limit_rate
名稱默認配置作用域官方說明中文解讀模塊
limit_ratelimit_rate 0;http, server, location, if in locationLimits the rate of response transmission to a client. The rate is specified in bytes per second. The zero value disables rate limiting. The limit is set per a request, and so if a client simultaneously opens two connections, the overall rate will be twice as much as the specified limit.指定每秒該連接能下載的bytes,主要用來限制個別請求的帶寬ngx_http_core_module
limit_rate_afterlimit_rate_after 0;http, server, location, if in locationSets the initial amount after which the further transmission of a response to a client will be rate limited.設置多少bytes過后將啟動limit計數,如果小于此值則不限速ngx_http_core_module
limit_except沒有默認值locationLimits allowed HTTP methods inside a location. The method parameter can be one of the following: GET, HEAD, POST, PUT, DELETE, MKCOL, COPY, MOVE, OPTIONS, PROPFIND, PROPPATCH, LOCK, UNLOCK, or PATCH. Allowing the GET method makes the HEAD method also allowed設置除了指定的http methods外其他method將被限制,允許GET就自動允許HEAD方法ngx_http_core_module
實例
location /downloads {? ? ? ? ? ? limit_rate_after1m;? ? ? ? ? ? limit_rate500k;? ? ? ? }? ? ? ? location / {? ? ? ? ? ? proxy_pass http://localhost:3000;limit_except GET {? ? ? ? ? ? ? ? deny all;? ? ? ? ? ? }? ? ? ? }
limit_conn
名稱默認配置作用域官方說明中文解讀模塊
limit_conn沒有默認值,語法 limit_conn zone number;http, server, locationSets the shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will return the error in reply to a request.指定一個zone的每個key最大連接數ngx_http_limit_conn_module
limit_conn_zone沒有默認值,語法 limit_conn_zone key zone=name:size;httpSets parameters for a shared memory zone that will keep states for various keys. In particular, the state includes the current number of connections. The key can contain text, variables, and their combination. Requests with an empty key value are not accounted.第一個參數是key,第二個參數是指定zone及其存放元數據(key,current num of conns per key,zone size)的共享內存大小ngx_http_limit_conn_module
limit_conn_log_levellimit_conn_log_level error;http, server, locationSets the desired logging level for cases when the server limits the number of connections. This directive appeared in version 0.8.18.指定當觸發(fā)limit的時候日志打印級別ngx_http_limit_conn_module
實例
http {? ? limit_conn_zone$binary_remote_addrzone=ips:10m;? ? limit_conn_zone$server_namezone=servers:10m;? ? limit_conn_log_level notice;? ? server {# these limits apply to the whole virtual serverlimit_conn ips 10;# only 1000 simultaneous connections to the same server_namelimit_conn servers 1000;? ? }}
limit_req
名稱默認配置作用域官方說明中文解讀模塊
limit_req沒有默認值,語法 limit_req zone=name [burst=number] [nodelay];http, server, locationSets the shared memory zone and the maximum burst size of requests. If the requests rate exceeds the rate configured for a zone, their processing is delayed such that requests are processed at a defined rate. Excessive requests are delayed until their number exceeds the maximum burst size in which case the request is terminated with an error.指定zone的burst大小ngx_http_limit_req_module
limit_req_zone沒有默認值,語法 limit_req_zone key zone=name:size rate=rate;httpSets parameters for a shared memory zone that will keep states for various keys. In particular, the state stores the current number of excessive requests. The key can contain text, variables, and their combination. Requests with an empty key value are not accounted.第一個參數指定key,第二個參數指定zone名稱和元數據的內存大小,第三個參數rate指定單位時間的請求數閾值ngx_http_limit_req_module
limit_req_log_levellimit_req_log_level error;http, server, locationSets the desired logging level for cases when the server refuses to process requests due to rate exceeding, or delays request processing. Logging level for delays is one point less than for refusals.指定觸發(fā)req limit時打印的日志級別ngx_http_limit_req_module
實例
http { limit_req_zone$binary_remote_addrzone=myreqzone:10m limit_req_log_level warn; server {## 每個ip限定10個連接數## 正常一個瀏覽器給每個host開兩到三個連接## 觸發(fā)的話會返回503## nodelay表示一上來就直接計算,不經過一些預熱后再計算limit_req zone=myreqzone burst=10 nodelay; }}
doc
limit_conn (限制客戶端的并發(fā)連接數)測試方法:
配置如下:
server {
? ? ? ? listen 5657;
? ? ? ? server_name server_bb;
? ? ? ? limit_rate 100k;
? ? ? ? limit_conn server_bb 1;
? ? ? ? location / {
? ? ? ? ? ? root html;
? ? ? ? }?
? ? }
}
curl一個大文件:
curl http://192.168.137.101:5657/test
之后查看nginx上的連接數
[root@fanpf-resty conf]# netstat -anpt | grep 192.168.137.201 | grep? ESTABLISHED | wc -l
1
再次curl一個大文件:
curl http://192.168.137.101:5657/test
返回503:
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>openresty/1.15.8.1rc1</center>
</body>
</html>
證明每個客戶端限制1個鏈接成功了材泄。
