/ Register

Get the most out of your Centmin Mod LEMP stack
Become a Member

Nginx # limit_conn limit_per_ip 16; ssi on;

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by rdan, Jul 3, 2014.

Tags:
Previous Thread Next Thread
Loading...
  1. Jul 3, 2014 #1
    rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    8:14 AM
    Mainline
    10.2
    Can you please give more info about that line?
    My forum is focus on Philippines, and I got 90% Pinoy visitors.

    Most of the user's are using dynamic IP address.
    Philippines has only 2 major internet provider so most of the time user's has the same IP, using shared IP.

    Is it safe for me to enable that?

    Thanks!
     
  2. Jul 3, 2014 #2
    eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    10:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    for Centmin Mod it's in reference to commented out line 101 in nginx.conf https://github.com/centminmod/centminmod/blob/master/config/nginx/nginx.conf#L101

    Code:
    #######################################
# use limit_conn_zone for Nginx >v1.1.8 and higher
# limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
#######################################
    and is number of connections per IP address, not IP addresses per connection

    so probably not suited for your usage

    see http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn

    Syntax:limit_conn zone number;
    Default:—
    Context:http, server, location

    Sets the shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will return the 503 (Service Temporarily Unavailable) error in reply to a request. For example, the directives

    Code:
    limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
location /download/ {
limit_conn addr 1;
}
    allow only one connection per an IP address at a time.

    When several limit_conn directives are specified, any configured limit will apply. For example, the following configuration will limit the number of connections to the server per a client IP and, at the same time, the total number of connections to the virtual host:

    Code:
    limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;

server {
...
limit_conn perip 10;
limit_conn perserver 100;
}
     
  3. Aug 4, 2014 #3
    rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    8:14 AM
    Mainline
    10.2
    How can I adjust that config to limit every IP to have 30 connections at a time?
     
  4. Aug 4, 2014 #4
    eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    10:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    2nd post in this thread has the example and Module ngx_http_limit_conn_module

    for example limit 30 connections per IP address

    nginx.conf
    Code:
    http {
limit_conn_zone $binary_remote_addr zone=addr:10m;
    vhost file
    Code:
    server {
location /download/ {
    limit_conn addr 30;
}
    or limit to 150 requests/second per IP address with burst size 200 50 (point at which 503 errors are shown) Module ngx_http_limit_req_module

    nginx.conf
    Code:
    http {
limit_req_zone $binary_remote_addr zone=one:10m rate=120r/s;
    vhost file
    Code:
    location /search/ {
    limit_req zone=one burst=50;
}
     
    Last edited: Aug 4, 2014
  5. Aug 4, 2014 #5
    rdan

    rdan Well-Known Member

    5,446
    1,408
    113
    May 25, 2014
    Ratings:
    +2,201
    Local Time:
    8:14 AM
    Mainline
    10.2
    If I want to limit whole access to the forum not just /download/ or /search/.
    I will just add limit_req zone=one burst=200;
    On my first location/ {}
    Right?
    Thanks!

    per seconds limit seems best for me.
     
  6. Aug 4, 2014 #6
    eva2000

    eva2000 Administrator Staff Member

    54,605
    12,225
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,794
    Local Time:
    10:14 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    yes on root location context /

    but might be better to limit requests to PHP itself via /usr/local/nginx/conf/php.conf (cmd short = phpinc) include file see example Nginx Flood Protection with Limit_req » KBeezie as Nginx static files can handle alot more compared to PHP requests via PHP-FPM

    edited above to burst size 200 50
     
    Last edited: Aug 4, 2014
Previous Thread Next Thread
Loading...

.