想要使用nginx配置限速，有什么好方法求指教~

ccore · 发表于 2023-12-16 20:45:21

目的：通过修改Nginx配置信息，达到每个用户访问频率超过20次/分钟，限制访问加载速度为50k/s。超过1次/s则返回503。
问了一个小时百度AI，最后给我的配置代码报错。求各位前辈们不吝指教。

Nginx版本：1.22.1

以下是现有的Nginx配置代码。

user  www www;
worker_processes auto;
error_log  /www/wwwlogs/nginx_error.log  crit;
pid       /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

stream {
log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';

access_log /www/wwwlogs/tcp-access.log tcp_format;
error_log /www/wwwlogs/tcp-error.log;
include /www/server/panel/vhost/nginx/tcp/*.conf;
}

events
{
      use epoll;
      worker_connections 51200;
      multi_accept on;
}

http
{
      include    mime.types;
#include luawaf.conf;

include proxy.conf;

      default_type  application/octet-stream;

      server_names_hash_bucket_size 512;
      client_header_buffer_size 32k;
      large_client_header_buffers 4 32k;
      client_max_body_size 50m;

      sendfile on;
      tcp_nopush on;

      keepalive_timeout 60;

      tcp_nodelay on;

      fastcgi_connect_timeout 300;
      fastcgi_send_timeout 300;
      fastcgi_read_timeout 300;
      fastcgi_buffer_size 64k;
      fastcgi_buffers 4 64k;
      fastcgi_busy_buffers_size 128k;
      fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;

      gzip on;
      gzip_min_length 1k;
      gzip_buffers    4 16k;
      gzip_http_version 1.1;
      gzip_comp_level 1;
      gzip_types    text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
      gzip_vary on;
      gzip_proxied expired no-cache no-store private auth;
      gzip_disable "MSIE [1-6]\.";

      limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;

      server_tokens off;
      access_log off;

server
{
      listen 888;
      server_name phpmyadmin;
      index index.html index.htm index.php;
      root  /www/server/phpmyadmin;
         location ~ /tmp/ {
            return 403;
         }

      #error_page 404 /404.html;
      include enable-php.conf;

      location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
      {
         expires    30d;
      }

      location ~ .*\.(js|css)?$
      {
         expires    12h;
      }

      location ~ /\.
      {
         deny all;
      }

      access_log  /www/wwwlogs/access.log;
}
include /www/server/panel/vhost/nginx/*.conf;
}

乌拉擦 · 发表于 2023-12-16 20:47:44

有时碰见感兴趣文章连着打开看一个关一个，正中规则

ccore · 发表于 2023-12-16 20:48:49

乌拉擦发表于 2023-12-16 20:47
有时碰见感兴趣文章连着打开看一个关一个，正中规则

所以想要限速50k让他访问慢点嘛

李好坏 · 发表于 2023-12-16 20:53:07

本帖最后由李好坏于 2023-12-16 21:20 编辑

http 段
# 创建请求限制区域，并设置限速
limit_req_zone $binary_remote_addr zone=DDOS:10m rate=1r/s;
limit_conn_zone $binary_remote_addr zone=DDOS:10m;

复制代码

## service 段
limit_conn DDOS 50;
limit_req zone=DDOS burst=100 nodelay;

复制代码

ccore · 发表于 2023-12-16 20:56:54

李好坏发表于 2023-12-16 20:53

user  www www;
worker_processes auto;
error_log  /www/wwwlogs/nginx_error.log  crit;
pid       /www/server/nginx/logs/nginx.pid;
worker_rlimit_nofile 51200;

stream {
log_format tcp_format '$time_local|$remote_addr|$protocol|$status|$bytes_sent|$bytes_received|$session_time|$upstream_addr|$upstream_bytes_sent|$upstream_bytes_received|$upstream_connect_time';

access_log /www/wwwlogs/tcp-access.log tcp_format;
error_log /www/wwwlogs/tcp-error.log;
include /www/server/panel/vhost/nginx/tcp/*.conf;
}

events
{
      use epoll;
      worker_connections 51200;
      multi_accept on;
}

http
{
      include    mime.types;
#include luawaf.conf;
limit_req_zone $binary_remote_addr zone=DDOS:10m rate=1r/s;
limit_conn_zone $binary_remote_addr zone=DDOS:10m;
include proxy.conf;

      default_type  application/octet-stream;

      server_names_hash_bucket_size 512;
      client_header_buffer_size 32k;
      large_client_header_buffers 4 32k;
      client_max_body_size 50m;

      sendfile on;
      tcp_nopush on;

      keepalive_timeout 60;

      tcp_nodelay on;

      fastcgi_connect_timeout 300;
      fastcgi_send_timeout 300;
      fastcgi_read_timeout 300;
      fastcgi_buffer_size 64k;
      fastcgi_buffers 4 64k;
      fastcgi_busy_buffers_size 128k;
      fastcgi_temp_file_write_size 256k;
fastcgi_intercept_errors on;

      gzip on;
      gzip_min_length 1k;
      gzip_buffers    4 16k;
      gzip_http_version 1.1;
      gzip_comp_level 1;
      gzip_types    text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
      gzip_vary on;
      gzip_proxied expired no-cache no-store private auth;
      gzip_disable "MSIE [1-6]\.";

      limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;

      server_tokens off;
      access_log off;

server
{
      listen 888;
      server_name phpmyadmin;
      index index.html index.htm index.php;
      root  /www/server/phpmyadmin;
         location ~ /tmp/ {
            return 403;
         }
      limit_conn  ADDR  50;
      limit_req zone=ADDR burst=100 nodelay;
      #error_page 404 /404.html;
      include enable-php.conf;

      location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
      {
         expires    30d;
      }

      location ~ .*\.(js|css)?$
      {
         expires    12h;
      }

      location ~ /\.
      {
         deny all;
      }

      access_log  /www/wwwlogs/access.log;
}
include /www/server/panel/vhost/nginx/*.conf;
}

是我加的地方不对吗。报错了。
ERROR:
nginx: [emerg] the shared memory zone "DDOS" is already declared for a different use in /www/server/nginx/conf/nginx.conf:27
nginx: configuration file /www/server/nginx/conf/nginx.conf test failed

ccore · 发表于 2023-12-16 21:05:48

求求好心人指教一下。好心人勾八长三米。

李好坏 · 发表于 2023-12-16 21:16:48

本帖最后由李好坏于 2023-12-16 21:20 编辑

ccore 发表于 2023-12-16 20:56
user www www;
worker_processes auto;
error_log /www/wwwlogs/nginx_error.log crit;

DDOS改成其他名字试试

		自动登录	找回密码
密码			注册

[nginx] 想要使用nginx配置限速，有什么好方法求指教~