limit_conn_module
limit_conn_module
其中$binary_remote_addr有时需要根据自己已有的log_format变量配置进行替换1
2
3
4
5
6
7
8
9
10
11
12http {
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
limit_conn_log_level error;
limit_conn_status 503;
...
server {
...
location /download/ {
limit_conn perip 1; # 限制每个IP只能发起1个连接
limt_rate 100k; # 限速为100kb/秒
}
limit_req_module
1 | #limit_req_zone $server_name zone=perserver:10m rate=10r/s; |
10个并发请求测试:
- 拒绝的链接有多少?
- 接受的链接有多少?
burst0.html1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27[root@node1 ~]# siege -b -r 1 -c 10 http://static.sundayle.com/by-uri/burst0.html
** SIEGE 4.0.2
** Preparing 10 concurrent users for battle.
The server is now under siege...
HTTP/1.1 200 0.02 secs: 14 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.01 secs: 206 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.01 secs: 206 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.03 secs: 206 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst0.html
HTTP/1.1 503 0.03 secs: 206 bytes ==> /by-uri/burst0.html
Transactions: 1 hits
Availability: 10.00 %
Elapsed time: 0.03 secs
Data transferred: 0.00 MB
Response time: 0.20 secs
Transaction rate: 33.33 trans/sec
Throughput: 0.06 MB/sec
Concurrency: 6.67
Successful transactions: 1
Failed transactions: 9
Longest transaction: 0.03
Shortest transaction: 0.01
30r/m表示每2秒允许一个新请求。这10个请求中有1个接受,9个被拒绝。
burst5.html1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27[root@node1 ~]# siege -b -r 1 -c 10 http://static.sundayle.com/by-uri/burst5.html
** SIEGE 4.0.2
** Preparing 10 concurrent users for battle.
The server is now under siege...
HTTP/1.1 200 0.06 secs: 14 bytes ==> /by-uri/burst5.html
HTTP/1.1 503 0.14 secs: 206 bytes ==> /by-uri/burst5.html
HTTP/1.1 503 0.14 secs: 206 bytes ==> /by-uri/burst5.html
HTTP/1.1 503 0.14 secs: 206 bytes ==> /by-uri/burst5.html
HTTP/1.1 503 0.14 secs: 206 bytes ==> /by-uri/burst5.html
HTTP/1.1 200 2.02 secs: 14 bytes ==> /by-uri/burst5.html
HTTP/1.1 200 4.02 secs: 14 bytes ==> /by-uri/burst5.html
HTTP/1.1 200 6.02 secs: 14 bytes ==> /by-uri/burst5.html
HTTP/1.1 200 8.02 secs: 14 bytes ==> /by-uri/burst5.html
HTTP/1.1 200 10.02 secs: 14 bytes ==> /by-uri/burst5.html
Transactions: 6 hits
Availability: 60.00 %
Elapsed time: 10.02 secs
Data transferred: 0.00 MB
Response time: 5.12 secs
Transaction rate: 0.60 trans/sec
Throughput: 0.00 MB/sec
Concurrency: 3.07
Successful transactions: 6
Failed transactions: 4
Longest transaction: 10.02
Shortest transaction: 0.06
接受了5个请求,从1/10到6/10成功(其余的被拒绝)。但NGINX更新其令牌并处理接受的请求的方式在这里非常明显:输出速率上限为30r / m,相当于每2秒1个请求
第一个在0.2秒后返回。计时器在2秒后计时,并处理并返回其中一个待处理请求,总往返时间为2.02秒。 2秒后,计时器再次打勾,处理另一个待处理请求,返回的总往返时间为4.02秒。等等等等…
brust50.html1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27[root@node1 ~]# siege -b -r 1 -c 10 http://static.sundayle.com/by-uri/burst50.html
** SIEGE 4.0.2
** Preparing 10 concurrent users for battle.
The server is now under siege...
HTTP/1.1 200 0.01 secs: 14 bytes ==> /by-uri/burst50.html
HTTP/1.1 200 0.02 secs: 14 bytes ==> /by-uri/burst50.html
HTTP/1.1 200 0.02 secs: 14 bytes ==> /by-uri/burst50.html
HTTP/1.1 200 0.02 secs: 14 bytes ==> /by-uri/burst50.html
HTTP/1.1 200 0.02 secs: 14 bytes ==> /by-uri/burst50.html
HTTP/1.1 200 0.02 secs: 14 bytes ==> /by-uri/burst50.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst50.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst50.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst50.html
HTTP/1.1 503 0.02 secs: 206 bytes ==> /by-uri/burst50.html
Transactions: 6 hits
Availability: 60.00 %
Elapsed time: 0.03 secs
Data transferred: 0.00 MB
Response time: 0.03 secs
Transaction rate: 200.00 trans/sec
Throughput: 0.03 MB/sec
Concurrency: 6.33
Successful transactions: 6
Failed transactions: 4
Longest transaction: 0.02
Shortest transaction: 0.01
当爆发= 5时,我们仍然具有相同数量的状态200和503.但是现在输出速率不再严格地限制为每2秒1个请求的速率。只要有一些突发令牌可用,就会立即接受并处理任何传入请求。接受的请求不再受到任何额外的延迟。
限流白名单
1 | http { |
需要重启下nginx才生效
限制请求数
1 | # 要限制请求数,也必须先创建一个限速池,在http段加入如下代码: |
NGINX rate-limiting in a nutshell
Tengine ngx_http_limit_req_module