Mercurial > hg > nginx-site

view xml/en/docs/stream/ngx_stream_limit_conn_module.xml @ 3011:55d49eb065ac

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Fixed example in the js_periodic directive.
author Yaroslav Zhuravlev <yar@nginx.com>
date Thu, 14 Sep 2023 16:38:00 +0100
parents eeed494bba51
children 9eadb98ec770
line wrap: on
line source

<?xml version="1.0"?>

<!--
  Copyright (C) Igor Sysoev
  Copyright (C) Nginx, Inc.
  -->

<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

<module name="Module ngx_stream_limit_conn_module"
        link="/en/docs/stream/ngx_stream_limit_conn_module.html"
        lang="en"
        rev="7">

<section id="summary">

<para>
The <literal>ngx_stream_limit_conn_module</literal> module (1.9.3) is used to
limit the number of connections per the defined key, in
particular, the number of connections from a single IP address.
</para>

</section>


<section id="example" name="Example Configuration">

<para>
<example>
stream {
    limit_conn_zone $binary_remote_addr zone=addr:10m;

    ...

    server {

        ...

        limit_conn           addr 1;
        limit_conn_log_level error;
    }
}
</example>
</para>

</section>


<section id="directives" name="Directives">

<directive name="limit_conn">
<syntax><value>zone</value> <value>number</value></syntax>
<default/>
<context>stream</context>
<context>server</context>

<para>
Sets the shared memory zone
and the maximum allowed number of connections for a given key value.
When this limit is exceeded, the server will close the connection.
For example, the directives
<example>
limit_conn_zone $binary_remote_addr zone=addr:10m;

server {
    ...
    limit_conn addr 1;
}
</example>
allow only one connection per an IP address at a time.
</para>

<para>
When several <literal>limit_conn</literal> directives are specified,
any configured limit will apply.
</para>

<para>
These directives are inherited from the previous configuration level
if and only if there are no <literal>limit_conn</literal> directives
defined on the current level.
</para>

</directive>


<directive name="limit_conn_dry_run">
<syntax><literal>on</literal> | <literal>off</literal></syntax>
<default>off</default>
<context>stream</context>
<context>server</context>
<appeared-in>1.17.6</appeared-in>

<para>
Enables the dry run mode.
In this mode, the number of connections is not limited, however,
in the shared memory zone, the number of excessive connections is accounted
as usual.
</para>

</directive>


<directive name="limit_conn_log_level">
<syntax>
<literal>info</literal> |
<literal>notice</literal> |
<literal>warn</literal> |
<literal>error</literal></syntax>
<default>error</default>
<context>stream</context>
<context>server</context>

<para>
Sets the desired logging level for cases when the server
limits the number of connections.
</para>

</directive>


<directive name="limit_conn_zone">
<syntax>
    <value>key</value>
    <literal>zone</literal>=<value>name</value>:<value>size</value></syntax>
<default/>
<context>stream</context>

<para>
Sets parameters for a shared memory zone
that will keep states for various keys.
In particular, the state includes the current number of connections.
The <value>key</value> can contain text, variables,
and their combinations (1.11.2).
Connections with an empty key value are not accounted.
Usage example:
<example>
limit_conn_zone $binary_remote_addr zone=addr:10m;
</example>
Here, the key is a client IP address set by the
<literal>$binary_remote_addr</literal> variable.
The size of <literal>$binary_remote_addr</literal>
is 4 bytes for IPv4 addresses or 16 bytes for IPv6 addresses.
The stored state always occupies 32 or 64 bytes
on 32-bit platforms and 64 bytes on 64-bit platforms.
One megabyte zone can keep about 32 thousand 32-byte states
or about 16 thousand 64-byte states.
If the zone storage is exhausted, the server will close the connection.
</para>

<para>
<note>
Additionally, as part of our
<commercial_version>commercial subscription</commercial_version>,
the
<link doc="../http/ngx_http_api_module.xml" id="stream_limit_conns_">status information</link>
for each such shared memory zone can be
<link doc="../http/ngx_http_api_module.xml" id="getStreamLimitConnZone">obtained</link> or
<link doc="../http/ngx_http_api_module.xml" id="deleteStreamLimitConnZoneStat">reset</link>
with the <link doc="../http/ngx_http_api_module.xml">API</link> since 1.17.7.
</note>
</para>

</directive>

</section>


<section id="variables" name="Embedded Variables">

<para>
<list type="tag">

<tag-name id="var_limit_conn_status"><var>$limit_conn_status</var></tag-name>
<tag-desc>
keeps the result of limiting the number of connections (1.17.6):
<literal>PASSED</literal>,
<literal>REJECTED</literal>, or
<literal>REJECTED_DRY_RUN</literal>
</tag-desc>

</list>
</para>

</section>

</module>