Welcome to Centmin Mod Community
Become a Member

Nginx # limit_conn limit_per_ip 16; ssi on;

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by RoldanLT, Jul 3, 2014.

Tags:
  1. RoldanLT

    RoldanLT Well-Known Member

    3,790
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,253
    Local Time:
    11:52 PM
    1.11
    10.2
    Can you please give more info about that line?
    My forum is focus on Philippines, and I got 90% Pinoy visitors.

    Most of the user's are using dynamic IP address.
    Philippines has only 2 major internet provider so most of the time user's has the same IP, using shared IP.

    Is it safe for me to enable that?

    Thanks!
     
  2. eva2000

    eva2000 Administrator Staff Member

    27,811
    6,347
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,365
    Local Time:
    1:52 AM
    Nginx 1.13.x
    MariaDB 5.5
    for Centmin Mod it's in reference to commented out line 101 in nginx.conf https://github.com/centminmod/centminmod/blob/master/config/nginx/nginx.conf#L101

    Code:
    #######################################
    # use limit_conn_zone for Nginx >v1.1.8 and higher
    # limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m;
    #######################################
    and is number of connections per IP address, not IP addresses per connection

    so probably not suited for your usage

    see http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_conn

    Syntax:limit_conn zone number;
    Default:—
    Context:http, server, location

    Sets the shared memory zone and the maximum allowed number of connections for a given key value. When this limit is exceeded, the server will return the 503 (Service Temporarily Unavailable) error in reply to a request. For example, the directives

    Code:
    limit_conn_zone $binary_remote_addr zone=addr:10m;
    
    server {
    location /download/ {
    limit_conn addr 1;
    }
    allow only one connection per an IP address at a time.

    When several limit_conn directives are specified, any configured limit will apply. For example, the following configuration will limit the number of connections to the server per a client IP and, at the same time, the total number of connections to the virtual host:

    Code:
    limit_conn_zone $binary_remote_addr zone=perip:10m;
    limit_conn_zone $server_name zone=perserver:10m;
    
    server {
    ...
    limit_conn perip 10;
    limit_conn perserver 100;
    }
     
    • Like Like x 1
  3. RoldanLT

    RoldanLT Well-Known Member

    3,790
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,253
    Local Time:
    11:52 PM
    1.11
    10.2
    How can I adjust that config to limit every IP to have 30 connections at a time?
     
  4. eva2000

    eva2000 Administrator Staff Member

    27,811
    6,347
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,365
    Local Time:
    1:52 AM
    Nginx 1.13.x
    MariaDB 5.5
    2nd post in this thread has the example and Module ngx_http_limit_conn_module

    for example limit 30 connections per IP address

    nginx.conf
    Code:
    http {
    limit_conn_zone $binary_remote_addr zone=addr:10m;
    
    vhost file
    Code:
    server {
    location /download/ {
        limit_conn addr 30;
    }
    
    or limit to 150 requests/second per IP address with burst size 200 50 (point at which 503 errors are shown) Module ngx_http_limit_req_module

    nginx.conf
    Code:
    http {
    limit_req_zone $binary_remote_addr zone=one:10m rate=120r/s;
    
    vhost file
    Code:
    location /search/ {
        limit_req zone=one burst=50;
    }
    
     
    Last edited: Aug 4, 2014
    • Like Like x 1
  5. RoldanLT

    RoldanLT Well-Known Member

    3,790
    929
    113
    May 25, 2014
    Phillipines
    Ratings:
    +1,253
    Local Time:
    11:52 PM
    1.11
    10.2
    If I want to limit whole access to the forum not just /download/ or /search/.
    I will just add limit_req zone=one burst=200;
    On my first location/ {}
    Right?
    Thanks!

    per seconds limit seems best for me.
     
  6. eva2000

    eva2000 Administrator Staff Member

    27,811
    6,347
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,365
    Local Time:
    1:52 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes on root location context /

    but might be better to limit requests to PHP itself via /usr/local/nginx/conf/php.conf (cmd short = phpinc) include file see example Nginx Flood Protection with Limit_req » KBeezie as Nginx static files can handle alot more compared to PHP requests via PHP-FPM

    edited above to burst size 200 50
     
    Last edited: Aug 4, 2014
    • Like Like x 1