Connection number control
The ngx_http_limit_conn_module module is used to limit the number of connections corresponding to each defined key.
Not all connections are counted, and when a connection request is processed by the server and the request header is read, the connection is counted as a connection.
limit_conn_zone key zone=name:size;
limit_conn_zone is used to define a shared memory area in the http block to store the number of connections to the client. Key is used to distinguish different client connections. name is used to specify the name of the region and size is used to specify the memory size. The key can be text or variable, and if a requested key is empty, the request count will not be performed. This is actually maintaining a memory map area (key, count).
as follows:
limit_conn_zone $binary_remote_addr zone=addr:10m;
Open up a 10m memory area with the name addr and the key is b i n a r y re e m o t e a d d r . binary_remote_addr. binary emoteaddr. binary_remote_addr means counting by client IP address. After the zone definition is completed, it is mainly used for the limit_conn instruction to limit the number of connections.
limit_conn zone number;
The limit_conn directive is used to limit the maximum number of connections to the same client. To work with limit_conn_zone. The zone here is the referenced region name defined by limit_conn_zone, and number is the limit maximum number of connections. When the maximum number of connections exceeds, a specific error is returned. The default is 503. You can specify a specific error code through limit_conn_status code;.
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_conn_status 429;
server {
location /download/ {
limit_conn addr 2;
}
The above indicates that a 10M memory area named addr is opened, which is used to count the number of requests for each client IP ($binary_remote_addr), and limits that each IP can only have up to 2 concurrent connections. If the number of concurrency exceeds, a 429 error is returned.
The limit_conn directive can be repeated
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server {
...
limit_conn perip 5;
limit_conn perserver 100;
}
As shown above, limiting the maximum number of concurrency per client is 5, and the maximum number of connections supported by a server is 100.
/en/docs/http/ngx_http_limit_conn_module.html
Request rate control
In addition to limiting the number of client connections, the client's request rate can also be limited through the ngx_http_limit_req_module module. The number of instructions and limit connections is similar.
limit_req_zone key zone=name:size rate=rate ;
The limit_req_zone instruction is used to define the request rate limit memory area. The key is the same as the limit_zone instruction, which is used to identify the key value of the calculation rate. Name is the memory area name, size is the memory size, rate is the rate, unit is (r/s), and no minute is (r/m). This directive can only be used in http blocks.
limit_req_zone $binary_remote_addr zone=limitbyaddr:10m rate=3r/s;
The above configuration indicates that the client IP is used as the key, the client request rate is counted, and the memory size is 10m. 1M memory can store statistical information of about 16,000 IPs, so 10M can count about 160,000 IPs. The memory area name is limitbyaddr, and the client request rate is 3 requests per second.
limit_req instruction limits the rate
limit_req zone=name [burst=number] [nodelay | delay=number];
limit_req is used to set the request rate, and zone specifies the region name set by limit_req_zone. In this way, nginx will install the zone specified rate to control client requests. For requests exceeding the given rate, nginx will reject processing. Prevent excessive requests from putting stress on the server.
If the zone's memory runs out, nginx will remove the earliest key. If the space is not enough to store the new request record at this time, nginx or return a 503 error.
However, for a website or application, the access traffic starts smoothly and fluctuates. If the fluctuation exceeds the rate, reject it, which is not what we want, and it affects the overall stability of the application. At this time, you can use the burst parameter to handle burst traffic. The burst parameter allows the number of requests to exceed the normal rate limit within a short period of time, and can reach the specified burst value at most.
There are also delay and nodelay parameters when used in conjunction with burst. nodelay means that the processing of burst requests will not be delayed when processing burst requests. Without this parameter, burst requests will be queued and delayed until they can be processed according to rate limiting.
limit_req_zone $binary_remote_addr zone=limitbyaddr:10m rate=3r/s;
server {
location / {
limit_req zone=limitbyaddr burst=12 delay=9;
}
}
The above configuration limits 3 requests per second, and the maximum peak fluctuation request is 12, and the 9th request exceeding the rate will be placed in the queue for delay processing.
Requests that are rejected exceeding the limit rate can also be automatically assigned to the status code and set through the limit_req_status command.
This is the article about the implementation of nginx control connections and access rate. For more related nginx control connections and access rate, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!