The following link to view the modules in the official details
http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html
limit_req_zone used to limit the number of requests per unit time, i.e., rate limiting, the leaky bucket algorithm "Leaky bucket"
limit_req_conn used to limit the number of connections at the same time, limit the concurrent i.e.
wherein limit_req_conn module can concurrently access source IP user connected to a single limit or connect to the service number is the total number of concurrent connections
First, what is a leaky bucket?
We assume that the system is a leaky bucket, when a request arrives, that is to drain the bucket "add water", and when the request is processed away, is leakage of water from the bottom of the bucket. Water leakage rate is fixed, when the "add water" too fast, the bucket will overflow, or "deny the request." So that the volume of water bucket can not exceed the capacity of the tub. The main purpose is to control the data rate of the network to the injection, the smoothed burst traffic network. Leaky bucket algorithm provides a mechanism to provide a stable flow for the network through which the burst traffic can be shaped.
Examples are as follows:
http { limit_conn_log_level error; limit_conn_status 503; limit_conn_zone $binary_remote_addr zone=one:10m; limit_conn_zone $server_name zone=perserver:10m; limit_req_zone $binary_remote_addr zone=allips:100m rate=10r/s; } server { limit_conn one 100; limit_conn perserver 1000; limit_req zone=allips burst=5 nodelay; } }
Of parameters:
Zone One or = denotes allips set called "one" or "allips" storage area, a size of 10 megabytes
rate = 10r / s means 1 to allow no more than 10 seconds, the request
burst = 5 represents the maximum number of requests a delay no more than 5, if the request is restricted too much delay is not required, then the need to use nodelay parameter, the server returns a status code 503 immediately
limit_conn one 100 indicates the maximum number of concurrent connections 100
limit_conn 1000 represents PerServer the total number of connections to the service provider shall not exceed 1000 over the request will be rejected
rate = 10r / m means 1 second to allow no more than one request, the number of requests is not greater than the maximum delay 5.
If the request need not be delayed, added nodelay parameter, the server returns a status code 503 immediately. Without this field will cause a lot of tcp connection requests to wait.
http{ limit_zone one $binary_remote_addr 10m; server { limit_conn one 1; } }
One here is to declare a limit_zone name, $ binary_remote_addr variable substitution $ remore_addr of, 10m space session state storage
limit_conn one 1, limit client concurrent connections number is 1, allow only one connection per an IP address at a time (Each).
According understood literally, lit_req_zone function is to restrict users by the leaky bucket principle connection frequency, (This module allows you to limit the individual address number of requests for the specified session or special needs)
and limit_zone function is to limit the number of concurrent connections a client. (This module may limit or specify a session of a single address special cases concurrent connections)
In the test machine top with two parameters:
http{ limit_zone one $binary_remote_addr 10m; #limit_req_zone $binary_remote_addr zone=req_one:10m rate=1r/s; server { limit_conn one 1; #limit_req zone=req_one burst=120; } }
Explain binary_remote_addr $ 10m One limit_zone;
One here is to declare a limit_zone name, $ binary_remote_addr variable substitution of $ remore_addr, 10m space session state storage
limit_conn one 1, limit the number of concurrent connections to the client 1
Example: limiting number of simultaneous connections to clients 60, 503 excess return
http{ limit_conn_zone $server_name zone=mobile_server:20m ; server{ location ^~/mobile { limit_conn uninogift_mobile_server 60; limit_conn_status 503; ssi on; ssi_silent_errors on; proxy_read_timeout 300; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://uninogift-mobile; } } }
Two, limit_zone two different situations
a) limit_reqzone = one burst = 10 ;
default is arranged so that each request will have a time delay
limit_req_zone $ binary_remote_addr zone = one: 100m rate = 10r / m;
is 10 tokens per minute for users, according to a configuration, there will be a Delay, each request time is 60/10, and that each request time is 6s.
b) limit_reqzone = one burst = 10 nodelay;
add nodelay configuration, so that access to the network based on your situation, one minute after 10 enough times to access the server 503 returns directly.
Eg: imit_req_zone $ binary_remote_addr zone = one : 100m rate = 10r / m;
is 10 tokens per minute for users, according to the configuration b, according to the network will access url, if one minute more than 10 tokens The server returns 503, wait for the next one minute receive access token. rate = 10r / m means that each address request only 10 times per minute, that is to say in accordance with the principle of bucket burst = 1, a total of a token, and only the new token 10 per minute, so that a those requests made after the extra cards will return 503, after adding more than nodelay burst size of the request will return 503 directly, without this field will cause a lot of tcp connection requests to wait.
{HTTP limit_req_zone # define a called allips for storing the session, the size of a memory 10M, # binary_remote_addr is as in $ key, limiting the average of 20 per second request, # 1M can store 16,000, the value must be rete integer, # if a restriction request two seconds, may be provided 30R / m limit_req_zone Zone binary_remote_addr is $ = allips: Rate = 10m 20R / S; Server { LOCATION { # ip every limit of not more than 20 requests per second, the number of barrels leak to burst. 5 #brust means that, if 1 second, 2 , 3 , 4 seconds of the request 19, # 5 is 25 seconds request is allowed. # But if you first 25 seconds the request, the first two seconds more than 20 requests return a 503 error. #nodelay, if this option is not provided, strictly limit the number of requests average rate, when # 25 requests in one second, five execution request into the second 2 seconds, # provided NoDelay ™, 25 requests will be executed in one second. Zone limit_req = allips Burst =. 5 NoDelay ™; } } } download speed limits: LOCATION / downloads { limit_rate 128K; } # if you want to set before the user downloads the file size 10m limited speed, then more than 10m at 128KB / S speed can be increased with the following content, modify the file nginx.conf LOCATION / downloads { limit_rate_after 10m; limit_rate 128K; }