Tengine中应用 ngx_http_limit_req_mo
2020-05-29 本文已影响0人
追风骚年
nginx 中安装 ngx_http_limit_req_module 模块各种源码编译安装还是比较复杂,既然有现成的 Tengine,故尝试使用 Tengine 替换 nginx。
由于 Tengine 完全兼容 nginx 语法,只需要额外调整个别参数就能变成一个高性能服务,官方文档比较坑,有个别地方写错了,这么多年过去了,也没人去修改。
重点:
-
limit_req_zone需要放在 conf 的 http 下面。 -
limit_req需要放在 conf 的 location 下面。
user nginx;
# This number should be, at maximum, the number of CPU cores on your system.
worker_processes auto; # Tengine 专有写法,等于 cpu 个进程
worker_cpu_affinity auto; # Tengine 专有写法,自动绑定 cpu 进程亲和性
error_log /var/log/nginx/error.log error;
pid /var/run/nginx.pid;
events {
# The effective method, used on Linux 2.6+, optmized to serve many clients with each thread.
use epoll;
# Determines how many clients will be served by each worker process.
worker_connections 65535; # 建议调整最大
# Accept as many connections as possible, after nginx gets notification about a new connection.
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
#long time
check_shm_size 5M;
# Allow the server to close the connection after a client stops responding.
reset_timedout_connection on;
client_header_timeout 15;
# Send the client a "request timed out" if the body is not loaded by this time.
client_body_timeout 10;
# If the client stops reading data, free up the stale client connection after this much time.
send_timeout 15;
# Timeout for keep-alive connections. Server will close connections after this time.
keepalive_timeout 30;
# Number of requests a client can make over the keep-alive connection.
keepalive_requests 30;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
client_body_buffer_size 128k;
client_max_body_size 10m;
proxy_read_timeout 180s;
# Compression.
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "msie6";
# Sendfile copies data between one FD and other from within the kernel.
sendfile on;
# Don't buffer data-sends (disable Nagle algorithm).
tcp_nodelay on;
# Causes nginx to attempt to send its HTTP response head in one packet, instead of using partial frames.
tcp_nopush on;
# Hide web server information
server_tokens off;
server_info off;
server_tag off;
# redirect server error pages to the static page
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
# 定义一个空间变量,允许每秒请求 2 次,分配 100m 内存存储ip信息
limit_req_zone $binary_remote_addr $request_uri zone=req_limit:100m rate=2r/s;
# geo 定义 ip 地址 ,两种方法,一种是指定单个ip,另外一种是声明 ranges,指定ip范围
geo $white_ip_single {
default 0;
39.156.69.79 1;
39.156.69.80 1;
}
geo $white_ip_range {
ranges;
default 0;
39.156.69.79~39.156.69.255 1;
}
limit_req_whitelist geo_var_name=white_ip_single geo_var_value=1;
limit_req_whitelist geo_var_name=white_ip_range geo_var_value=1;
upstream swoft-upstream {
server swoft:18316;
}
server {
server_name "localhost";
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
index index.html index.htm;
charset utf-8;
location / {
# 根据上面定义的 zone 限制请求 但是允许浮动 5个请求
limit_req zone=req_limit burst=5;
# proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
proxy_set_header Connection "keep-alive";
proxy_pass http://swoft-upstream;
}
location ~ /\.(?!well-known).* {
deny all;
}
}
}
直接粘贴 conf 文件了,不过多解释了。
