This section covers recommended configurations for large-scale deployments of Teleport.
For Teleport Cloud customers, the settings in this guide are configured automatically.
Prerequisites
- Teleport v9.2.3 Open Source or Enterprise.
Hardware recommendations
Set up Teleport with a High Availability configuration.
Scenario | Max Recommended Count | Proxy | Auth Server | AWS Instance Types |
---|---|---|---|---|
Teleport Nodes connected to Auth Server | 10,000 | 2x 4 vCPUs, 8GB RAM | 2x 8 vCPUs, 16GB RAM | m4.2xlarge |
Teleport Nodes connected to Proxy Server through reverse tunnels | 10,000 | 2x 4 vCPUs, 8GB RAM | 2x 8 vCPUs, 16+GB RAM | m4.2xlarge |
Proxy Configuration
Upgrade Teleport's connection limits from the default connection limit of
15000
to 65000
and use an in-memory cache instead of the default SQLite
persistent cache.
teleport:
cache:
# Use an in-memory cache to speed up the connection of many teleport nodes
# back to proxy.
type: in-memory
# Set up connection limits to prevent throttling of many nodes connecting to proxies
connection_limits:
max_connections: 65000
max_users: 1000
Auth Configuration
Upgrade Teleport's connection limits from default connection limit of 15000
to
65000
.
# Teleport Auth
teleport:
connection_limits:
max_connections: 65000
max_users: 1000
Kernel parameters
Tweak Teleport's systemd unit parameters to allow a higher amount of open files:
[Service]
LimitNOFILE=65536
Verify that Teleport's process has high enough file limits:
cat /proc/$(pidof teleport)/limitsLimit Soft Limit Hard Limit Units
Max open files 65536 65536 files