Hello all, I was just wondering if anyone had any ideas how best to manage this on our server and what to do.. We have Nginx on Centos, and Centminmod for XF and when the site gets very busy I get a lof of 503 errors, now I understand why that happens even though I may not know 100% how to get around it.. However this afternoon and this evening, the server has dropped twice on me. First I thought it was our hosts so contacted them - all fine their end, then I ran tracerts and the usual things. It was the server, it shut down port 80.. When I downloaded the huge logs, it appears Nginx Limit requests had closed connections and shut up shop. I will admit, I am not an expert here but it brought the site down and in my logs I have thousands of lines of errors and timeouts. From what I understand, the requests limit is great for anti DOS/DDOS but what about when the server/site gets busy..? How do I enable a bit more connections without being fully exposed, but also without this kicking in and bringing the site down as it did twice this evening? I had to force Nginx to restart again. I need to brush up on my reading here I think... Many thanks Regards
trial and error really only way as logic dictates the rate limit has to be high enough to handle legit traffic. If you can handle the higher legit traffic request limit, it means you can handle the higher potential ddos request rate too what request rate do you have current set as per Module ngx_http_limit_req_module ?
Yes so a double edged sword.. Hmm. Is this it @eva2000 limit_req_zone $binary_remote_addr zone=delta:8m rate=15r/s;
yes that defines the rate limit but you would have an accompanying limit_req entry in nginx vhost for where you want to rate limit to apply 15r/s is too low - an average nginx/php-fpm decently spec'd and configured server would be easily able to handle between 30-60 requests/s when it involves a php based web app with db backend calls and you don't need to rate limit everything in default server{} context just stuff that is resource intensive i.e. limit_req zone=delta for only xenforo's /online requests using request limit defined by limit_req_zone set zone=delta Code (Text): location = /online/ { limit_req zone=delta burst=30; try_files $uri $uri/ /index.php?$uri&$args; } and can have separate rate limits for different areas/directories Code (Text): limit_req_zone $binary_remote_addr zone=search:8m rate=15r/s; limit_req_zone $binary_remote_addr zone=usersonline:8m rate=25r/s; limit_req_zone $binary_remote_addr zone=login:8m rate=5r/s;
But how Nginx it knows that zone=login is for forum or site login? Is there a related table with such entries and what we can use? Didn't know that.....
read Module ngx_http_limit_req_module the limit_req defined zone=XXXX in your vhost is set the zone you create in limit_req_zone definition i.e. in above example to zone delta, online and login
Hmm okay. I shall have to do some digging. Matt set this up for me and I am unsure what he has set up in the config files. I've downloaded a copy and made some changes myself ages ago, but aside from the phew changes I made (directory things) it's as he left it. So will have to adjust it going by this.. Thank you so much, it explains why the server and site goes potty when there's lots happening on there. I can't even download my database without the server coming to a crawl. Thank you.
ah ensure you backup the original settings so you can revert as you don't want to screw up @Matt's work
This is a lot for me to take in and work out. A bit over my head/depth. I have some serious homework to do. Thank you again, I am noticing a lot of slow downs when the site gets busy and I have a really very good server so it definitely explains things. Our server is a quad core (8 cores) 64GB RAM and 2tb of SSD's and fast Internet.. So it does explain why the site slows down. Just a lot to take in and amend. But thank you again.