nginx 配置请求频率限制

user  nginx nginx;

worker_processes auto;

error_log  /home/wwwlogs/nginx_error.log  error;

pid        /usr/local/nginx/logs/nginx.pid;

#Specifies the value for maximum file descriptors that can be opened by this process. worker_rlimit_nofile 51200;

events     {         use epoll;         worker_connections 51200;         multi_accept on;     }

http     {         include       mime.types;         default_type  application/octet-stream;

        log_format  main  '$time_local"$request"$request_time"$upstream_response_time"$remote_addr"$http_host"$body_bytes_sent"$status"$http_referer';

        server_names_hash_bucket_size 128;         client_header_buffer_size 32k;         large_client_header_buffers 4 32k;         client_max_body_size 200m;

        sendfile   on;         tcp_nopush on;

        #keepalive_timeout 60;

        tcp_nodelay on;

        fastcgi_connect_timeout 300;         fastcgi_send_timeout 300;         fastcgi_read_timeout 300;         fastcgi_buffer_size 64k;         fastcgi_buffers 256 128k;         fastcgi_busy_buffers_size 128k;         fastcgi_temp_file_write_size 256k;

        gzip on;         gzip_min_length  1k;         gzip_buffers     4 16k;         gzip_http_version 1.1;         gzip_comp_level 2;         gzip_types     text/plain application/javascript application/x-javascript text/javascript text/css application/xml application/xml+rss;         gzip_vary on;         gzip_proxied   expired no-cache no-store private auth;         gzip_disable   "MSIE [1-6]\.";

        server_tokens off;         access_log  logs/access.log  main;

       # 定义一个名为one的limit_req_zone用来存储session，大小是10M内存，        # 以$binary_remote_addr 为key,限制平均每秒的请求为1个，        # 1M能存储16000个状态，rete的值必须为整数，

       # limit_req zone=openapi burst=500 nodelay;

       limit_req_zone $binary_remote_addr zone=openapi:100m rate=5r/s;

     server {         listen       80;         server_name  localhost;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {             root   html;             index  index.html index.htm;         }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html         #         error_page   500 502 503 504  /50x.html;         location = /50x.html {             root   html;         }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80         #         #location ~ \.php$ {         #    proxy_pass   http://127.0.0.1;         #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000         #         #location ~ \.php$ {         #    root           html;         #    fastcgi_pass   127.0.0.1:9000;         #    fastcgi_index  index.php;         #    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;         #    include        fastcgi_params;         #}

        # deny access to .htaccess files, if Apache's document root         # concurs with nginx's one         #         #location ~ /\.ht {         #    deny  all;         #}     }

    # HTTPS server     #     server {         listen       443 ssl;         server_name  localhost;

        ssl_certificate   /usr/local/nginx/conf/key/SSL.crt;     ssl_certificate_key  /usr/local/nginx/conf/key/SSL.key;     ssl_session_timeout 5m;     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;     ssl_prefer_server_ciphers on;

        location / {             root   html;             index  index.html index.htm;         }     }

include vhost/*.conf; }

 

server {    listen       80;    listen       443 ssl;     ssl_certificate   /usr/local/nginx/conf/key/SSL.crt;     ssl_certificate_key  /usr/local/nginx/conf/key/SSL.key;     ssl_session_timeout 5m;     ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;     ssl_protocols TLSv1 TLSv1.1 TLSv1.2;     ssl_prefer_server_ciphers on;

    server_name  test-openapi.ship56.net;

    #charset koi8-r;

        location / {             root   /home/web/testopenapi/Web;             index  index.php index.html index.htm;             if (-f $request_filename) {                 expires 30d;                 break;             }

            if (!-e $request_filename) {                 rewrite ^/car/(.*)$  /car.php?s=$1  last;                 rewrite ^/tax/(.*)$  /tax.php?s=$1  last;                 rewrite ^/ship/(.*)$  /ship.php?s=$1  last;                 rewrite ^/doc(.*)$  /doc.php?s=$1  last;             }

        }

        location ~^(.*)\/\.svn\/         {                 deny all;         }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html         #         error_page   500 502 503 504  /503.json;         location = /503.json {             root   html;         }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000         #         location ~ \.php$ {

           limit_req zone=openapi burst=500 nodelay;

            root           /home/web/testopenapi/Web;             expires off;             fastcgi_pass   127.0.0.1:9000;             fastcgi_index  index.php;             fastcgi_param SCRIPT_NAME $fastcgi_script_name;             fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;             fastcgi_param     RUNTIME_ENVIROMENT 'TEST';             fastcgi_param     WURUN_USER_REAL_IP $remote_addr;             include        fastcgi_params;

        }

        # deny access to .htaccess files, if Apache's document root         # concurs with nginx's one         #         #location ~ /\.ht {         #    deny  all;         #}

}