Solution for preventing high load of sysgurad module in nginx

Last Update:2017-01-13 Source: Internet

Author: User

Tags curl 503 service temporarily unavailable

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

If nginx is attacked or its access traffic suddenly increases, the server will go down due to high load or insufficient memory, which will lead to site access failure. The solution to be discussed today comes from the nginx-http-sysguard module developed by Taobao. It is mainly used to perform corresponding actions when the load and memory reach a certain threshold value, for example, 503,504 or another. wait until the memory or load is back to the threshold to restore the site. To put it simply, these modules provide nginx with a buffer time.

1. Install the nginx sysguard module

1.1 Download an object

The code is as follows:	Copy code
# Wget http://nginx.org/download/nginx-1.4.2.tar.gz # Wget https://github.com/alibaba/nginx-http-sysguard/archive/master.zip -O nginx-http-sysguard-master.zip # Unzip nginx-http-sysguard-master.zip # Tar-xzvf nginx-1.4.2.tar.gz

1.2 sysgrard patches
Here did not find the corresponding nginx-1.4.2 patch, only 1.2.9 and 1.3.9, simply try 1.3.9, it should be almost.

The code is as follows:	Copy code
# Cd nginx-1.4.2 # Patch-p1 <../nginx-http-sysguard-master/nginx_sysguard_1.3.9.patch

1.3 install nginx

The code is as follows:	Copy code
#./Configure -- prefix =/usr/local/nginx-1.4.2 -- With-http_stub_status_module -- add-module = ../nginx-http-sysguard # Make # Make install

2. sysguard command
Syntax: sysguard [on | off]
Default value: sysguard off
Configuration section: http, server, location
Switch Module

Syntax: sysguard_load load = number [action =/url]
Default value: none
Configuration section: http, server, location
Specify the load threshold. When the system load exceeds this threshold, all requests will be redirected to the uri request defined by the action. If no URL action is defined, the server will return 503 directly.

Syntax: sysguard_mem swapratio = ratio % [action =/url]
Default value: none
Configuration section: http, server, location
Defines the threshold value used by the swap partition. If the swap partition exceeds this threshold, all subsequent requests will be redirected to the uri request defined by the action. if no URL action is defined, the server returns 503

Syntax: sysguard_interval time
Default value: sysguard_interval 1 s
Configuration section: http, server, location
Defines the update frequency of system information. The default value is 1 second.

Syntax: sysguard_log_level info | notice | warn | error
Default value: sysguard_log_level error
Configuration section: http, server, location
Define the log level of sysguard

3. sysguard instance
3.1 nginx configuration

The code is as follows:

Copy code

Server {
Listen 80;
Server_name www.111cn.net www.heytool.com;
Access_log/data/logs/nginx/www.111cn.net. access. log main;

Index index.html index. php index.html;
Root/data/site/www.111cn.net;

Sysguard on;
# To facilitate the test, the load threshold is 0.01, which is usually 5 or 10 +
Sysguard_load load = 0.01 action =/loadlimit;
Sysguard_mem swapratio = 20% action =/swaplimit;

Location /{

    }

Location/loadlimit {
Return 503;
    }

Location/swaplimit {
Return 503;
    }
}

3.2 Test
When the load is OK, access nginx

The code is as follows:	Copy code
# Uptime 16:23:37 up 6 days, 2 users, load average: 0.00, 0.01, 0.05 # Curl-I www.111cn.net HTTP/1.1 403 Forbidden Server: nginx Date: Thu, 03 Oct 2013 16:27:13 GMT Content-Type: text/html Content-Length: 162 Connection: keep-alive

Because there are no files under the site, 403 is returned. In fact, it doesn't matter.

When the load exceeds the threshold, access nginx

The code is as follows:	Copy code
# Uptime 16:25:59 up 6 days, 2 users, load average: 0.05, 0.04, 0.05 # Curl-I www.111cn.net HTTP/1.1 503 Service Temporarily Unavailable Server: nginx Date: Thu, 03 Oct 2013 16:26:19 GMT Content-Type: text/html Content-Length: 206 Connection: keep-alive

I will not test the function of swap exceeding the threshold value. When you go home, you can test it by yourself.

Conclusion
This method is also recommended when nginx is a realserver. If the server load increases, it usually takes a long time to restore to the normal level, when this plug-in is used, when the load reaches the threshold, nginx returns 503. In the previous section, a failover was used to send the request to other servers. This server is inaccessible, it can quickly restore to normal and immediately put into work. The server that exceeds the threshold will be able to process requests at a lower speed. This module can be used to skillfully send requests to servers that are faster, to some extent, the slow access speed is avoided. in the cluster environment and in a single-point environment, you don't have to consider it.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More