Nginx for Windows - limit_req 工作不正确

Nginx for Windows - limit_req 工作不正确

我正在使用来自的 nginx 社区版本http://nginx-win.ecsds.eu/ 操作系统是 Windows Server 2019。它提供静态文件,并使用 proxy_pass 将其他所有内容传递给 Apache。

我正在尝试限制每个 IP 的请求。

我添加了这些行来http阻止

limit_req_zone $binary_remote_addr zone=addr_req_lim:20m rate=500r/s;   
limit_req_dry_run on;

然后我将以下内容添加到location块中

limit_req zone=addr_req_lim;

现在 nginx 的日志中充斥着类似这样的条目

2022/09/06 01:46:04 [warn] 46668#3904: *39375 limiting requests, dry run, excess: 1.000 by zone "addr_req_lim", client: IP, server: www.domain.com, request: "GET URL HTTP/2.0", host: "www.domain.com", referrer: "REFERRER"

rate看起来很多 IP 都超出了限制,但事实并非如此。当我打开访问日志时,我注意到这些 IP 不超过 30 rps,这与我在参数中设置的 500 rps 相差甚远。

为什么 nginx 不尊重我在配置中设置的限制?

编辑

nginx -T -t输出

nginx: [alert] could not open error log file: CreateFile() "logs/error.log" failed (5: Access is denied)
nginx: the configuration file C:\nginx/conf/nginx.conf syntax is ok
2022/09/06 23:32:28 [emerg] 7628#29508: CreateFile() "C:\nginx/logs/nginx.pid" failed (5: Access is denied)
nginx: configuration file C:\nginx/conf/nginx.conf test failed

注意:服务正在运行,因此出现错误。

编辑

nginx -T -t 输出

worker_processes  4;
error_log  logs/error1.log  warn;
pid        nginx1.pid;
pcre_jit   on;
events {
    worker_connections  8192;
    multi_accept on;
    use poll;
}
http {    
    include       mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr $remote_port - $remote_user "$time_local" "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  off;
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    reset_timedout_connection on;
    server_tokens off;
    sendfile_max_chunk 1m;
    resolver 1.1.1.1 ipv6=off;
    map_hash_bucket_size 64;
    server_names_hash_bucket_size 64;
    merge_slashes off;
    ## Start: Timeouts ##
    client_body_timeout   5m;
    client_header_timeout 5m;
    keepalive_timeout     5m;
    send_timeout          5m;
    keepalive_requests    2048;    
    ## End: Timeouts ##
    client_max_body_size 134217728;
    client_body_buffer_size 524288;
    client_body_temp_path E:/nginx/client_temp 1 2;
    proxy_max_temp_file_size 128m;
    proxy_buffers 8 16k;
    proxy_buffer_size 32k;
    proxy_read_timeout 10m;
    proxy_send_timeout 10m;
    proxy_temp_path E:/nginx/proxy_temp 1 2;
    proxy_cache_path E:/nginx/proxy_cache levels=1:2 keys_zone=nginx_cache:10m max_size=10g inactive=60m use_temp_path=off;
    proxy_http_version 1.1;
    proxy_ignore_client_abort on;
    proxy_force_ranges off;
    proxy_cache_max_range_offset 0;
    limit_conn_zone $binary_remote_addr zone=addr:20m;
    limit_conn addr 1000;
    limit_conn_log_level warn;
    limit_req_zone $binary_remote_addr zone=addr_req_lim:20m rate=500r/s;    
    limit_req_dry_run on;
    limit_req_log_level warn;
    include ssl.conf;
    include optimizers.conf;
    include vhosts.conf;
}
types {
    text/html                                        html htm shtml;
    text/css                                         css;
    text/xml                                         xml;
    image/gif                                        gif;
    image/jpeg                                       jpeg jpg;
    application/javascript                           js;
    application/atom+xml                             atom;
    application/rss+xml                              rss;
    text/mathml                                      mml;
    text/plain                                       txt;
    text/vnd.sun.j2me.app-descriptor                 jad;
    text/vnd.wap.wml                                 wml;
    text/x-component                                 htc;
    image/avif                                       avif;
    image/png                                        png;
    image/svg+xml                                    svg svgz;
    image/tiff                                       tif tiff;
    image/vnd.wap.wbmp                               wbmp;
    image/webp                                       webp;
    image/x-icon                                     ico;
    image/x-jng                                      jng;
    image/x-ms-bmp                                   bmp;
    font/woff                                        woff;
    font/woff2                                       woff2;
    application/java-archive                         jar war ear;
    application/json                                 json;
    application/mac-binhex40                         hqx;
    application/msword                               doc;
    application/pdf                                  pdf;
    application/postscript                           ps eps ai;
    application/rtf                                  rtf;
    application/vnd.apple.mpegurl                    m3u8;
    application/vnd.google-earth.kml+xml             kml;
    application/vnd.google-earth.kmz                 kmz;
    application/vnd.ms-excel                         xls;
    application/vnd.ms-fontobject                    eot;
    application/vnd.ms-powerpoint                    ppt;
    application/vnd.oasis.opendocument.graphics      odg;
    application/vnd.oasis.opendocument.presentation  odp;
    application/vnd.oasis.opendocument.spreadsheet   ods;
    application/vnd.oasis.opendocument.text          odt;
    application/vnd.openxmlformats-officedocument.presentationml.presentation
                                                     pptx;
    application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
                                                     xlsx;
    application/vnd.openxmlformats-officedocument.wordprocessingml.document
                                                     docx;
    application/vnd.wap.wmlc                         wmlc;
    application/wasm                                 wasm;
    application/x-7z-compressed                      7z;
    application/x-cocoa                              cco;
    application/x-java-archive-diff                  jardiff;
    application/x-java-jnlp-file                     jnlp;
    application/x-makeself                           run;
    application/x-perl                               pl pm;
    application/x-pilot                              prc pdb;
    application/x-rar-compressed                     rar;
    application/x-redhat-package-manager             rpm;
    application/x-sea                                sea;
    application/x-shockwave-flash                    swf;
    application/x-stuffit                            sit;
    application/x-tcl                                tcl tk;
    application/x-x509-ca-cert                       der pem crt;
    application/x-xpinstall                          xpi;
    application/xhtml+xml                            xhtml;
    application/xspf+xml                             xspf;
    application/zip                                  zip;
    application/octet-stream                         bin exe dll;
    application/octet-stream                         deb;
    application/octet-stream                         dmg;
    application/octet-stream                         iso img;
    application/octet-stream                         msi msp msm;
    audio/midi                                       mid midi kar;
    audio/mpeg                                       mp3;
    audio/ogg                                        ogg;
    audio/x-m4a                                      m4a;
    audio/x-realaudio                                ra;
    video/3gpp                                       3gpp 3gp;
    video/mp2t                                       ts;
    video/mp4                                        mp4;
    video/mpeg                                       mpeg mpg;
    video/quicktime                                  mov;
    video/webm                                       webm;
    video/x-flv                                      flv;
    video/x-m4v                                      m4v;
    video/x-mng                                      mng;
    video/x-ms-asf                                   asx asf;
    video/x-ms-wmv                                   wmv;
    video/x-msvideo                                  avi;
}
ssl_session_timeout 4h;
ssl_session_cache shared:SSL:100m;  # about 400000 sessions
ssl_session_tickets off;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_dhparam "D:/cert/dh.pem";
ssl_prefer_server_ciphers off;
ssl_stapling on;
ssl_stapling_verify on;
ssl_buffer_size 4k;
map $sent_http_content_type $expires {
    default                         off;
    "image/webp"                    1y;
    "image/jpeg"                    1y;
    "image/svg+xml"                 1y;
    "image/svg"                     1y;
    "image/png"                     1y;
    "image/gif"                     1y;
    "image/x-icon"                  1y;
    "application/javascript"        1y;
    "application/x-shockwave-flash" 1y;
    "text/css"                      1y;
    "audio/mpeg"                    1y;
    "video/mp4"                     1y;
    "video/webm"                    1y;
    "application/vnd.ms-fontobject" 1y;
    "application/font-woff"         1y;
    "application/font-woff2"        1y;
    "font/woff2"                    1y;
    "font/woff"                     1y;
    "application/x-font-ttf"        1y;
    "font/opentype"                 1y;
}
expires $expires;
gzip on;
gzip_disable "msie6";
gzip_min_length 1024;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript application/x-font-ttf font/opentype image/svg+xml image/svg;
etag off;
map $http_accept $webp_suffix {
    default   "";
    ~*webp    ".webp";
}
server {
    listen IP:80 default_server;
    listen IP:443 ssl http2;
    ssl_certificate     "...";
    ssl_trusted_certificate      "...";
    ssl_certificate_key "...";  
    root "...";
    include domains/1.conf;
    include vhosts_common.conf;
    include domains/domain.conf;
}
index default.php index.php index.html index.shtml index.htm;
location ~ /\.git {
    deny  all;
    access_log off;
    log_not_found off;
}
location ~ xmlrpc\.php {
    deny  all;
    access_log off;
    log_not_found off;
}
location ~ /cache/templates {
    deny  all;
    access_log off;
    log_not_found off;
}
location ^~ /.well-known {
    alias "D:/cert/acme-challenge/.well-known";
}
ssi off;
location ~ \.shtml$ {    
    ssi on;
}
if ($request_method !~ ^(GET|POST|OPTIONS|HEAD)$ ) {
    return 444;
}

location ~ \.php$ {    
    try_files /missing.html @apachesite;
}
location ~* \.(png|jpg|jpeg|gif)$ {
  include webp.conf;
}
location / {
    limit_req zone=addr_req_lim;
    try_files $uri $uri/ $uri.shtml @apachesite;
}
error_page 503 @maintenance;
location @maintenance {
    rewrite ^(.*)$ /_maintenance.html break;
}
location @apachesite {  
    # if (-f $document_root/maintenance.html) {
    #     return 503;
    # }
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header Range $http_range;
    proxy_pass http://$server_addr:8181$request_uri;
    proxy_cache off;
    expires off;    
}
location /nginx_status {
    # Turn on stats
    stub_status on;
    access_log   off;    
}

敏感信息已被删除。

相关内容