Nginx is a good web server and provides a comprehensive speed limit function. The main functional modules are ngx_http_core_module, ngx_http_limit_conn_module, and ngx_http_limit_req_module. The first module includes the limit_rate function (limited bandwidth ), in the latter two modules, the functions are limit connection and limit request. These modules are compiled into the nginx core by default.
All restrictions are aimed at IP addresses, so they have a certain defensive effect on CC and DDOS.
Bandwidth limit is easy to understand.
123
location /mp3 {
limit_rate 200k;
}
There is one way to make the speed limit more humane, that is, the speed limit starts after a certain amount of traffic is transmitted,
For example, first transmit 1 M at full speed and then start the speed limit:
1234
location /photo {
limit_rate_after 1m;
limit_rate 100k;
}
Next we will talk about the limited number of concurrent requests and the number of requests.
Why are there two modules? Because we know that a page usually has multiple sub-modules, such as five images, we initiate a connection when requesting this page, but this connection contains five image requests, that is to say, a connection can initiate multiple requests. To maintain the user experience, we need to select whether to limit the number of connections or the number of requests based on actual needs.
1. Limit the number of connections
To restrict connections, you must first have a container that counts connections and add the following code to the http segment:
1
limit_conn_zone $binary_remote_addr zone=addr:5m;
In this way, a speed limit pool named addr is created in the memory (each connection occupies 32 or 64 bytes, and the size of 5 MB can accommodate tens of thousands of connections, which is usually enough, if 5 MB of memory is used up, 503 is returned)
Next, we need to limit the speed of different locations (location segments) of the server. For example, to limit the number of concurrent connections of each IP address to 2
1
limit_conn addr 2;
2. Limit the number of requests
To limit the number of requests, you must first create a speed limit pool and add the following code to the http segment:
1
limit_req_zone $binary_remote_addr zone=one:5m;
The speed limit is divided into global speed limit and local speed limit,
For the global speed limit, we only need to add the following parameters, for example, 20 requests per second, rate = 20r/s, that is:
1
limit_req_zone $binary_remote_addr zone=perip:5m rate=20r
/s
;
Sometimes we want to adjust the link in the location segment, you can use the burst Parameter
1
limit_req zone=one burst=50;
If you do not want latency, there is also the nodelay Parameter
1
limit_req zone=one burst=50 nodelay;
The above is the nginx Speed Limit Function introduction, improper, please correct me. The specific speed limit method should be considered to avoid damaging the user experience.
References
Http://wiki.nginx.org/HttpCoreModule#limit_rate
Http://nginx.org/cn/docs/http/ngx_http_limit_req_module.html
Http://nginx.org/cn/docs/http/ngx_http_limit_conn_module.html
Http://wiki.nginx.org/HttpLimitConnModule
Http://wiki.nginx.org/HttpLimitReqModule
Http://tengine.taobao.org/nginx_docs/cn/docs/http/ngx_http_limit_conn_module.html#limit_zone
This article from the "Focus on Linux O & M" blog, please be sure to keep this source http://purplegrape.blog.51cto.com/1330104/1228527