Configure the www-data user to have 8192 open files. This should match or exceed the worker_rlimit_nofile setting in NGINX config.
Edit /etc/security/limits.d/10-nofile.conf:
www-data soft nofile 8192 www-data hard nofile 8192
Note: Files in /etc/security/limits.d/ are processed after /etc/security/limits.conf and are preferred for custom configurations.
Create the override directory and file:
mkdir -p /etc/systemd/system/nginx.service.d
Create /etc/systemd/system/nginx.service.d/override.conf:
[Service] LimitNOFILE=8192
Reload systemd:
systemctl daemon-reload
Important: For systemd-managed services, this override takes precedence over /etc/security/limits.d/ settings.
Edit /etc/nginx/nginx.conf and add at the top level (outside any block):
worker_rlimit_nofile 8192;