ngx_http_limit_conn_module Module
1. The ngx_http_limit_conn_module module limits the number of connections based on the configured key, such as limiting the number of connections based on the IP address.
2. Only connections that are currently being processed by the server and whose request headers have been read will be counted towards the limit.
limit_conn_zone Directive
1. Sets up a memory zone to store key state information and the current number of connections.
2. Can only be set in the http block, with the syntax<span>limit_conn_zone key zone=name:size;</span>.
3. The key can be text, variables, or a combination of text and variables. Versions prior to 1.7.6 can only contain one variable.
# Set up a zone named addr with a size of 10m, using $binary_remote_addr as the key for the client IP address.
limit_conn_zone $binary_remote_addr zone=addr:10m;
limit_conn and limit_conn_status Directives
1. The limit_conn directive is used to limit the maximum number of connections for the specified key and shared memory zone.
2. If the connections exceed the limit, the server returns a request rejection error, with the default return status code of 503 (which can be customized using the limit_conn_status directive).
3. In HTTP/2 and HTTP/3, each concurrent request is an independent connection.
4. Syntax:<span>limit_conn zone number;</span>
5. Configurable blocks:<span>http, server, location</span>
6. For example, to limit each IP to only 1 connection at the same time:
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location /download/ {
alias /var/www/images/;
limit_conn addr 1;
}
}
7. Test: Start 5 threads in jmeter to request the same resource within 1 second (the requested image is about 10M to ensure it occupies the connection for a longer time).
Because<span><span>limit_conn addr 1</span></span> limits the same IP to only 1 connection at the same time, among the 5 requests, only one returned 200, while the other 4 requests were rejected, and the default error status code was 503, as shown in the figure below:
Modify the limit to allow 3 connections for the same IP at the same time, and customize the error status code for rejected requests to 500, set as follows:
limit_conn_zone $binary_remote_addr zone=addr:10m;
server {
location /download/ {
alias /var/www/images/;
# Set connection count
limit_conn addr 3;
# Customize the error status code for service rejection
limit_conn_status 500;
}
}
After adjustment, among the 5 requests, 3 succeeded, and the error status code changed to 500, as shown in the figure below:
8. The limit_conn directive can be configured multiple times, and these directives will take effect simultaneously, such as:
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
server {
# Other configurations
# ...
# Limit each client IP to 10 connections
limit_conn perip 10;
# Limit each virtual host (server block) to 100 connections
limit_conn perserver 100;
}
9. The limit_conn directive will override settings in the parent configuration block, and will only inherit from the parent block if the limit_conn directive does not appear in the current block.
limit_conn_log_level Directive
1. Used to set the log level for connection limit exceedance.
2. The syntax is<span>limit_conn_log_level info | notice | warn | error;</span>, with the default level being error.
Adjusting the log level:
location /images/ {
alias /var/www/images/;
limit_conn addr 3;
limit_conn_status 500;
limit_conn_log_level info;
error_log logs/images_conn_limit.log info;
}
The effect of setting the log level to info: