Home >Operation and Maintenance >Nginx >Nginx control of traffic

Nginx control of traffic

藏色散人
藏色散人forward
2019-10-18 14:44:162368browse

Purpose

Understand Nginx’s ngx_http_limit_conn_module and ngx_http_limit_req_module modules to control the amount of request access.

Recommended tutorial: nginx tutorial

Nginx modularity

The internal structure of nginx is composed of core modules and a series of Composed of functional modules. The modular architecture makes the functions of each module relatively simple, achieves high cohesion, and also facilitates the functional expansion of Nginx.

For web requests, all enabled modules of Nginx will form a chain, similar to the levels in a level-breaking game. Each module is responsible for a specific function, such as the ngx_http_gzip_module module that implements compression, and the ngx_http_auth_basic_module module that implements verification. And the ngx_http_proxy_module module that implements proxy, etc. Requests to connect to the server will be processed by each module of Nginx in turn. Only requests processed by these modules will be actually passed to the background program code for processing.

Nginx concurrent access control

For web servers, when encountering web crawlers or malicious large-traffic attacks, the server memory and CPU will be full. The bandwidth will also be full, so as a mature server agent software, it needs to be able to control these situations.

Nginx has two ways to control concurrency. One is to control the amount of concurrency through IP or other parameters; the other is to control the total request processing volume per unit time. That is, the control of concurrency and parallelism. These two functions are implemented by the ngx_http_limit_conn_module and ngx_http_limit_req_module modules respectively.

ngx_http_limit_conn_module Module

Description

This module is mainly used to control the amount of concurrent requests.

Parameter configuration

● limit_conn_zone

Instruction configuration limit_conn_zone key zone=name:size

Configuration context: http

Description: key is a variable in Nginx, usually $binary_remote_addr | $server_name; name is the name of the shared memory, size is the size of the shared memory; this configuration will apply for a shared memory space name, and save the access status of the key

● limit_conn_log_level

Syntax: limit_conn_log_level info|notice|warn|error

Default value: error

Configuration context: http, server, location

Description: When the access reaches the maximum limit, the access status will be recorded in the log

● limit_conn

Syntax: limit_conn zone_name number

Configuration context: http, server, location

Instructions: Use zone_name for access concurrency control, and return the corresponding error code when number is exceeded

● limit_conn_status

Syntax: limit_conn_status code

Default value :503

Configuration context: http, server, location

Description: When the access exceeds the limit number, the error code is returned to the client. This error code can be used with parameters such as error_page. When accessing Return a friendly error page to the customer when the limit is exceeded

● limit_rate

Syntax: limit_rate rate

Default value: 0

Configuration context: http, server , location

Description: Limit the rate of each link, rate represents the download speed per second;

● limit_rate_after

Syntax: limit_rate_after size

Configuration context: http, server, location

Description: This command is combined with limit_rate. When the traffic exceeds size, limit_rate will take effect.

Simple configuration example

limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
    listen       80;
    server_name  www.domain.com;
    root   /path/;
    index  index.html index.htm;
    location /ip {
      limit_conn_status 503; # 超限制后返回的状态码;
      limit_conn_log_level warn; # 日志记录级别
      limit_rate 50; # 带宽限制
      limit_conn addr 1; # 控制并发访问
    }
    # 当超过并发访问限制时,返回503错误页面
    error_page 503  /503.html;
}

ngx_http_limit_req_module Module

Description

This module mainly controls the number of requests per unit time. Use the "leaky bucket" algorithm for filtering. After setting the limit rate, when the number of requests per unit time exceeds the rate, the module will detect the burst value. If the value is 0, the request will return an error based on the delay|nodelay configuration. Or wait; if burst is greater than 0, when the number of requests is greater than rate but less than burst, the request enters the waiting queue for processing.

Parameter configuration

● limit_req_zone

Syntax: limit_req_zone key zone=name:size rate=rate

Configuration context: http

Note: key is a variable in Nginx, usually $binary_remote_addr | $server_name; name is the name of the shared memory, size is the size of the shared memory; rate is the access frequency, in r/s, r/m. This configuration will apply for a shared memory space name and save the access status of $key;

● limit_req

Syntax: limit_rate zone=name [burst=number] [nodelay|delay=number]

Configuration context: http, server, location

Description: Enable restrictions, burst sets the maximum capacity, and nodelay determines whether to wait for processing or return an error code when the request exceeds the limit;

limit_req_log_level and limit_req_status configuration parameters are consistent with the ngx_http_limit_conn_module module;

Simple configuration example

limit_req_zone $binary_remote_addr zone=req:10m rate=2r/m;
server {
    listen       80;
    server_name  www.domain.com;
    root   /path/;
    index  index.html index.htm;
    location /limit {
      limit_req zone=req burst=3 nodelay;
    }
    # 当超过并发访问限制时,返回503错误页面
    error_page 503  /503.html;
}

Note

Both of these two access controls need to be applied for Memory space, since there is memory space, there will of course be a situation where the memory is exhausted. At this time, new requests will return an error, so when the access limit is turned on, monitoring is required to prevent such a situation from happening.

Summary

Through a brief introduction to the modular architecture of Nginx, we focus on understanding the functions and configuration parameters of the ngx_http_limit_conn_module and ngx_http_limit_req_module modules to achieve Nginx’s concurrency control of requests. If there is anything wrong, please let me know

The above is the detailed content of Nginx control of traffic. For more information, please follow other related articles on the PHP Chinese website!

Statement:
This article is reproduced at:learnku.com. If there is any infringement, please contact admin@php.cn delete