Add rate limiting to nginx.

The only caveat is that "One megabyte zone can keep about 16 thousand 64-byte states. If the zone storage is exhausted, the server will return the 503 (Service Temporarily Unavailable) error to all further requests." -- nginx documentation
2015-01-13 15:59:04 -05:00 · 2015-01-13 15:59:04 -05:00 · 6cbd4ee4fe
commit 6cbd4ee4fe
parent 53e9e514d5
3 changed files with 14 additions and 0 deletions
--- a/conf/nginx-nossl.conf
+++ b/conf/nginx-nossl.conf
@ -5,6 +5,8 @@ include root-base.conf;
 http {
    include http-base.conf;

+    include rate-limiting.conf;
+
    server {
        include server-base.conf;

--- a/conf/rate-limiting.conf
+++ b/conf/rate-limiting.conf
@ -0,0 +1,6 @@
+# vim: ft=nginx
+
+limit_req_zone $binary_remote_addr zone=webapp:10m rate=10r/s;
+limit_req_zone $binary_remote_addr zone=api:10m rate=1r/s;
+limit_req_status 429;
+limit_req_log_level warn;
--- a/conf/server-base.conf
+++ b/conf/server-base.conf
@ -21,6 +21,8 @@ proxy_set_header Transfer-Encoding $http_transfer_encoding;

 location / {
    proxy_pass   http://web_app_server;
+
+    limit_req zone=webapp burst=10 nodelay;
 }

 location /realtime {
@ -39,6 +41,8 @@ location /v1/ {
    proxy_temp_path /var/log/nginx/proxy_temp 1 2;

    client_max_body_size 20G;
+
+    limit_req zone=api burst=5 nodelay;
 }

 location /c1/ {
@ -49,6 +53,8 @@ location /c1/ {
    proxy_pass   http://verbs_app_server;
    proxy_read_timeout 2000;
    proxy_temp_path /var/log/nginx/proxy_temp 1 2;
+
+    limit_req zone=api burst=5 nodelay;
 }

 location /static/ {