![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
最後更新: 2016-04-18
目錄
- Limiting the Number of Connections
- 限速
- Limiting the Request Rate
- Real Usage
Limiting the Number of Connections (limit_conn_zone & limit_conn)
limit the number of connections per the defined key
Only if it has a request processed by the server and the whole request header has already been read.
Context: http, server, location
Code
http {
# Usage: limit_conn_zone $variable zone=name:size;
# A "shared" memory zone that will keep states for various keys.
# The $remote_addr variable’s size can vary from 7 to 15 bytes.
# The $binary_remote_addr variable’s size is always 4 bytes. (1M 已經有 262144)
limit_conn_zone $binary_remote_addr zone=perip:2m;
limit_conn_zone $server_name zone=perserver:10m;
...
server {
...
# When this limit is exceeded, the server will return the 503 (default)
limit_conn_status 509;
...
# desired logging level for cases when the server limits the number of connections.
# info | notice | warn | error(default)
limit_conn_log_level error;
...
# Limit conn
limit_conn perip 10;
limit_conn perserver 100;
...
location /download/ {
limit_conn addr 2;
}
}log
2016/04/19 12:34:49 [error] 11039#0: *638 limiting connections by zone "perip", client: x.x.x.x, server: datahunter.org, request: "GET / HTTP/1.0", host: "datahunter.org"
* In HTTP/2 and SPDY, each concurrent request is considered a separate connection.
限速
基本:
# 由於 "limit_rate" 是 per connection 的, 所以要加 "limit_conn" 去限制 overall 幾快
limit_conn_zone $binary_remote_addr zone=perip:2m;
location ^~ /videos/ {
.......
# limits speed only after the first part (1 mbyte) was sent.
limit_rate_after 1m;
# per connection (the client can open several connections...)
limit_rate 150k;
...
# 由於 "limit_rate" 是 per connection 的, 所以要加 "limit_conn"
limit_conn addr 1;
}
Limiting the Request Rate (limit_req_zone&limit_req)
Limit the request processing rate per a defined key
The limitation is done using the “leaky bucket” method.
If the rate is exceeded the requests above the limit are put into a queue and
processing is delayed in such a way that the overall rate is not greater than specified.
over limit=> return the 503 (Service Temporarily Unavailable)
# requests per second (r/s) # requests per minute (r/m) # $binary_remote_addr => a single IP address limit_req_zone $binary_remote_addr zone=qps1:1m rate=1r/s; server { # Default limit_req_log_level error; limit_req_status 503; location /delay { #time request refuse sucess delay #00:01 6 1 1 4 #00:02 0 0 1 3 #00:03 0 0 1 2 #00:04 0 0 1 1 #00:05 0 0 1 0 # Limit req limit_req zone=qps1 burst=5; } location /nodelay { #time request refuse sucess #00:01 5 0 5 #00:05 5 0 5 #00:10 5 0 5 limit_req zone=qps1 burst=5 nodelay; } }
Remark
基本上要加 "nodelay" 否則個 Website 會好慢
Real Usage
# Define Limit Zone
limit_conn_zone $binary_remote_addr zone=perip:1m;
limit_req_zone $binary_remote_addr zone=qps2:1m rate=2r/s;
server {
# limit conn
limit_conn perip 4;
# limit speed
limit_rate_after 1m;
limit_rate 150k;
......
location / {
# Limit req
limit_req zone=qps2 burst=10 nodelay;
include /etc/nginx/proxy_params;
proxy_pass http://MyBackend;
}
}
