf diff --git a/docs/faq.rst b/docs/faq.rst index 6b3011a1..1111481d 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -256,8 +256,10 @@ correct syntax. The following file names will be taken as override configuration - For both ``postfix.cf`` and ``postfix.master``, you need to put one configuration per line, as they are fed line-by-line to postfix. - ``logrotate.conf`` as ``$ROOT/overrides/postfix/logrotate.conf`` - Replaces the logrotate.conf file used for rotating ``POSTFIX_LOG_FILE``. -- `Dovecot`_ - ``dovecot.conf`` in dovecot sub-directory; -- `Nginx`_ - All ``*.conf`` files in the ``nginx`` sub-directory; +- `Dovecot`_ - ``dovecot.conf`` in dovecot sub-directory. +- `Nginx`_ : + - All ``*.conf`` files in the ``nginx`` sub-directory. + - ``proxy.conf`` in the ``nginx/dovecot`` sub-directory. - `Rspamd`_ - All files in the ``rspamd`` sub-directory. - `Roundcube`_ - All ``*.inc.php`` files in the ``roundcube`` sub directory. diff --git a/towncrier/newsfragments/3450.bugfix b/towncrier/newsfragments/3450.bugfix new file mode 100644 index 00000000..50c75f22 --- /dev/null +++ b/towncrier/newsfragments/3450.bugfix @@ -0,0 +1,2 @@ +Ensure we can do more than 100 parallel sessions. +Allow dovecot's config to be overriden in front too