Join the community today
Become a Member

Nginx Nginx Limit Requests

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Glock, May 19, 2016.

  1. Glock

    Glock New Member

    15
    7
    3
    Oct 28, 2015
    Ratings:
    +7
    Local Time:
    11:45 PM
    Hello all,
    I was just wondering if anyone had any ideas how best to manage this on our server and what to do..

    We have Nginx on Centos, and Centminmod for XF and when the site gets very busy I get a lof of 503 errors, now I understand why that happens even though I may not know 100% how to get around it..
    However this afternoon and this evening, the server has dropped twice on me.
    First I thought it was our hosts so contacted them - all fine their end, then I ran tracerts and the usual things.
    It was the server, it shut down port 80..
    When I downloaded the huge logs, it appears Nginx Limit requests had closed connections and shut up shop. I will admit, I am not an expert here but it brought the site down and in my logs I have thousands of lines of errors and timeouts.
    From what I understand, the requests limit is great for anti DOS/DDOS but what about when the server/site gets busy..?
    How do I enable a bit more connections without being fully exposed, but also without this kicking in and bringing the site down as it did twice this evening?

    I had to force Nginx to restart again.
    I need to brush up on my reading here I think... :p
    Many thanks
    Regards
     
  2. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    9:45 AM
    Nginx 1.13.x
    MariaDB 5.5
    trial and error really only way as logic dictates the rate limit has to be high enough to handle legit traffic. If you can handle the higher legit traffic request limit, it means you can handle the higher potential ddos request rate too

    what request rate do you have current set as per Module ngx_http_limit_req_module ?
     
    • Like Like x 1
  3. Glock

    Glock New Member

    15
    7
    3
    Oct 28, 2015
    Ratings:
    +7
    Local Time:
    11:45 PM
    Yes so a double edged sword.. Hmm.
    Is this it @eva2000 :oops:
    limit_req_zone $binary_remote_addr zone=delta:8m rate=15r/s;
     
  4. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    9:45 AM
    Nginx 1.13.x
    MariaDB 5.5
    yes that defines the rate limit but you would have an accompanying limit_req entry in nginx vhost for where you want to rate limit to apply

    15r/s is too low - an average nginx/php-fpm decently spec'd and configured server would be easily able to handle between 30-60 requests/s when it involves a php based web app with db backend calls and you don't need to rate limit everything in default server{} context just stuff that is resource intensive

    i.e. limit_req zone=delta for only xenforo's /online requests using request limit defined by limit_req_zone set zone=delta
    Code (Text):
      location = /online/ {
            limit_req zone=delta burst=30;
            try_files $uri $uri/ /index.php?$uri&$args;
    }


    and can have separate rate limits for different areas/directories
    Code (Text):
    limit_req_zone $binary_remote_addr zone=search:8m rate=15r/s;
    limit_req_zone $binary_remote_addr zone=usersonline:8m rate=25r/s;
    limit_req_zone $binary_remote_addr zone=login:8m rate=5r/s;
     
    Last edited: May 19, 2016
    • Like Like x 2
  5. pamamolf

    pamamolf Well-Known Member

    2,821
    253
    83
    May 31, 2014
    Ratings:
    +447
    Local Time:
    1:45 AM
    Nginx-1.13.x
    MariaDB 10.1.x
    But how Nginx it knows that zone=login is for forum or site login?

    Is there a related table with such entries and what we can use?

    Didn't know that.....
     
    • Like Like x 1
  6. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    9:45 AM
    Nginx 1.13.x
    MariaDB 5.5
    read Module ngx_http_limit_req_module the limit_req defined zone=XXXX in your vhost is set the zone you create in limit_req_zone definition i.e. in above example to zone delta, online and login
     
    • Like Like x 1
  7. Glock

    Glock New Member

    15
    7
    3
    Oct 28, 2015
    Ratings:
    +7
    Local Time:
    11:45 PM
    Hmm okay. I shall have to do some digging.
    Matt set this up for me and I am unsure what he has set up in the config files.
    I've downloaded a copy and made some changes myself ages ago, but aside from the phew changes I made (directory things) it's as he left it. So will have to adjust it going by this..
    Thank you so much, it explains why the server and site goes potty when there's lots happening on there. I can't even download my database without the server coming to a crawl.
    Thank you.
     
  8. eva2000

    eva2000 Administrator Staff Member

    30,956
    6,917
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +10,418
    Local Time:
    9:45 AM
    Nginx 1.13.x
    MariaDB 5.5
    ah ensure you backup the original settings so you can revert as you don't want to screw up @Matt's work :)
     
    • Like Like x 1
  9. Glock

    Glock New Member

    15
    7
    3
    Oct 28, 2015
    Ratings:
    +7
    Local Time:
    11:45 PM
    I certainly will! :D Don't want to mess it up that's certain.. :)
     
    • Like Like x 1
  10. Glock

    Glock New Member

    15
    7
    3
    Oct 28, 2015
    Ratings:
    +7
    Local Time:
    11:45 PM
    This is a lot for me to take in and work out. A bit over my head/depth. I have some serious homework to do.
    Thank you again, I am noticing a lot of slow downs when the site gets busy and I have a really very good server so it definitely explains things.
    Our server is a quad core (8 cores) 64GB RAM and 2tb of SSD's and fast Internet.. So it does explain why the site slows down.
    Just a lot to take in and amend. But thank you again. :)
     
    • Like Like x 1