Purpose
Understand Nginx’s ngx_http_limit_conn_module and ngx_http_limit_req_module modules to control the amount of request access.
Recommended tutorial: nginx tutorial
Nginx modularity
The internal structure of nginx is composed of core modules and a series of Composed of functional modules. The modular architecture makes the functions of each module relatively simple, achieves high cohesion, and also facilitates the functional expansion of Nginx.
For web requests, all enabled modules of Nginx will form a chain, similar to the levels in a level-breaking game. Each module is responsible for a specific function, such as the ngx_http_gzip_module module that implements compression, and the ngx_http_auth_basic_module module that implements verification. And the ngx_http_proxy_module module that implements proxy, etc. Requests to connect to the server will be processed by each module of Nginx in turn. Only requests processed by these modules will be actually passed to the background program code for processing.
Nginx concurrent access control
For web servers, when encountering web crawlers or malicious large-traffic attacks, the server memory and CPU will be full. The bandwidth will also be full, so as a mature server agent software, it needs to be able to control these situations.
Nginx has two ways to control concurrency. One is to control the amount of concurrency through IP or other parameters; the other is to control the total request processing volume per unit time. That is, the control of concurrency and parallelism. These two functions are implemented by the ngx_http_limit_conn_module and ngx_http_limit_req_module modules respectively.
ngx_http_limit_conn_module Module
Description
This module is mainly used to control the amount of concurrent requests.
Parameter configuration
● limit_conn_zone
Instruction configuration limit_conn_zone key zone=name:size
Configuration context: http
Description: key is a variable in Nginx, usually $binary_remote_addr | $server_name; name is the name of the shared memory, size is the size of the shared memory; this configuration will apply for a shared memory space name, and save the access status of the key
● limit_conn_log_level
Syntax: limit_conn_log_level info|notice|warn|error
Default value: error
Configuration context: http, server, location
Description: When the access reaches the maximum limit, the access status will be recorded in the log
● limit_conn
Syntax: limit_conn zone_name number
Configuration context: http, server, location
Instructions: Use zone_name for access concurrency control, and return the corresponding error code when number is exceeded
● limit_conn_status
Syntax: limit_conn_status code
Default value :503
Configuration context: http, server, location
Description: When the access exceeds the limit number, the error code is returned to the client. This error code can be used with parameters such as error_page. When accessing Return a friendly error page to the customer when the limit is exceeded
● limit_rate
Syntax: limit_rate rate
Default value: 0
Configuration context: http, server , location
Description: Limit the rate of each link, rate represents the download speed per second;
● limit_rate_after
Syntax: limit_rate_after size
Configuration context: http, server, location
Description: This command is combined with limit_rate. When the traffic exceeds size, limit_rate will take effect.
Simple configuration example
limit_conn_zone $binary_remote_addr zone=addr:10m; server { listen 80; server_name www.domain.com; root /path/; index index.html index.htm; location /ip { limit_conn_status 503; # 超限制后返回的状态码; limit_conn_log_level warn; # 日志记录级别 limit_rate 50; # 带宽限制 limit_conn addr 1; # 控制并发访问 } # 当超过并发访问限制时,返回503错误页面 error_page 503 /503.html; }
ngx_http_limit_req_module Module
Description
This module mainly controls the number of requests per unit time. Use the "leaky bucket" algorithm for filtering. After setting the limit rate, when the number of requests per unit time exceeds the rate, the module will detect the burst value. If the value is 0, the request will return an error based on the delay|nodelay configuration. Or wait; if burst is greater than 0, when the number of requests is greater than rate but less than burst, the request enters the waiting queue for processing.
Parameter configuration
● limit_req_zone
Syntax: limit_req_zone key zone=name:size rate=rate
Configuration context: http
Note: key is a variable in Nginx, usually $binary_remote_addr | $server_name; name is the name of the shared memory, size is the size of the shared memory; rate is the access frequency, in r/s, r/m. This configuration will apply for a shared memory space name and save the access status of $key;
● limit_req
Syntax: limit_rate zone=name [burst=number] [nodelay|delay=number]
Configuration context: http, server, location
Description: Enable restrictions, burst sets the maximum capacity, and nodelay determines whether to wait for processing or return an error code when the request exceeds the limit;
limit_req_log_level and limit_req_status configuration parameters are consistent with the ngx_http_limit_conn_module module;
Simple configuration example
limit_req_zone $binary_remote_addr zone=req:10m rate=2r/m; server { listen 80; server_name www.domain.com; root /path/; index index.html index.htm; location /limit { limit_req zone=req burst=3 nodelay; } # 当超过并发访问限制时,返回503错误页面 error_page 503 /503.html; }
Note
Both of these two access controls need to be applied for Memory space, since there is memory space, there will of course be a situation where the memory is exhausted. At this time, new requests will return an error, so when the access limit is turned on, monitoring is required to prevent such a situation from happening.
Summary
Through a brief introduction to the modular architecture of Nginx, we focus on understanding the functions and configuration parameters of the ngx_http_limit_conn_module and ngx_http_limit_req_module modules to achieve Nginx’s concurrency control of requests. If there is anything wrong, please let me know
The above is the detailed content of Nginx control of traffic. For more information, please follow other related articles on the PHP Chinese website!