Home>Article>Operation and Maintenance> How to configure nginx ingress speed limit
During the business development process, we have a requirement: the download service provided through filebrowser needs to be speed limited. For example, when users download files through filebrowser, they need to limit the download rate of each user. Extending from this requirement, the download rate for specific users can also be limited.
In order to achieve this business requirement, combined with our current technology stack (k8s nginx ingress), it can be achieved by configuring the corresponding nginx parameters.
Speed limit, as the name suggests, is a speed limit.
The rate here can be:
The frequency of a single user accessing resources within a unit time,
can also be The frequency of a single IP accessing resources within a unit of time.
can also be the transmission rate of a specified connection within a unit of time.
Usually, the latter business scenario exists in download speed limit
The essence of speed limit is to ensure fairness.
In the case of limited bandwidth resources, try to ensure that each user can be reasonably allocated sufficient bandwidth value. It can also serve more users through speed limiting when bandwidth resources are limited.
In addition, speed limiting can also greatly alleviate the impact of distributed denial-of-service attacks (DDOS).
The speed limit configuration of Nginx ingress can basically be found in the nginx.ingress.kubernetes.io annotation of ingress.
Below, we will interpret the annotations related to speed limit one by one:
##nginx.ingress.kubernetes.io/limit-connections: single The number of concurrent connections that an IP address can have at the same time. If the number of concurrent connections is exceeded, a 503 error is returned.
nginx.ingress.kubernetes.io/limit-rps: Limit the number of requests per second for a single IP (limit request per second). If the limit is exceeded, a 503 error is returned. It should be noted that a 503 error does not occur immediately when the value set by the configuration is exceeded. nginx allows the existence of the number of burst requests within a certain time range (number of burst requests = limit-rps * limit-burst-multiplier ). So when will 503 appear? This starts with the current limiting model of nginx. The current limiting model of nginx is a queue (refer to the queue model of the thread pool). The max number of connections for current limiting = the queue processing capability and the length of the queue, that is, max-connections-per-second = limit-rps limit-rps*limit- burst-multiplier.
nginx.ingress.kubernetes.io/limit-rpm: Same as limit-rps, but limit-rpm has a higher priority than limit-rps, that is When limit-rpm and limit-rps are set at the same time, limit-rpm shall prevail. However, when limit-connections are also set, then limit-connections have the highest priority.
nginx.ingress.kubernetes.io/limit-burst-multiplier: The coefficient of the burst request size, mainly used to define the queue length of the connection, the default is 5
nginx.ingress.kubernetes.io/limit-rate-after: The limit-rate is executed after the amount of traffic is exceeded, the unit is KB
nginx.ingress.kubernetes.io/limit-rate: The rate limit value of a single connection per second, in KB.
nginx.ingress.kubernetes.io/limit-whitelist: Set an IP whitelist. IPs in the whitelist will not be speed limited and support CIDR. , multiple IPs can be separated by commas.
Note
nginx.ingress.kubernetes.io/proxy- buffering: "on"
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: annotations: ... nginx.ingress.kubernetes.io/proxy-buffering: on nginx.ingress.kubernetes.io/limit-rate: 10 # 单位是KB name: xxx namespace: yyy spec: ingressClassName: nginx rules: ...
The above is the detailed content of How to configure nginx ingress speed limit. For more information, please follow other related articles on the PHP Chinese website!