Enterprise web architecture optimization {learn from this post Ma Ying-jeou Maximilian Kalbfell}
Case number one:
Role: Source IP access restrictions site
the best scenarios: internal website or exposed to malicious attacks extranet site IP appears
LOCATION / {
root HTML / Blog;
index index.php index.html index.htm;
deny 10.0.0.1; # ### deny allow, deny sure to add an IP, otherwise there will be endless loop harm.
allow all; ### allow ban, all all
}
Case II: <error code page optimization>
effect: When business page fault, unable to process the request properly, will return some of the less-friendly default error page. (E.g., 404,500,5002, etc.). The error page may display elegant
Best scenario: electricity supplier promotional activities, such as during the peak of the live broadcast, the website can do the record mode
Server {
the listen 80;
server_name www.douyu.com;
LOCATION / {
root HTML / the WWW;
index.html index.htm index;
error_page 400 403 404 405 408 410 411 412 413 414 415 http://bak.douyu.com ; # 404 and the like when an error occurs, a jump to a specified the URL HTTP: // BAK .douyu.com page displayed to the user, the URL is generally available additional enterprise address (also spare) .
/usr/local/nginx/logs/bbs_access.log commonlog access_log;
}
}
Case 3:
Role: to limit the number of concurrent web traffic and the entrance to prevent the collapse site
the best scenario: Foreign exposed sites, such as when the electricity supplier and promotions (double 11 double 12, etc.), hacker attacks (DDOS, CC), prevent is high concurrency defeated instantly.
limit_conn_zone manner (the number of client side restrictions, a single IP effect)
HTTP {
limit_conn_zone binary_remote_addr is $ = Zone One: 10m;
Server
{......
limit_conn One 10; ### concurrent client connections can only be 10, Conversely return 503 (which may take effect for the entire service, but also on the location of the force for a single location)
......}}
limit_req_zone mode (restriction "leaky bucket" method client rate, the role of a single IP)
HTTP {
limit_req_zone $ binary_remote_addr is req_one Zone =: Rate = 10m lR / S; ### = Rate lR / S per each address means only one request
Server
{......
limit_req Zone = req_one burst = 120; token bucket ### = 120 Burst token, and only every second a new token, the token sent 120 after the addition, the extra 503 will return the request ..
......}}
ngx_http_upstream_module (backend limiting)
upstream XXXX {
Server 127.0.0.1:8080 MAX_CONNS = 10; the number of concurrent backend processing ### is 10, (the actual number of concurrent and 10 may have a small gap, but negligible)
Server 127.0 .0.1: 8081 MAX_CONNS = 10;
}
Additional:
ab tool mounting step
yum -y ### mounted reliance util-yum-On Apr the install utils
yum -Y install the install the httpd ###-ab Tools command
./ab -C 50 -n 1000 of http://127.0.0.1 /index.html ### - C 50 sec 50 -n 1000 concurrently transmit requests a total of 1000