Nginx implements current limiting
In order to prevent malicious access by users, you can set current limit in nginx to prevent avalanche effect of services
Nginx current limit is divided into two types
一是根据ip控制速率
二是控制并发连接数
1" According to the ip control rate current limiting configuration
Add configuration in the http module
binary_remote_addr is a key, which means that the current limit is based on remote_addr (client IP), and the purpose of binary_ is to compress the memory footprint.
zone : Define a shared memory area to store access information. contentRateLimit:10m represents a memory area with a size of 10M and a name of contentRateLimit.
1M can store 16000 IP address access information, 10M can store 16W IP address access information.
rate is used to set the maximum access rate, rate=10r/s means processing up to 10 requests per second.
Nginx actually tracks request information with millisecond granularity, so 10r/s is actually a limit: a request is processed every 100 milliseconds. This means that after the last request is processed, if another request arrives within 100 milliseconds, the request will be rejected and a 404 error will be returned.
Configure limit_req for a location
This configuration means that when the request path is /read_content, the current will be limited according to contentRateLimit,
the rate limit of each ip access is 2r/s, the number of requests that can be accessed in bursts is 4 , and the processing of requests is not delayed.
Full configured as follows
duplicated code
user root root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#cache
lua_shared_dict dis_cache 128m;
#限流设置
limit_req_zone $binary_remote_addr zone=contentRateLimit:10m rate=2r/s;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
location /update_content {
content_by_lua_file /root/lua/update_content.lua;
}
location /read_content {
limit_req zone=contentRateLimit burst=4 nodelay;
content_by_lua_file /root/lua/read_content.lua;
}
#添加nodelay配置,这样就是根据你的网络状况访问,一分钟访问够4次后,服务器直接返回503。
}}
2 "Limit current according to the number of concurrent connections
http模块添加
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
location 添加配置
location / {
limit_conn perip 10;#单个客户端ip与服务器的连接数.
limit_conn perserver 100; #限制与服务器的总连接数
root html; index index.html index.htm;
}
The complete configuration is as follows
user root root;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#cache
lua_shared_dict dis_cache 128m;
#限流设置
limit_req_zone $binary_remote_addr zone=contentRateLimit:10m rate=2r/s;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
location /update_content {
content_by_lua_file /root/lua/update_content.lua;
}
location /read_content {
limit_req zone=contentRateLimit burst=4 nodelay;
content_by_lua_file /root/lua/read_content.lua;
}
}
}
.
.
.
Afterword: After I found out that my white shoes were dirty, my partner would brush me clean, so I decided to buy only white shoes from now on.