原创文章,转载请指明出处并保留原文url地址
本文主要针对nginx的ngx_http_limit_conn_module模块做简单介绍,本文具体包括如下指令:limit_conn,limit_conn_log_level,limit_conn_zone,limit_zone
ngx_http_limit_conn_module模块允许针对key,并且特别针对特定单个连接的ip地址设定允许连接的数目。
不是所有的连接都计算在内;只有那些已请求该服务器并当前正在处理的请求(请求头已充分阅读的)
配置示例如下:
Example Configuration
http {
limit_conn_zone $binary_remote_addr zone=addr:10m;
...
server {
...
location /download/ {
limit_conn addr 1;
}
Nginx原文:
The ngx_http_limit_conn_module module allows to limit the number of connections per defined key, in particular, the number of connections from a single IP address.
Not all connections are counted; only those that have requests currently being processed by the server, in which request header has been fully read.
Example Configuration
http {
limit_conn_zone $binary_remote_addr zone=addr:10m;
...
server {
...
location /download/ {
limit_conn addr 1;
}
1. limit_conn
| syntax: | limit_conn zonenumber; |
| default: | — |
| context: | http, server, location |
针对特定连接key设置一个共享内存区域和最大的运行的连接数目。但超出连接,服务器将返回503错误信息(服务临时不可用)给客户端。相关配置例子如下:
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location /download/ {
limit_conn addr 1;
}
每个唯一ip地址仅仅同时允许1个连接。
当有数个limit_conn指令时,任何配置的现在将被引用,例如下面的配置将限制连接到server的每个客户端的连接数量,同时也限制连接到虚拟主机的总的连接数量(两个限制任何一个都要发生, 发生任何一个都产生503错误信息给相关连接)
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server {
...
limit_conn perip 10;
limit_conn perserver 100;
}
在当前的配置中当且仅当没有limit_conn指令配置时,从前面级别的配置中继承相关配置(否则以当前配置中的配置为核准,不再继承前面的配置)
Nginx原文:
Sets a shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will return error 503 (Service Temporarily Unavailable) in reply to a request. For example, the directives
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location /download/ {
limit_conn addr 1;
}
allow for only a single connection at a time, per unique IP address.
When several limit_conn directives are specified, any configured limit will apply. For example, the following configuration will limit the number of connections to the server per client IP and at the same time will limit the total number of connections to the virtual host:
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server {
...
limit_conn perip 10;
limit_conn perserver 100;
}
These directives are inherited from the previous level if and only if there are no limit_conn directives on the current level.
2. limit_conn_log_level
| syntax: | limit_conn_log_level info | notice | warn | error; |
| default: | limit_conn_log_level error; |
| context: | http, server, location |
本指令出现在0.8.18版。
设置但server的限制发生时nginx日志的产生级别
Nginx原文:
Sets the desired logging level for cases when the server limits the number of connections.
3. limit_conn_zone
| syntax: | limit_conn_zone $variablezone=name:size; |
| default: | — |
| context: | http |
为保持各种各样key的状态的共享内存设置相关参数。这些状态存储着当前连接的各种信息。这些key是根据指定的变量获得任何不为空值(空值不被记录),使用示例:
limit_conn_zone $binary_remote_addr zone=addr:10m;
在这里,客户端的IP地址作为一个key。请注意,而不是remote_addr变量,而是使用binary_remote_addr在这里。remote_addr变量的值的长度范围从7到15字节,存储状态的值占32或64字节的内存在32位平台上,64位平台上一直是64字节。binary_remote_addr变量的值的长度是4字节。存储状态的值占32或64字节的内存在32位平台上,64位平台上一直是64字节。存储的状态总是占用32字节和64字节的32位平台上,在64位平台。一兆字节的区域可以保持32000左右的32字节的状态值,约16000个64字节的状态值。如果一个区的存储耗尽时,服务器将返回错误503(服务暂时不可用)的信息给所有后面的访问者。
Nginx原文:
Sets parameters of a shared memory zone that keeps states for various keys. This state stores the current number of connections in particular. The key is any non-empty value of the specified variable (empty values are not accounted). Example usage:
limit_conn_zone $binary_remote_addr zone=addr:10m;
Here, an IP address of the client serves as a key. Note that instead of $remote_addr, the $binary_remote_addr variable is used here. The length of the $remote_addr variable’s value can range from 7 to 15 bytes, and the stored state occupies either 32 or 64 bytes of memory on 32-bit platforms, and always 64 bytes on 64-bit platforms. The length of the $binary_remote_addr variable’s value is always 4 bytes, and the stored state always occupies 32 bytes on 32-bit platforms, and 64 bytes on 64-bit platforms. One megabyte zone can keep about 32 thousand 32-byte states, and about 16 thousand 64-byte states. If the storage for a zone is exhausted, the server will return error 503 (Service Temporarily Unavailable) to all further requests.
.
4. limit_zone
| syntax: | limit_zone name$variablesize; |
| default: | — |
| context: | http |
这个指令在版本1.1.8后废弃,一个等效的指令limit_conn_zone代替该指令(相关指令功能参照上面):
limit_conn_zone $variable zone=name:size;
Nginx原文:
This directive is made obsolete in version 1.1.8, an equivalent limit_conn_zone directive with a changed syntax should be used instead:
limit_conn_zone $variable zone=name:size;
