Use of limit_conn in nginx

The ngx_http_limit_conn_module defines the number of connections for each key value based on the defined key. In particular, you can set the number of connections from a single IP address source.

Not all connections are counted by the module. Only the connections in which the processed requests (the header information of these requests has been fully read) are counted.

Configuration Example

 

Http {
Limit_conn_zone $ binary_remote_addr zone = addr: 10 m;

...

Server {

...

Location/download /{
Limit_conn addr 1;
        }

Limit_conn_zone $ binary_remote_addr zone = perip: 10 m; # The container uses a total of 10 m memory for IP address transmission overhead.

Replace the original limit_conn one with limit_conn perip. Used on server

Example:

Limit_conn perip 10; # each IP uses 10 connections.

Command

 
Syntax:
Limit_conn zone number;
 

Default value:
-

Context:
Http, server, location
 

Specify a set shared memory space and the maximum number of connections for each given key value. When the number of connections exceeds the maximum number of connections, the server returns the 503 (Service Temporarily Unavailable) error. For example, the following configuration

Limit_conn_zone $ binary_remote_addr zone = addr: 10 m;

Server {
Location/download /{
Limit_conn addr 1;
    }

Indicates that only one connection is allowed at a time for the same IP address.

When multiple limit_conn commands are configured, the limit on the number of connections takes effect. For example, the following configuration limits not only the number of connections from a single IP address source, but also the total number of connections from a single virtual server:

Limit_conn_zone $ binary_remote_addr zone = perip: 10 m;
Limit_conn_zone $ server_name zone = perserver: 10 m;

Server {
...
Limit_conn perip 10;
Limit_conn perserver 100;
}

 

If the current configuration level does not contain the limit_conn command, the connection restriction configuration will be inherited from a higher level.

 

Syntax:
Limit_conn_log_level info | notice | warn | error;
 

Default value:
Limit_conn_log_level error;
 

Context:
Http, server, location
 

This command appears in version 0.8.18.

Specify the log level when the number of connections exceeds the set maximum number of connections and the server limits the connection.

 

Syntax:
Limit_conn_zone $ variable zone = name: size;
 

Default value:
-

Context:
Http
 

Set the parameters for the shared memory space to save the status of each key. The current number of connections is saved. The key value can be any non-null value of a specific variable (null values will not be considered ). Example:

Limit_conn_zone $ binary_remote_addr zone = addr: 10 m;

Set the IP address of the client as the key. Note that the $ binary_remote_addr variable is used, instead of the $ remote_addr variable. The length of the $ remote_addr variable ranges from 7 bytes to 15 bytes, while the storage status occupies 32 bytes or 64 bytes in the 32-bit platform and 64 bytes in the 64-bit platform. The length of the $ binary_remote_addr variable is fixed to 4 bytes. The storage status occupies 32 bytes or 64 bytes on the 32-bit platform and 64 bytes on the 64-bit platform. A 1 MB shared memory space can save 32 thousand 32-bit states and 16 thousand 64-bit states. If the shared memory space is exhausted, the server will return a 503 (Service Temporarily Unavailable) error for all subsequent requests.

 

Syntax:
Limit_zone name $ variable size;
 

Default value:
-

Context:
Http
 

This command has been deprecated in version 1.1.8. The equivalent limit_conn_zone command should be used. The syntax of this command also changes:

Limit_conn_zone $ variable zone = name: size;