Shulou(Shulou.com)06/02 Report--

Purpose

Understand the ngx_http_limit_conn_module and ngx_http_limit_req_module modules of Nginx, and control the number of requests.

Nginx modularization

The internal structure of nginx is composed of core modules and a series of functional modules. The modular architecture makes the function of each module relatively simple and highly cohesive. At the same time, it is also convenient to expand the function of Nginx.

For web requests, all the open modules of Nginx will form a chain, similar to the hurdles in the game. Each module is responsible for specific functions, such as compressed ngx_http_gzip_module module, ngx_http_auth_basic_module module for verification and ngx_http_proxy_module module for proxy. Requests connected to the server are processed by each module of Nginx in turn, and only the requests processed by these modules are actually passed to the background code for processing.

Nginx concurrent access control

For web servers, when they encounter web crawlers or malicious heavy traffic attacks, the server memory and CPU will be full and the bandwidth will be full, so as a mature server agent software, it needs to be able to control these situations.

There are two ways for Nginx to control concurrency, one is to control the concurrency through IP or other parameters, and the other is to control the total number of requests processed per unit time. That is, the control of concurrency and parallelism, which are implemented by ngx_http_limit_conn_module and ngx_http_limit_req_module modules respectively.

Ngx_http_limit_conn_module module

Description

This module is mainly used to control the request concurrency.

Parameter configuration

Limit_conn_zone

Instruction configuration limit_conn_zone key zone=name:size

Context of configuration: http

Description: key is a variable in Nginx, usually binaryremoteaddr | server_name;name is the name of shared memory, and size is the size of shared memory. This configuration applies for a shared memory space name and saves access to key.

Limit_conn_log_level

Syntax: limit_conn_log_level info | notice | warn | error

Default value: error

Configuration context: http,server,location

Note: when the maximum access limit is reached, the access will be recorded in the log

Limit_conn

Syntax: limit_conn zone_name number

Configuration context: http,server,location

Note: use zone_name for access concurrency control, and return the corresponding error code when the number is exceeded

Limit_conn_status

Syntax: limit_conn_status code

Default value: 503

Configuration context: http,server,location

Note: the error code returned to the client when the access exceeds the limit number. This error code can be used with parameters such as error_page to return a friendly error page to the customer when the access exceeds the limit.

Limit_rate

Syntax: limit_rate rate

Default value: 0

Configuration context: http,server,location

Description: limit the rate of each link. Rate indicates the download speed per second.

Limit_rate_after

Syntax: limit_rate_after size

Configuration context: http,server,location

Note: this command works with limit_rate. When the traffic exceeds size, limit_rate will take effect.

Simple configuration example

Limit_conn_zone $binary_remote_addr zone=addr:10m;server {listen 80; server_name www.domain.com; root / path/; index index.html index.htm; location / ip {limit_conn_status 503; # status code returned after exceeding the limit Limit_conn_log_level warn; # logging level limit_rate 50; # bandwidth limit limit_conn addr 1; # Control concurrent access} # return 503 error page error_page 503 / 503.html;} when the concurrent access limit is exceeded

Ngx_http_limit_req_module module

Description

This module mainly controls the number of requests per unit time. Use the "leaky bucket" (funnel) algorithm to filter. After setting the limit rate, when the number of requests per unit time exceeds rate, the module will detect the burst value. If the value is 0, the request will return an error or wait according to the delay | nodelay configuration; if burst is greater than 0, when the number of requests is greater than rate but less than burst, the request will enter the waiting queue for processing.

Parameter configuration

Limit_req_zone

Syntax: limit_req_zone key zone=name:size rate=rate

Configuration context: http

Note: key is a variable in Nginx, usually binaryremoteaddr | server_name;name is the name of shared memory, and size is the size of the shared memory; rate is the access frequency, in rAccord s and Ragan. This configuration requests a shared memory space name and saves access to $key

Limit_req

Syntax: limit_rate zone=name [burst=number] [nodelay | delay=number]

Configuration context: http,server,location

Description: enable the limit, burst sets the maximum capacity, and nodelay decides whether to wait for processing or return an error code when the request exceeds the limit.

The configuration parameters of limit_req_log_level and limit_req_status are the same as those of ngx_http_limit_conn_module module.

Simple configuration example

Limit_req_zone $binary_remote_addr zone=req:10m rate=2r/m;server {listen 80; server_name www.domain.com; root / path/; index index.html index.htm; location / limit {limit_req zone=req burst=3 nodelay;} # returns the 503 error page error_page 503 / 503.html;} when the concurrent access limit is exceeded

Be careful

Both of these access controls need to apply for memory space. Since there is memory space, of course, there will be memory exhaustion, and new requests will be returned with an error. Therefore, when the access limit is enabled, you need to use monitoring to prevent this from happening.

Summary

Through a brief introduction to the modular architecture of Nginx, this paper focuses on understanding the functions and configuration parameters of ngx_http_limit_conn_module and ngx_http_limit_req_module modules, and realizes the concurrency control of requests by Nginx. If there is anything wrong, please give me some advice.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.