最後更新: 2016-04-18
目錄
- Limiting the Number of Connections
- 限速
- Limiting the Request Rate
- Real Usage
Limiting the Number of Connections (limit_conn_zone & limit_conn)
limit the number of connections per the defined key
Only if it has a request processed by the server and the whole request header has already been read.
Context: http, server, location
Code
http { # Usage: limit_conn_zone $variable zone=name:size; # A "shared" memory zone that will keep states for various keys. # The $remote_addr variable’s size can vary from 7 to 15 bytes. # The $binary_remote_addr variable’s size is always 4 bytes. (1M 已經有 262144) limit_conn_zone $binary_remote_addr zone=perip:2m; limit_conn_zone $server_name zone=perserver:10m; ... server { ... # When this limit is exceeded, the server will return the 503 (default) limit_conn_status 509; ... # desired logging level for cases when the server limits the number of connections. # info | notice | warn | error(default) limit_conn_log_level error; ... # Limit conn limit_conn perip 10; limit_conn perserver 100; ... location /download/ { limit_conn addr 2; } }
log
2016/04/19 12:34:49 [error] 11039#0: *638 limiting connections by zone "perip", client: x.x.x.x, server: datahunter.org, request: "GET / HTTP/1.0", host: "datahunter.org"
* In HTTP/2 and SPDY, each concurrent request is considered a separate connection.
限速
基本:
# 由於 "limit_rate" 是 per connection 的, 所以要加 "limit_conn" 去限制 overall 幾快 limit_conn_zone $binary_remote_addr zone=perip:2m; location ^~ /videos/ { ....... # limits speed only after the first part (1 mbyte) was sent. limit_rate_after 1m; # per connection (the client can open several connections...) limit_rate 150k; ... # 由於 "limit_rate" 是 per connection 的, 所以要加 "limit_conn" limit_conn addr 1; }
Limiting the Request Rate (limit_req_zone&limit_req)
Limit the request processing rate per a defined key
The limitation is done using the “leaky bucket” method.
If the rate is exceeded the requests above the limit are put into a queue and
processing is delayed in such a way that the overall rate is not greater than specified.
over limit=> return the 503 (Service Temporarily Unavailable)
# requests per second (r/s) # requests per minute (r/m) # $binary_remote_addr => a single IP address limit_req_zone $binary_remote_addr zone=qps1:1m rate=1r/s; server { # Default limit_req_log_level error; limit_req_status 503; location /delay { #time request refuse sucess delay #00:01 6 1 1 4 #00:02 0 0 1 3 #00:03 0 0 1 2 #00:04 0 0 1 1 #00:05 0 0 1 0 # Limit req limit_req zone=qps1 burst=5; } location /nodelay { #time request refuse sucess #00:01 5 0 5 #00:05 5 0 5 #00:10 5 0 5 limit_req zone=qps1 burst=5 nodelay; } }
Remark
基本上要加 "nodelay" 否則個 Website 會好慢
Real Usage
# Define Limit Zone limit_conn_zone $binary_remote_addr zone=perip:1m; limit_req_zone $binary_remote_addr zone=qps2:1m rate=2r/s; server { # limit conn limit_conn perip 4; # limit speed limit_rate_after 1m; limit_rate 150k; ...... location / { # Limit req limit_req zone=qps2 burst=10 nodelay; include /etc/nginx/proxy_params; proxy_pass http://MyBackend; } }