limit_conn_zone $binary_remote_addr zone=addr:10m;#shared memory size: 10m
limit_conn_zone $binary_remote_addr zone=addr:10m;#shared memory size 10m server { ... limit_conn addr 1;#allow only one connection per an IP address at a time. }
但要記住的是,html
In HTTP/2 and SPDY, each concurrent request is considered a separate connection.
limit_req_zone:它是基於漏桶(Leaky Bucket)算法實現的,node
http { limit_req_zone $binary_remote_addr zone=one:10m rate=10r/m; ... server { ... location /search/ { limit_req zone=one burst=5 nodelay; }
limit_req:來不及處理的請求被延遲執行,直到它們的數量超過burst(漏桶的最大容量,默認爲0),即溢出(Nginx將拒絕該請求);在上例中,nodelay表示在記時一分鐘內,即便請求未溢出,只要是超出了10個後也直接拒絕。nginx
location /download { limit_rate_after 10m; limit_rate 128k; }
events { accept_mutex on;#worker processes will accept new connections by turn. }
--with-threads
配置參數編譯。Syntax: thread_pool name threads=number [max_queue=number]; Default: thread_pool default threads=32 max_queue=65536; Context: main This directive appeared in version 1.7.11.
http { thread_pool one threads=128 max_queue=0; thread_pool two threads=32; server { location /one { aio threads=one; } location /two { aio threads=two; } } … }
Syntax: aio on | off | threads[=pool]; Default: aio off; Context: http, server, location
keepalive: 在每個worker進程的cache中建立一個到upstream的空閒keepalive鏈接池。若是keepalive池中的鏈接用完,Nginx依然能夠向upstream發出更多的新鏈接,鏈接池只是起到緩存空閒keepalive鏈接的做用。It should be particularly noted that the keepalive directive does not limit the total number of connections to upstream servers that an nginx worker process can open. The connections parameter should be set to a number small enough to let upstream servers process new incoming connections as well.算法
upstream fastcgi_backend { server 127.0.0.1:9000; keepalive 8;#鏈接池最大容量8。When this number is exceeded, the least recently used connections are closed. } server { ... location /fastcgi/ { fastcgi_pass fastcgi_backend; fastcgi_keep_conn on; ... } }
若是正常流量並不高,某些參數設置無需太高;不然,一旦遭遇DDOS攻擊,將有可能致使服務器癱瘓。shell