我正在使用 nginx版本 1.6.2在Ubuntu 14.04
我尝试输入limit_conn并limit_req引用配置文件nginx 文档。
limit_connNginx无需limit_req选项即可正常工作。
以下是带有日志消息的 nginx 配置的测试用例。
我不知道我的代码有什么问题。
情况1- 完整配置
/etc/nginx/nginx.conf
http {
...
include /etc/nginx/sites-enabled/*;
...
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
...
}
/etc/nginx/sites-enabled/service.conf
server {
...
location / {
limit_conn conn_limit_per_ip 30;
limit_req zone=req_limit_per_ip burst=5 nodelay;
...
}
...
}
log message
unknown limit_req_zone "req_limit_per_ip" in /etc/nginx/sites-enabled/service.conf
案例 2-limit_req从站点启用配置文件中删除
/etc/nginx/nginx.conf
http {
...
include /etc/nginx/sites-enabled/*;
...
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
...
}
/etc/nginx/sites-enabled/service.conf
server {
...
location / {
limit_conn conn_limit_per_ip 30;
...
}
...
}
log message
the size 10485760 of shared memory zone "conn_limit_per_ip" conflicts with already declared size 0 in /etc/nginx/nginx.conf
案例 3-limit_conn从站点启用配置文件中删除
/etc/nginx/nginx.conf
http {
...
include /etc/nginx/sites-enabled/*;
...
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
...
}
/etc/nginx/sites-enabled/service.conf
server {
...
location / {
limit_req zone=req_limit_per_ip burst=5 nodelay;
...
}
...
}
log message
unknown limit_req_zone "req_limit_per_ip" in /etc/nginx/sites-enabled/service.conf
案例 4- 从站点启用配置文件中删除所有内容
/etc/nginx/nginx.conf
http {
...
include /etc/nginx/sites-enabled/*;
...
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
...
}
/etc/nginx/sites-enabled/service.conf
server {
...
location / {
...
}
...
}
log message
[OK] - nginx reloaded well
案例五- 删除limit_req_zone并limit_req
/etc/nginx/nginx.conf
http {
...
include /etc/nginx/sites-enabled/*;
...
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
...
}
/etc/nginx/sites-enabled/service.conf
server {
...
location / {
limit_conn conn_limit_per_ip 30;
...
}
...
}
log message
the size 10485760 of shared memory zone "conn_limit_per_ip" conflicts with already declared size 0 in /etc/nginx/nginx.conf
案例六- 删除limit_conn_zone并limit_conn
/etc/nginx/nginx.conf
http {
...
include /etc/nginx/sites-enabled/*;
...
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
...
}
/etc/nginx/sites-enabled/service.conf
server {
...
location / {
limit_req zone=req_limit_per_ip burst=5 nodelay;
...
}
...
}
log message
unknown limit_req_zone "req_limit_per_ip" in /etc/nginx/sites-enabled/service.conf
答案1
解决方案
合并/etc/nginx/sites-enabled/service.conf到/etc/nginx/nginx.conf。换句话说,删除service.conf文件并将server块粘贴到nginx.conf文件的http块中。以下是代码。
/etc/nginx/nginx.conf
http {
..
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=2r/s;
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
..
server {
..
location / {
limit_req zone=req_limit_per_ip burst=5 nodelay;
limit_conn conn_limit_per_ip 30;
}
..
}
}
变量含义及检验
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=2r/s+limit_req zone=req_limit_per_ip burst=5 nodelay- 设置共享内存为10MB
- 限制每个 IP 的请求数如下
rate * burst以burst秒为单位设置最大请求数- 例如,在这种情况下,最大值是 5 秒内 10(=2*5)个请求
- 使用
nodelay选项:Nginx 将返回 503 响应并且不处理过多的请求 - 如果没有
nodelay选项:Nginx 将等待(无 503 响应)并延迟处理过多的请求
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m+limit_conn conn_limit_per_ip 30- 设置共享内存为10MB
- 在本例中,每个 IP 的连接数限制为 30
- 请注意,普通浏览器会建立 2~8 个连接,SPDY 协议会拆分每个连接
- 如果连接超过此值,Nginx 将返回 503 响应
答案2
指令limit_req_zone和limit_conn_zone只需位于中包含的相应指令之前/etc/nginx/sites-enabled/service.conf。
因此在案例 1 中只需更改/etc/nginx/nginx.conf为:
http {
...
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s;
...
include /etc/nginx/sites-enabled/*;
...
}
看: