NGINX限流

Posted by

添加编译模块重新编译

HttpLimit zone,基于connect连接数

HttpLimitReqest模块,基于request请求数

添加编译模块重新编译

[root@nginx ~]# yum -y install gcc-c++ pcre pcre-devel zlib zlib-devel openssl openssl-devel perl-devel perl-ExtUtils-Embed

[root@wwj src]# wget http://nginx.org/download/nginx-1.14.2.tar.gz
[root@wwj src]# tar xf nginx-1.14.2.tar.gz -C /application/

[root@wwj src]# useradd nginx -s /sbin/nologin -M
[root@wwj src]# cd /application/nginx-1.14.2/

[root@wwj nginx-1.14.2]# mkdir ngx_http_limit_req_module && touch ngx_http_limit_req_module/config
[root@wwj nginx-1.14.2]# mkdir ngx_http_limit_reg_module && touch ngx_http_limit_reg_module/config
[root@wwj nginx-1.14.2]# mkdir ngx_http_limit_conn_module && touch ngx_http_limit_conn_module/config
[root@wwj nginx-1.14.2]# mkdir ngx_http_limit_conn_zone_module && touch ngx_http_limit_conn_zone_module/config

[root@wwj nginx-1.14.2]# ./configure --user=nginx --group=nginx --prefix=/opt/nginx --with-pcre --with-http_ssl_module --with-http_stub_status_module --with-stream --with-http_stub_status_module --with-http_gzip_static_module --add-module=ngx_http_limit_req_module --add-module=ngx_http_limit_reg_module --add-module=ngx_http_limit_conn_module --add-module=ngx_http_limit_conn_zone_module
[root@wwj nginx-1.14.2]# make && make install

[root@wwj nginx-1.14.2]# cat /etc/profile.d/nginx.sh
export PATH="/opt/nginx/sbin:$PATH"

错误:

./configure: error: no ngx_http_limit_req_module/config was found

编译目录无该文件,可手动创建目录并创建文件

环境准备

准备Tomcat jsp 文件
[root@wwj test]# cat index.jsp
<html>
<head>
<title>test page</title>
</head>
<body>
<%
out.println("Hellow Nginx HTTP limit module ");
%>
</body>
</html>


实现NGINX访问
[root@wwj ~]# curl http://47.xxx.154.xxx/
<html>
<head>
<title>test page</title>
</head>
<body>
Hellow Nginx HTTP limit module

</body>
</html>

HttpLimit zone,基于connect连接数

本模块可以针对条件,进行会话的并发连接数控制。(例如:限制每个IP的并发连接数。)

官方实例

语法:limit_conn_zone $variable zone=name:size;
##variable值,$binary_remote_addr限制IP级别,$server_name限制域名级别,
##zone值,区域名称,可随意只要与limit_conn中名称相一致
##size区域大小,使用$binary_remote_addr变量,1M的内存可以大约可以记录32000个会话信息,如果限制域的存储空,间耗尽了,对于后续所有请求,则返回503

语法:limit_conn_log_level info|notice|warn|error;
##设置记录被限流后的日志级别,默认error级别

语法: limit_conn_status code;    
##设置拒绝请求的响应状态码,默认值为503

语法: limit_conn zone_name the_size
##the_size,同一IP并发下同时所能连接成功的数量

[root@wwj conf]# cat nginx.conf
...
http {
   limit_conn_zone $binary_remote_addr zone=perip:10m;
  limit_conn_log_level info;  
  limit_conn_status 503;  
...
  include /opt/nginx/conf/vhost/*.conf;
}

[root@wwj vhost]# cat nginx.conf
server {
   listen 80;
  server_name _;

  root html/www;
  access_log logs/www.log;

  location / {
       limit_conn perip 2;
      proxy_pass http://127.0.0.1:8080/test/;
   }
}

验证,此时通过日志可以看出在并发为5下,每个IP的通过没设置的2

[root@wwj ~]# ab -n10 -c5 http://47.xxx.154.xxx/
[root@wwj logs]# tail -f www.log
47.XXX.108.XXX - - [17/Aug/2020:17:01:26 +0800] "GET / HTTP/1.0" 200 93 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [17/Aug/2020:17:01:26 +0800] "GET / HTTP/1.0" 503 213 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [17/Aug/2020:17:01:26 +0800] "GET / HTTP/1.0" 503 213 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [17/Aug/2020:17:01:26 +0800] "GET / HTTP/1.0" 503 213 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [17/Aug/2020:17:01:26 +0800] "GET / HTTP/1.0" 200 93 "-" "ApacheBench/2.3"

HttpLimitReqest模块,基于request请求数

本模块可以针对条件,进行会话的请求速率的控制。(例如:限制某个IP请求评率不能超过每秒或每分钟的指定次数)

官方实例

语法:limit_req_zone $variable zone=name:size rate=rate;
##variable值,$binary_remote_addr限制IP级别,$server_name限制域名级别,
##zone值,区域名称
##size区域大小,使用$binary_remote_addr变量,1M的内存可以大约可以记录16000这样的状态,如果限制域的存储空,间耗尽了,对于后续所有请求,则返回503
##rate,设置每秒或每分钟处理请求数,其值必须是整数,

语法: limit_req zone=name [burst=number] [nodelay];
##burst请求评率如果超过所设值,超过频率限制的请求延时处理,直到延时请求数超过定义的阈值,burst的默认值为0

[root@wwj conf]# cat nginx.conf
...
http {
  #limit_req_zone $binary_remote_addr zone=req_one:10m rate=1r/s;
  limit_req_zone $binary_remote_addr zone=req_one:10m rate=10r/m;
...
  include /opt/nginx/conf/vhost/*.conf;
}

[root@wwj vhost]# cat nginx.conf
server {
...
  location / {
       limit_req zone=req_one burst=5;    
      proxy_pass http://127.0.0.1:8080/test/;
   }
}

验证,此时通过日志可以看出,因设置每个IP的请求速率控制在10r/m,所以同一个IP的每个请求的时间将会有所延迟

[root@wwj ~]# ab -n10 -c5 http://47.xxx.154.xxx/
47.XXX.108.XXX - - [18/Aug/2020:11:46:41 +0800] "GET / HTTP/1.0" 200 93 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:11:46:47 +0800] "GET / HTTP/1.0" 200 93 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:11:46:53 +0800] "GET / HTTP/1.0" 200 93 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:11:46:59 +0800] "GET / HTTP/1.0" 200 93 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:11:47:05 +0800] "GET / HTTP/1.0" 200 93 "-" "ApacheBench/2.3"


体现出burst参数的作用
[root@wwj vhost]# tail -f /opt/nginx/logs/www.log
47.XXX.108.XXX - - [18/Aug/2020:15:11:08 +0800] "GET / HTTP/1.0" 200 103 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:08 +0800] "GET / HTTP/1.0" 503 213 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:08 +0800] "GET / HTTP/1.0" 503 213 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:08 +0800] "GET / HTTP/1.0" 503 213 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:08 +0800] "GET / HTTP/1.0" 503 213 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:14 +0800] "GET / HTTP/1.0" 200 103 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:20 +0800] "GET / HTTP/1.0" 200 103 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:26 +0800] "GET / HTTP/1.0" 200 103 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:32 +0800] "GET / HTTP/1.0" 200 103 "-" "ApacheBench/2.3"
47.XXX.108.XXX - - [18/Aug/2020:15:11:38 +0800] "GET / HTTP/1.0" 200 103 "-" "ApacheBench/2.3"