Tengine中应用 ngx_http_limit_req_module

nginx 中安装 ngx_http_limit_req_module 模块各种源码编译安装还是比较复杂,既然有现成的 Tengine,故尝试使用 Tengine 替换 nginx。

由于 Tengine 完全兼容 nginx 语法,只需要额外调整个别参数就能变成一个高性能服务,官方文档比较坑,有个别地方写错了,这么多年过去了,也没人去修改。

重点:

  • limit_req_zone 需要放在 conf 的 http 下面。
  • limit_req 需要放在 conf 的 location 下面。
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
user  nginx;
# This number should be, at maximum, the number of CPU cores on your system.
worker_processes auto; # Tengine 专有写法,等于 cpu 个进程
worker_cpu_affinity auto; # Tengine 专有写法,自动绑定 cpu 进程亲和性

error_log /var/log/nginx/error.log error;
pid /var/run/nginx.pid;


events {
# The effective method, used on Linux 2.6+, optmized to serve many clients with each thread.
use epoll;
# Determines how many clients will be served by each worker process.
worker_connections 65535; # 建议调整最大
# Accept as many connections as possible, after nginx gets notification about a new connection.
multi_accept on;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

#long time
check_shm_size 5M;
# Allow the server to close the connection after a client stops responding.
reset_timedout_connection on;
client_header_timeout 15;
# Send the client a "request timed out" if the body is not loaded by this time.
client_body_timeout 10;
# If the client stops reading data, free up the stale client connection after this much time.
send_timeout 15;
# Timeout for keep-alive connections. Server will close connections after this time.
keepalive_timeout 30;
# Number of requests a client can make over the keep-alive connection.
keepalive_requests 30;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';


client_body_buffer_size 128k;
client_max_body_size 10m;
proxy_read_timeout 180s;

# Compression.
gzip on;
gzip_min_length 10240;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;
gzip_disable "msie6";

# Sendfile copies data between one FD and other from within the kernel.
sendfile on;
# Don't buffer data-sends (disable Nagle algorithm).
tcp_nodelay on;
# Causes nginx to attempt to send its HTTP response head in one packet, instead of using partial frames.
tcp_nopush on;


# Hide web server information
server_tokens off;
server_info off;
server_tag off;

# redirect server error pages to the static page
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;

# 定义一个空间变量,允许每秒请求 2 次,分配 100m 内存存储ip信息
limit_req_zone $binary_remote_addr $request_uri zone=req_limit:100m rate=2r/s;


# geo 定义 ip 地址 ,两种方法,一种是指定单个ip,另外一种是声明 ranges,指定ip范围
geo $white_ip_single {
default 0;
39.156.69.79 1;
39.156.69.80 1;
}

geo $white_ip_range {
ranges;
default 0;
39.156.69.79~39.156.69.255 1;
}

limit_req_whitelist geo_var_name=white_ip_single geo_var_value=1;
limit_req_whitelist geo_var_name=white_ip_range geo_var_value=1;


upstream swoft-upstream {
server swoft:18316;
}

server {
server_name "localhost";
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
index index.html index.htm;
charset utf-8;

location / {
# 根据上面定义的 zone 限制请求 但是允许浮动 5个请求
limit_req zone=req_limit burst=5;
# proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
# proxy_set_header Upgrade $http_upgrade;
# proxy_set_header Connection "upgrade";
proxy_set_header Connection "keep-alive";
proxy_pass http://swoft-upstream;
}

location ~ /\.(?!well-known).* {
deny all;
}
}
}

直接粘贴 conf 文件了,不过多解释了。

参考文档

坚持原创技术分享,您的支持将鼓励我继续创作!