scenes to be used:
Generally, a system that is exposed to the outside world will have a large number of requests during promotion or hacker attacks.In order to protect the system from being overwhelmed by the high concurrent traffic that comes in an instant, it needs to limit the flow.
1 Introduction
Generally, a system that is exposed to the outside world will have a large number of requests during promotion or hacking. In order to protect the system from being overwhelmed by the high concurrent traffic that arrives instantly, it is necessary to limit the flow.
This article mainly explains how to use nginx to achieve current limiting. Hystrix is also possible.
2. Coding
-First deploy a program that exposes the interface to the outside world
What I deployed here is a spring boot project that exposes the following interfaces, which is very simple
Exposing a restful interface for get requests to return hello world.
This program is packaged and deployed to the linux server.
Upload deployment and release:
3. Environment configuration
Create (modify) a configuration file named nginx.conf, the complete content is as follows
The current limiting part of the configuration file explains:
As above, the current limiting configuration of nginx has only two lines of code.
first row:
limit_req_zone: is the current limit statement.
$binary_remote_addr: Indicates that the current limit is based on the client ip. For example, the above current limit configuration limits the request frequency of each client ip to once a second. If you play rogue twice a second, you will be restricted and return an http 503 Error to you.
zone=perip: Indicates that the name of perip is used to identify this line of current limiting configuration, and this line of current limiting configuration will be referred to by the name of perip later (that is, the current limiting configuration can be defined as multiple)
10m: Indicates that the space for storing client ip is 10MB, 1MB is about storing more than 10,000 ip, 10 MB is about more than 100,000 IP, refer to other documents: http : //www.ttlsa.com/nginx/ng ... here Search for binary_remote_addr in this article to locate the relevant explanation.
rate=1r/s: Indicates that the frequency is one request per second.
second line:
Indicates that on the myserver cluster, the current limiting configuration named perip is used
4. Deploy nginx with docker
Ensure that the docker environment has been installed
Copy the nginx.conf configuration file created in the previous step to the linux directory, /root/software/temp (the directory can be any), and then a docker command to deploy the nginx environment
docker run -it -v /test:/soft centos /bin/bash
冒号":"前面的目录是宿主机目录,后面的目录是容器内目录。
The port 8082 is exposed here, and the load balancing node in the nginx configuration can be accessed through port 8082, that is, 192.168.59.128:8089 ip port.This ip port corresponds to the hello world program created in the first step.
Use code to write client access and define the helloworld interface
The local test function is OK, the following figure shows that the access is normal, no problem>> Return to hello world.
There are two ways
1. ab test
2. Remote host access
Server Linux needs to open port 8082 to expose to external access!
Use the Linux command netstat to check the list of open ports in the system
netstat -tplugnQuery whether the port is occupied by a process daemon, such as port 80.
Example: netstat -nalp|grep 80My ngin service has started
Open external port 8082
(You can also turn off the firewall directly)
The configuration check is no problem, execute the test
I am here to perform 10 get requests per second, which is greater than the rate=1r/s configured in nginx, which is requested once per second, so I will see a 404 error, as follows
If the get request is executed once per second, no error will be reported. As shown below
