Quantcast
Channel: Nginx Forum
Viewing all 53287 articles
Browse latest View live

Limit reqs per user / bot

January 7, 2016, 2:30 pm
$
0
0
I want to limit requests to 1 per second for each user, counting a bot that makes requests from multiple ips as a single user. Does this make sense:

map $http_user_agent $single_user {
default $binary_remote_addr;
~PaperLiBot 1;
}

limit_req_zone $single_user zone=one:10m rate=1r/s;

...

limit_req zone=one burst=2;



Thanks

Dave
Search

Nginx PHP-FPM understanding

January 7, 2016, 4:50 pm
$
0
0
Hi there,

I'm new on this business and i'm setting a new server for a API that receive a lots of requests. I'm using Forge (from Laravel, but in this case i'm using Lumen) and i started to read and follow many tutorials to get better performance.

The server it's a 16GB RAM with 8 CPU cores from Digital Ocean. I used siege and ab for testing and i think the server is handling a lots requets/s (10k) but when i do the testing even with 25 concurrent users, the response time increase a lot (i've the website in dev pointing to this new server, and watching the ajax requests). I noticed by using htop that the CPU's are all working but the RAM is only using 2GB.

I've changed the open file limits and some systemctl tweaks and switched from php-fpm.sock to unix sock. My general configs are:

nginx.conf
worker_processes auto;
pid /run/nginx.pid;
worker_rlimit_nofile 999999;
events {
worker_connections 65000;
multi_accept on;
use epoll;
}

php-fpm pool.d conf:
pm = dynamic
pm.max_children = 100
pm.start_servers = 20
pm.min_spare_servers = 10
pm.max_spare_servers = 20

php.ini
memory_limit = 1024M (i increase this but i didn't saw any effects)

I would appreciate any help/suggestion to get better performance on the response of the php processing or any good reading about this.

Thanks for the help,
Pedro Lopes

Re: How to setup Nginx as REALLY static-cache reverse proxy

January 7, 2016, 5:02 pm
$
0
0
Thanks for the responses guys.

I've tried proxy_store on one config, but now I'm just receiving time-outs when I block the origin server. No stale cache on error at all.

Here are two separate configs I'm using. The first one is as described earlier, with caching and stale cache errors working, although cache is browser dependent.

proxy_cache_path /etc/nginx/cache/abc123.org levels=1:2 keys_zone=abc123:64m inactive=10d max_size=1000m;
server {
listen 443 ssl;
server_name abc123.org;
access_log /var/log/nginx/abc123.org.access.log;
error_log /var/log/nginx/abc123.org.error.log;
include ssl.conf;
#moved from location
proxy_cache_key abc123$request_uri;
location / {
proxy_cache abc123;
#proxy_cache_key abc123$request_uri;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_pass https://abc123.org;
proxy_cache_valid 200 720m;
proxy_cache_valid 301 304 302 720m;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504 http_404;
expires max;
add_header Cache-control "public";
proxy_connect_timeout 3s;
proxy_read_timeout 3s;
proxy_send_timeout 3s;
proxy_cache_revalidate on;
proxy_cache_min_uses 1;
}
}
server {
listen 80;
server_name abc123.org;
return 301 https://$server_name$request_uri;
}

Config with proxy_store

proxy_cache_path /etc/nginx/cache/zxf123.org levels=1:2 keys_zone=zxf123:64m inactive=10d max_size=1000m;
server {
listen 443 ssl;
server_name zxf123.org;
access_log /var/log/nginx/zxf123.org.access.log;
error_log /var/log/nginx/zxf123.org.error.log;
include ssl.conf;
#moved from location
proxy_cache_key $host$request_uri;
location / {
#proxy_cache zxf123;
proxy_store on;
#proxy_cache_key $host$request_uri;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_pass https://zxf123.org;
proxy_cache_valid 200 720m;
proxy_cache_valid 301 304 302 720m;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504 http_404;
expires max;
add_header Cache-control "public";
proxy_connect_timeout 3s;
proxy_read_timeout 3s;
proxy_send_timeout 3s;
proxy_cache_revalidate on;
proxy_cache_min_uses 1;
}
}
server {
listen 80;
server_name zxf123.org;
return 301 https://zxf123.org$request_uri;
}

Re: Limit reqs per user / bot

January 7, 2016, 10:39 pm
$
0
0
No because one user (web browser) can easily open 20 or more simultaneous connections to get a better web response.
A bot might be less prone to do the same but most connect at about 5 simultaneous connections.

Client Authentication Problem when access from android phone

January 8, 2016, 12:33 am
$
0
0
Hi there,

I'm trying to set up reverse proxy server with client authentication.

--- Environment ---
My CA is 2 tier.
Root CA - intermediate CA - Client Certificate.

--- Problem Discripton ---
When I accessed proxy server from laptop pc,
only the correct client certificate was suggested,
and authenticate successfully.

But when I accessed proxy server from android phone,
ALL installed client certificate was suggested,
and if I choose *wrong client certificate authenticate successfully.

*wrong client certificate : certificate that Root CA is same but intermediate CA is different,


My nginx configuration is as follows.
------------------------

ssl on;
ssl_certificate cert/servercert;
ssl_certificate_key cert/serverkey;

ssl_session_timeout 5m;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;

ssl_verify_client on;
ssl_verify_depth 2;
ssl_client_certificate cert/intermediate.cert;
ssl_trusted_certificate cert/intermediate_and_root.cert;

--- END

Best Regards,
atsushi

nginx load balancer config? - help! :)

January 8, 2016, 1:10 am
$
0
0
Hi! I'm new to NGINX and I would like to setup a load balancer for our web server. this is what my /etc/nginx/sites-available/default looks like

upstream server {
server 192.168.1.101;
server 192.168.1.102;
}
server {
listen 80;
location / {
proxy_set_header X*Forwarded*For $proxy_add_x_forwarded_for;
proxy_pass http://server;
}
}

but if i run (nginx -t), i get this error -

nginx: [emerg] unknown directive "upstream server" in /etc/nginx/sites-enabled/default:1
nginx: configuration file /etc/nginx/nginx.conf test failed

searched the internet and they fix this kind of issue by adding it to the http {} or adding this line in the nginx.conf file - include /etc/nginx/sites-enabled/*;
I have tried several solution found on the internet and still got this error. I even created a new VM for a fresh setup, still the same. BTW, i was following this example - https://www.youtube.com/watch?v=SpL_hJNUNEI

Inputs will be greatly appreciated. Thank you!

x-accel-redirect и content-type

January 8, 2016, 6:08 am
$
0
0
Здравствуйте,
На сервере работает nginx 1.2.1 в качестве фронтэнда и apache в качестве бэкэнда.

Никак не могу задать content-type при использовании x-accel-redirect.
Пример ниже синтетический и максимально упрощен для указания на суть проблемы:

<?php
header("Content-Type: image/jpeg");
header("Content-disposition: inline; example.jpg");
header("Content-transfer-encoding: binary");
header("X-Accel-Redirect: /attach/myfile.attach");
?>
возвращает Content-Type как plain/text, а мне нужно, чтобы было image/jpeg!

в то время как идентичный пример, но с любым другим известным (типичным) расширением файла работает так, как нужно:
<?php
header("Content-Type: image/jpeg");
header("Content-disposition: inline; example.jpg");
header("Content-transfer-encoding: binary");
header("X-Accel-Redirect: /attach/myfile.gif");
?>
возвращает Content-Type: image/jpeg

Т.е. Content-Type можно задать только, если у исходного файла какое-то известное nginx расширение. Если же расширение (в моем случае ".attach") не известно nxing, то задать Content-Type никак не получается.
Переименовывать файлы или делать симлинки в данном случае не подходит по ряду причин.
Можно ли как-то решить эту проблему?

No matter what I do http URL turns into https URL

January 8, 2016, 7:40 am
$
0
0
Hello Everyone,

This may have been covered before, but I was unable to find it with Search. Anyway, I have set up a Nginx host to accept incoming connections for port 80 and https on port 443. This is all working fine. However on some browsers, even if I request http (not https) it automatically switches me to https. Can't get it to use http. At first I thought maybe I have some SSL configuration in there that uses Strict-Transport-Security, but that's not the case. At one point I did, but I commented it out and now totally removed it from the configuration file. Still that OS X 10.11 Safari browser only loads the site in https. it will switch from http to https automatically.

I also tried emptying the browser cache here, but nothing. Does not help.

Any ideas? Here is my config file. Maybe I have it set up incorrect?

Thanks in advance for your time.


## Add www

server {
listen 80;
listen 443 ssl http2;
server_name domain.com;
return 301 $scheme://www.domain.com$request_uri;

## SSL CONFIGURATION
ssl_certificate /etc/nginx/ssl/www.domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/www.domain.com.key;
}

## http on port 80
server {
include /etc/nginx/port.conf;

server_name www.domain.com;
root /var/www/www.domain.com/html;
access_log /var/log/nginx/access_www.domain.com.log main if=$writelog;
error_log /var/log/nginx/error_www.domain.com.log error;

## Pagespeed module
#include /etc/nginx/conf.d/pagespeed.conf;

## Bots trap
include /etc/nginx/conf.d/spider.conf;

## SSL CONFIGURATION



## Server maintenance block.
#include /etc/nginx/conf.d/maintenance.conf;
## Error log/page
#include /etc/nginx/conf.d/error_page.conf;

## These locations are protected
location ~ (app|includes|pkginfo|var|errors/local.xml)/ {
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
auth_basic "Restricted Access Area";
auth_basic_user_file /var/www/www.domain.com/.htpasswd;
deny all;
}
include /etc/nginx/conf.d/extra_protect.conf;

## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
}
location =/js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}

## Main Magento @location
location / {
try_files $uri $uri/ @rewrite;
}

location @rewrite {
rewrite / /index.php?$args;
}

## I added the location @missing below to allow advanced URL rewrites
location @missing {
rewrite / /index.php;
}

## Execute PHP scripts
location ~ \.php$ {
include /etc/nginx/conf.d/headers.conf;
##try_files $uri =404;
## I disabled the line above and added the 2 lines below
fastcgi_intercept_errors on;
try_files = $uri @missing;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Store code with multi domain
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
## Default Store code
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store; ## or website;
include fastcgi_params;
}
## Below we allow access to .php script inside the downloader directory - added that to get downloader functionality
location /downloader/ {
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/downloader/index.php;
include /etc/nginx/fastcgi_params;
}
}
}


## https on port 443
server {
include /etc/nginx/port.conf;
listen 443 ssl http2;
server_name www.domain.com;
root /var/www/www.domain.com/html;
access_log /var/log/nginx/access_www.domain.com.log main if=$writelog;
error_log /var/log/nginx/error_www.domain.com.log error;

## Pagespeed module
#include /etc/nginx/conf.d/pagespeed.conf;

## Bots trap
include /etc/nginx/conf.d/spider.conf;

## SSL CONFIGURATION
ssl_certificate /etc/nginx/ssl/www.domain.com.crt;
ssl_certificate_key /etc/nginx/ssl/www.domain.com.key;

ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;

# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/ssl/dhparam.pem;

# modern configuration. tweak to your needs.
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;

# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
#add_header Strict-Transport-Security max-age=15768000;

# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
#ssl_stapling on;
#ssl_stapling_verify on;


## Server maintenance block.
#include /etc/nginx/conf.d/maintenance.conf;
## Error log/page
#include /etc/nginx/conf.d/error_page.conf;

## These locations are protected
location ~ (app|includes|pkginfo|var|errors/local.xml)/ {
satisfy any;
allow 192.168.0.1/24;
allow 127.0.0.1;
auth_basic "Restricted Access Area";
auth_basic_user_file /var/www/www.domain.com/.htpasswd;
deny all;
}
include /etc/nginx/conf.d/extra_protect.conf;

## Images
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
access_log off;
add_header ETag "";
}
location =/js/index.php/x.js {
rewrite ^(.*\.php)/ $1 last;
}

## Main Magento @location
location / {
try_files $uri $uri/ @rewrite;
}

location @rewrite {
rewrite / /index.php?$args;
}

## I added the location @missing below to allow advanced URL rewrites
location @missing {
rewrite / /index.php;
}

## Execute PHP scripts
location ~ \.php$ {
include /etc/nginx/conf.d/headers.conf;
##try_files $uri =404;
## I disabled the line above and added the 2 lines below
fastcgi_intercept_errors on;
try_files = $uri @missing;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
## Store code with multi domain
#fastcgi_param MAGE_RUN_CODE $mage_code;
#fastcgi_param MAGE_RUN_TYPE $mage_type;
## Default Store code
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store; ## or website;
include fastcgi_params;
}
## Below we allow access to .php script inside the downloader directory - I added that to get downloader functionality
location /downloader/ {
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root/downloader/index.php;
include /etc/nginx/fastcgi_params;
}
}
}
Search

How do I rewrite an incoming URL and then redirect?

January 8, 2016, 7:48 am
$
0
0
Hello everyone.

Is it possible with Nginx to first rewrite an incoming URL, and then redirect the rewritten URL?

Example -

Incoming URL: www.domain.com/directory/index.php?id=2&path=4

Want to rewrite it to: www.domain.com/directory/index2.php?id=2&path=4

Then I want to redirect to /index.php


So any incoming URL that:
a) where index.php is not in the document root (like www.domain.com/index.php)
b) where index.php is in the URL in a sub directory or sub-sub directory (like www.domain.com/test/dir/index.php
c) when rewriting it must include all original URL parameters

Then once index.php is rewritten to index2.php we went to redirect that newly rewritten URL to /index.php. Why?

OK, so here is the thing. I am running Magento. And I want to use the Magento URL rewrite feature. But whenever I try to rewrite an incoming old URL to a new Magento URL that contains index.php I get a 404 page. However if I use index2.php then it redirects just fine! I know it's weird, but I think it has something to do with Magento's internal workings and settings.

Anyway I though If I were to set up Nginx to rewrite and then redirect then I could cheat inside Magento and set as incoming URL www.domain.com/test/index2.php?id=.... and it will redirect just fine. Anyone knows anything?

Thanks,

Martin

Re: x-accel-redirect и content-type

January 8, 2016, 8:10 am
$
0
0
Включил отладочный лог nginx и разобрался сам.

Причиной была ошибка в конфиге nginx: для каталога /attach не был указан alias, из-за чего nginx не находил нужный файл в том запросе, где был задан свой Content-Type.
Т.е. было так:
location /attach/ {
internal;
}

а надо было вот так:
location /forum/attach/ {
alias /home/mysite.com/www/attach/;
internal;
}

А для файла с расширением gif сразу было все хорошо т.к. nginx находил его по другому правилу:
location ~* ^.+\.(jpg|jpeg|gif|png)$ {
root /home/mysite.com/www/;
}

Спасибо всем!

Re: Debugging 504 Gateway Timeout and its actual cause and solution

January 8, 2016, 8:36 am
$
0
0
Hello!

On Wed, Jan 06, 2016 at 02:56:43AM -0500, Keyur wrote:

> Thanks Richard & itpp2015 for your response.
>
> Further update :
>
> There are 2 cases :
>
> 1. 504 @ 120 seconds coming with below mentioned error :
>
> 2016/01/05 03:50:54 [error] 1070#0: *201650845 upstream timed out (110:
> Connection timed out) while connecting to upstream, client: 66.249.74.99,
> server: x.x.x.x, request: "GET /some/url HTTP/1.1", upstream:
> "fastcgi://127.0.0.1:9000", host: "example.com"

This means that nginx failed to connect to your backend server in
time. This can happen in two basic cases:

- network problems (unlikely for localhost though); e.g., this can
happen if you have a statefull firewall configured between nginx
and there aren't enough states.

- backend is overloaded and doesn't accept connections fast
enough;

The latter is more likely, and usually happens when using
Linux. Try watching your backend listen socket queue (something
like "ss -nlt" should work on Linux) and/or try switching on
net.ipv4.tcp_abort_on_overflow sysctl to see if it's the case.

> 2. 504 @ 300 seconds coming with below mentioned error :
>
> 2016/01/05 00:51:43 [error] 1067#0: *200656359 upstream timed out (110:
> Connection timed out) while reading response header from upstream, client:
> 115.112.161.9, server: 192.168.12.101, request: "GET /some/url HTTP/1.1",
> upstream: "fastcgi://127.0.0.1:9000", host: "example.com"

The message suggests the backend failed to respond in time to a
particular request. Depending on the request this may be either
some generic problem (i.e., the backend is overloaded) or a
problem with handling of the particular request. Try debugging
what happens on the backend.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Client Authentication Problem when access from android phone

January 8, 2016, 9:06 am
$
0
0
Hello!

On Fri, Jan 08, 2016 at 03:33:56AM -0500, atsushi2550 wrote:

> Hi there,
>
> I'm trying to set up reverse proxy server with client authentication.
>
> --- Environment ---
> My CA is 2 tier.
> Root CA - intermediate CA - Client Certificate.
>
> --- Problem Discripton ---
> When I accessed proxy server from laptop pc,
> only the correct client certificate was suggested,
> and authenticate successfully.
>
> But when I accessed proxy server from android phone,
> ALL installed client certificate was suggested,
> and if I choose *wrong client certificate authenticate successfully.
>
> *wrong client certificate : certificate that Root CA is same but
> intermediate CA is different,

It's not possible to limit client authentication to only allow
certs issued by an intermediate CA. All certificates which can be
verified up to the trusted root CA are allowed.

If you need to additionally limit access to only allow certain
certs, you can do so based on variables provided by the SSL
module, see here:

http://nginx.org/en/docs/http/ngx_http_ssl_module.html#variables

Something like

if ($ssl_client_i_dn != "...") {
return 403;
}

should be appropriate in your case.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: logging

January 8, 2016, 9:28 am
$
0
0
Hello!

On Wed, Jan 06, 2016 at 09:11:54AM -0500, tammini wrote:

> Is it possible to log websocket requests in nginx access log ? Or is this
> logging restricted only to http requests ?

WebSocket requests are no different from other HTTP requests -
they just establish a WebSocket connection using the Upgrade HTTP
mechanism. They are logged to access logs much like other HTTP
requests once the WebSocket connection is closed.

Note though that it's not possible to log what happens inside a
WebSocket connection.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Reverse proxy, proxy_pass

January 8, 2016, 10:04 am
$
0
0
Hello!

On Wed, Jan 06, 2016 at 05:52:20PM -0600, Amir Kaivani wrote:

> Hi there,
>
> Here is a part of my nginx config file:
>
> location /test/ {
> proxy_pass http://localhost:1024/;
> }
>
> If I have it as above the GET /test/xxxx request will be sent to port 1024
> as /xxxx and it also decodes the URI.
>
> I know that if I remove / from the end of proxy_pass then it'll send the
> URI without decoding special characters (such as %2F). But in this case it
> sends /test/xxxx to port 1024.
>
> So, my question is how I can get nginx to remove /test/ from the URI but
> does NOT decode special characters (such as %2F)?

How do you expect nginx to remove "/test/" without decoding
special characters? E.g., what should happen if the request is to
"/test%2F", "/t%65st/", or "/test//"?

As long as you have an answer, you can try constructing
appropriate URI to upstream request yourself by using proxy_pass
with variables. When proxy_pass is used with variables, nginx
won't try to do anything with URI specified and will pass it ass
is.

E.g., assuming all requests start with "/test/" and there are no
escaping problems:

location /test/ {
set $changed_uri "/";

if ($request_uri ~ "^/test(/.*)") {
set $changed_uri $1;
}

proxy_pass http://localhost:1024$changed_uri;
}

Note though, that such approach is likely to cause problems unless
used with care.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: support for proxy_http_version automatically detect

January 8, 2016, 10:10 am
$
0
0
Hello!

On Thu, Jan 07, 2016 at 01:16:55PM +0800, Chuanwen Chen wrote:

> In our case, we needed to set proxy_http_version to 1.0 or 1.1 according to
> client, because the clients for http 1.0 could not proceed chunked encoding
> gzip through keep-alive connections correctly, but 'proxy_http_version'
> didn't help.

I don't understand what problem you are trying to solve.

Protocols used by proxy and by clients are unrelated. As long as
a response returned by a backend don't have Content-Length set,
nginx will automatically use chunked transfer encoding if client
supports it. And vice versa, if a client uses HTTP/1.0, nginx will
not use chunked transfer encoding in such a case, and will close
the connection instead.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Search

Re: No matter what I do http URL turns into https URL

January 8, 2016, 10:35 am
$
0
0
> even if I request http (not https) it automatically switches me to https. Can't get it to use http.

> server {
> listen 80; <<<===
> listen 443 ssl http2;
> return 301 $scheme://www.domain.com$request_uri;

Duh :-)

Re: Limit reqs per user / bot

January 8, 2016, 11:52 am
$
0
0
itpp2012 Wrote:
-------------------------------------------------------
> No because one user (web browser) can easily open 20 or more
> simultaneous connections to get a better web response.
> A bot might be less prone to do the same but most connect at about 5
> simultaneous connections.


The limit_req will only be used for requests to dynamic pages, so there should only be one connection per user at a time.

Re: Limit reqs per user / bot

January 8, 2016, 12:06 pm
$
0
0
You should use limit_conn
<http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn>
in conjunction with limit_req
<http://nginx.org/en/docs/http/ngx_http_limit_req_module.html#limit_req>.
They are supplementing each other.
---
*B. R.*

On Fri, Jan 8, 2016 at 8:52 PM, djeyewater <nginx-forum@forum.nginx.org>
wrote:

> itpp2012 Wrote:
> -------------------------------------------------------
> > No because one user (web browser) can easily open 20 or more
> > simultaneous connections to get a better web response.
> > A bot might be less prone to do the same but most connect at about 5
> > simultaneous connections.
>
>
> The limit_req will only be used for requests to dynamic pages, so there
> should only be one connection per user at a time.
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,263891,263907#msg-263907
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Hello

January 8, 2016, 2:35 pm
$
0
0
Just joined. Still puzzling where I can post questions for help.

nginx-upsync-module

January 9, 2016, 12:11 am
$
0
0
hi nginx ers,

I make a new nginx module: syncing upstreams from consul or etcd and so on;

Now it only support consul, I think it is cool, github adress: https://github.com/weibocom/nginx-upsync-module .

If you are interested in the module, please try it, any feedback is welcome.

Thanks
Viewing all 53287 articles
Browse latest View live
Search