Nginx限流分析

稀样2026-03-14 14:40

1、未限流

10.46.20.185 部署http的nginx下载服务

server {

listen 8443;

root /opt/data;

index index.html;

access_log /var/log/nginx/limit-conn.log;

error_log /var/log/nginx/limit-conn_error.log;

}

10.46.20.186 使用wget下载

wget http://10.46.20.185:8443/apache-jmeter-3.1-0430.tar

下载速率大约是113MB/s

2、限流

加入限流配置,limit_rate只是针对每个连接生效,如果有多个连接同时下载,整个带宽的流量还是可以比较大的。

server {

listen 8443;

root /opt/data;

index index.html;

access_log /var/log/nginx/limit-conn.log;

error_log /var/log/nginx/limit-conn_error.log;

limit_rate 500k;

}

3、并发数 + 限流

1)限制服务端的并发连接数

假设网络带宽为100M,预留80M为下载,20M为业务请求。

预留每个连接2M下载带宽,80M总流量,并发请求数大约是40req/s,nginx的配置如下

limit_conn_zone $server_name zone=perserver:10m;

server {

limit_rate 2m;

limit_conn perserver 40;

测试命令:

ab -n 100 -c 100 http://10.46.20.185:8443/zxhnhs562_hv10_fv1001b10000_firmware.bin

测试结果

root@k8s-04:/opt/shcp/xwq/login_proxy-master-52aa3fffd02d717f5637357cc7b96c61d49aed99# ab -n 100 -c 100 http://10.46.20.185:8443/zxhnhs562_hv10_fv1001b10000_firmware.bin

This is ApacheBench, Version 2.3 <Revision: 1807734 >

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.46.20.185 (be patient).....done

Server Software: nginx

Server Hostname: 10.46.20.185

Server Port: 8443

Document Path: /zxhnhs562_hv10_fv1001b10000_firmware.bin

Document Length: 8446524 bytes

Concurrency Level: 100

Time taken for tests: 8.666 seconds

Complete requests: 100

Failed requests: 0

Total transferred: 844677200 bytes

HTML transferred: 844652400 bytes

Requests per second: 11.54 [#/sec] (mean)

Time per request: 8666.274 [ms] (mean)

Time per request: 86.663 [ms] (mean, across all concurrent requests)

Transfer rate: 95182.78 [Kbytes/sec] received

root@k8s-03:/opt/data# netstat -anp|grep 8443|grep ESTABLISHED|wc -l

100

速率大于80M了,而且服务器同时存在的连接数100,并发连接数就是100,没有限制到配置的40

难道没有效果?还是配置错误了,理解不对?

分析:由于server_name是从HTTP协议中提取,所以TCP请求已经过了,换一下思路经server_port作为key,这样就可以在tcp层面限制住,修改配置如下

limit_conn_zone $server_port zone=perserver:10m;

server {

limit_rate 2m;

limit_conn perserver 40;

root@k8s-04:/opt/shcp/xwq/login_proxy-master-52aa3fffd02d717f5637357cc7b96c61d49aed99# ab -n 100 -c 100 http://10.46.20.185:8443/zxhnhs562_hv10_fv1001b10000_firmware.bin

This is ApacheBench, Version 2.3 <Revision: 1807734 >

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.46.20.185 (be patient).....done

Server Software: nginx

Server Hostname: 10.46.20.185

Server Port: 8443

Document Path: /zxhnhs562_hv10_fv1001b10000_firmware.bin

Document Length: 206 bytes

Concurrency Level: 100

Time taken for tests: 4.037 seconds

Complete requests: 100

Failed requests: 40

(Connect: 0, Receive: 0, Length: 40, Exceptions: 0)

Non-2xx responses: 60

Total transferred: 337893140 bytes

HTML transferred: 337873320 bytes

Requests per second: 24.77 [#/sec] (mean)

Time per request: 4036.981 [ms] (mean)

Time per request: 40.370 [ms] (mean, across all concurrent requests)

Transfer rate: 81737.76 [Kbytes/sec] received 大约80M左右

将limiti_rate 设为1m,看看总流量能否在40m左右

2) 通过限制每个IP的连接数为10个

limit_conn_zone $binary_remote_addr zone=perip:10m;

server {

...

limit_conn perip 10;

}

ab测试可以看到,速率是5140.63 Kbytes/sec 约等于 500K * 10,针对IP的限速是比较精准的。

root@k8s-04:/opt/shcp/xwq/login_proxy-master-52aa3fffd02d717f5637357cc7b96c61d49aed99# ab -n 100 -c 100 http://10.46.20.185:8443/zxhnhs562_hv10_fv1001b10000_firmware.bin

This is ApacheBench, Version 2.3 <Revision: 1807734 >

Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/

Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 10.46.20.185 (be patient).....done

Server Software: nginx

Server Hostname: 10.46.20.185

Server Port: 8443

Document Path: /zxhnhs562_hv10_fv1001b10000_firmware.bin

Document Length: 206 bytes

Concurrency Level: 100

Time taken for tests: 16.053 seconds

Complete requests: 100

Failed requests: 10

(Connect: 0, Receive: 0, Length: 10, Exceptions: 0)

Non-2xx responses: 90

Total transferred: 84501110 bytes

HTML transferred: 84483780 bytes

Requests per second: 6.23 [#/sec] (mean)

Time per request: 16052.636 [ms] (mean)

Time per request: 160.526 [ms] (mean, across all concurrent requests)

Transfer rate: 5140.63 [Kbytes/sec] received

相关推荐
01传说15 小时前
nginx部署教程实战
运维·nginx
吹晚风吧18 小时前
解决vite打包,base配置前缀,nginx的dist包找不到资源
服务器·前端·nginx
chxii21 小时前
Nginx 正则 location 指令匹配客户端请求的 URI
前端·nginx
橙露1 天前
Nginx 反向代理与负载均衡:配置详解与高可用方案
运维·nginx·负载均衡
gfdhy1 天前
【Linux服务器】基础服务实战部署|Nginx+MySQL+PHP+WordPress,让服务器真正可用
linux·服务器·mysql·nginx·php·毕设
geNE GENT1 天前
Nginx WebSocket 长连接及数据容量配置
运维·websocket·nginx
小百菜2 天前
Keepalived + Nginx 实现高可用
nginx·keepalived
驾驭人生2 天前
ASP.NET Core 实现 SSE 服务器推送|生产级实战教程(含跨域 / Nginx / 前端完整代码)
服务器·前端·nginx
Linux运维技术栈2 天前
生产环境Certbot泛域名证书全自动续期完整配置指南(Cloudflare DNS验证)
nginx·证书·ssl
SeSs IZED2 天前
【Nginx 】Nginx 部署前端 vue 项目
前端·vue.js·nginx
热门推荐
01GitHub 镜像站点02Qwen3.5-Omni与Qwen3.6模型全面解析(含测评/案例/使用教程)032026年3月AI领域大事件:DeepSeek引领开源风暴04Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services05黄金未来走势预测06Mac 本地部署 OMLX + 通义千问 Qwen3.5-27B 保姆级教程07纯 HTML/CSS/JS 实现的高颜值登录页,还会眨眼睛!少女心爆棚!08UV安装并设置国内源09AI 编程效率翻倍:Superpowers Skills 上手清单 + 完整指南10VMware Workstation Pro 17 虚拟机完整安装教程(2026最新)