Detailed explanation of Nginx's control over access volume

Purpose

Understand the Nginx ngx_http_limit_conn_module and ngx_http_limit_req_module modules to control the request access volume.

Nginx Modularity

The internal structure of nginx consists of a core module and a series of functional modules. The modular architecture makes the functions of each module relatively simple, achieving high cohesion, and also facilitates the functional expansion of Nginx.

For web requests, all enabled modules of Nginx will form a chain, similar to the levels in a game. Each module is responsible for a specific function, such as the ngx_http_gzip_module module for compression, the ngx_http_auth_basic_module module for authentication, and the ngx_http_proxy_module module for proxy. Requests to connect to the server will be processed by each Nginx module in turn. Only after being processed by these modules will the requests be actually passed to the background program code for processing.

Nginx concurrent access control

For web servers, when encountering web crawlers or malicious large-volume traffic attacks, the server memory and CPU will be full, and the bandwidth will also be full. Therefore, as a mature server proxy software, it is necessary to be able to control these situations.

There are two ways to control concurrency in Nginx. One is to control its concurrency through IP or other parameters; the other is to control the total number of requests processed per unit time. That is, the control of concurrency and parallelism. These two functions are implemented by the ngx_http_limit_conn_module and ngx_http_limit_req_module modules respectively.

ngx_http_limit_conn_module module

illustrate

This module is mainly used to control the number of concurrent requests.

Parameter configuration

limit_conn_zone

Command configuration limit_conn_zone key zone=name:size
Configuration context: http
Note: key is a variable in Nginx, usually binaryremoteaddr|server_name; name is the name of the shared memory, and size is the size of the shared memory; this configuration will apply for a shared memory space name and save the access status of key

limit_conn_log_level

Syntax: limit_conn_log_level info|notice|warn|error
Default value: error
Configuration context: http, server, location
Note: When the access reaches the maximum limit, the access situation will be recorded in the log

limit_conn

Syntax: limit_conn zone_name number
Configuration context: http, server, location
Note: Use zone_name for access concurrency control. When the number is exceeded, the corresponding error code is returned.

limit_conn_status

Syntax: limit_conn_status code
Default value: 503
Configuration context: http, server, location
Description: When the access exceeds the limit number, the error code returned to the client. This error code can be used with parameters such as error_page to return a friendly error page to the client when the access exceeds the limit number.

limit_rate

Syntax: limit_rate rate
Default value: 0
Configuration context: http, server, location
Description: Limit the rate of each link. Rate indicates the download speed per second.

limit_rate_after

Syntax: limit_rate_after size
Configuration context: http, server, location
Note: This command is used together with limit_rate. When the traffic exceeds size, limit_rate will take effect.

Simple configuration example

limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
  listen 80;
  server_name www.domain.com;
  root /path/;
  index index.html index.htm;
  location /ip {
   limit_conn_status 503; # The status code returned after exceeding the limit;
   limit_conn_log_level warn; # Logging level limit_rate 50; # Bandwidth limit limit_conn addr 1; # Control concurrent access}
  # When the concurrent access limit is exceeded, the 503 error page error_page 503 /503.html is returned;
}

ngx_http_limit_req_module module

illustrate

This module mainly controls the number of requests per unit time. Use the "leaky bucket" algorithm for filtering. After setting the limit rate, when the number of requests per unit time exceeds the rate, the module will detect the burst value. If the value is 0, the request will return an error or wait according to the delay|nodelay configuration; if the burst is greater than 0, when the number of requests is greater than the rate but less than the burst, the request enters the waiting queue for processing.

Parameter configuration

limit_req_zone

Syntax: limit_req_zone key zone=name:size rate=rate
Configuration context: http
Note: key is a variable in Nginx, usually binaryremoteaddr|server_name; name is the name of the shared memory, size is the size of the shared memory; rate is the access frequency, the unit is r/s, r/m. This configuration will apply for a shared memory space name and save the access status of $key;

limit_req

Syntax: limit_rate zone=name [burst=number] [nodelay|delay=number]
Configuration context: http, server, location
Note: Enable limit, set the maximum capacity for burst, and decide whether to wait for processing or return an error code when the request exceeds the limit.

The limit_req_log_level and limit_req_status configuration parameters are consistent with the ngx_http_limit_conn_module module;

Simple configuration example

limit_req_zone $binary_remote_addr zone=req:10m rate=2r/m;
server {
  listen 80;
  server_name www.domain.com;
  root /path/;
  index index.html index.htm;
  location /limit {
   limit_req zone=req burst=3 nodelay;
  }
  # When the concurrent access limit is exceeded, the 503 error page error_page 503 /503.html is returned;
}

Notice

Both types of access control require applying for memory space. Since there is memory space, there will of course be a situation where the memory is exhausted. At this time, new requests will be returned with errors. Therefore, when access restrictions are enabled, monitoring is required to prevent such situations from happening.

summary

Through a brief introduction to the modular architecture of Nginx, we focus on understanding the functions and configuration parameters of the ngx_http_limit_conn_module and ngx_http_limit_req_module modules, and implement Nginx's concurrency control of requests. If there is anything wrong, please advise

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.