Welcome! Log In Create A New Profile

Re: Nginx Rate limiting for HTTPS requests

Forum List Message List New Topic Print View

rickGsp

May 21, 2018 01:09AM

Registered: 5 years ago
Posts: 8

> Rate limiting is a useful but crude tool that should only be one if four or five different things you do to protect your backend:
>
> 1 browser caching
> 2 cDN
> 3 rate limiting
> 4 nginx caching reverse proxy
>
> What are your requests? Are they static content or proxied to a back end?
> Do users login?
> Is it valid for dynamic content built for one user to be returned to another?

I am mainly using it to do reverse proxy to the backend.

>Do you use keepalive?

Here is the cleaned up version of the configuration in use:

# configuration file /etc/nginx/nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
worker_connections 4096 ;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;
sendfile on;
client_header_buffer_size 64k;
#tcp_nopush on;
keepalive_timeout 65s;
#gzip on;
include /etc/nginx/conf.d/*.conf;

limit_req_zone $host zone=perhost:10m rate=100r/s;
limit_req zone=perhost burst=100 nodelay;

upstream service_lb {
server 127.0.0.1:8020;
server 127.0.0.1:8021;
}
}

worker_rlimit_nofile 10000;

# configuration file /etc/nginx/conf.d/nginx_ssl.conf:
server {
listen 192.168.0.50:443 ssl backlog=1024;
listen 127.0.0.1:443 ssl;

ssl_certificate /etc/nginx/conf.d/nginx.crt;
ssl_certificate_key /etc/nginx/conf.d/nginx.key;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES256:EECDH+AES128:EECDH+AES:kRSA+AESGCM:kRSA+AES:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-GCM-SHA256
:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:!aNULL:!ADH:!eNULL:!EXP:!LOW:!DES:!3DES:!RC4:!MD5:!SEED;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:1024000;
ssl_session_timeout 300;
ssl_verify_client off;

#charset koi8-r;
access_log /var/log/nginx/access.log main;

location /service/ {
proxy_pass http://service_lb;
break;
}
}

Reply Quote

RSS

Subject	Author	Posted
Nginx Rate limiting for HTTPS requests	rickGsp	May 15, 2018 12:20PM
Re: Nginx Rate limiting for HTTPS requests	Maxim Dounin	May 15, 2018 01:58PM
Re: Nginx Rate limiting for HTTPS requests	rickGsp	May 16, 2018 05:00AM
Re: Nginx Rate limiting for HTTPS requests	Maxim Dounin	May 16, 2018 09:28AM
Re: Nginx Rate limiting for HTTPS requests	rickGsp	May 20, 2018 04:24AM
Re: Nginx Rate limiting for HTTPS requests	pbooth	May 20, 2018 02:48PM
Re: Nginx Rate limiting for HTTPS requests	pbooth	May 20, 2018 02:54PM
Re: Nginx Rate limiting for HTTPS requests	rickGsp	May 21, 2018 01:09AM
Re: Nginx Rate limiting for HTTPS requests	Maxim Dounin	May 21, 2018 08:14AM
Re: Nginx Rate limiting for HTTPS requests	rickGsp	May 21, 2018 09:55AM
Re: Nginx Rate limiting for HTTPS requests	Maxim Dounin	May 21, 2018 12:46PM
Re: Nginx Rate limiting for HTTPS requests	rickGsp	May 22, 2018 12:37PM
Re: Nginx Rate limiting for HTTPS requests	Maxim Dounin	May 22, 2018 02:02PM
Re: Nginx Rate limiting for HTTPS requests	rickGsp	May 23, 2018 12:58AM
Re: Nginx Rate limiting for HTTPS requests	Maxim Dounin	May 23, 2018 03:36PM
Re: Nginx Rate limiting for HTTPS requests	rickGsp	May 25, 2018 01:56PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 307

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018