完整例子
[root@racknerd-eae45e ~]# cat /etc/nginx/nginx.conf
user root; worker_processes auto; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; # 限速IP白名单 geo $limit { default 1; 10.0.0.0/8 0; 192.168.0.0/24 0; 172.20.0.35 0; } # 白名单不限速,非白名单按照客户端IP限速 map $limit $limit_key { 0 ""; 1 $binary_remote_addr; } limit_conn_zone $server_name zone=perserver:10m; limit_req_zone $server_name zone=perserverreq:10m rate=10r/m; limit_conn_zone $limit_key zone=perip:10m; limit_req_zone $limit_key zone=two:10m rate=3r/s; limit_req_zone $limit_key zone=one:10m rate=3r/s; include /etc/nginx/conf.d/*.conf; }
子文件
[root@racknerd-eae45e ~]# cat /etc/nginx/conf.d/default.conf
server{ listen 80; server_name chatgpt.daxiangyun.net; index index.php index.html index.htm; # 限制 limit_req zone=one burst=3; # 限制每个网站每秒不超过10个请求,突发不超过10个请求。 limit_req zone=perserverreq burst=10; # 限制每个网站最多接受100个请求 limit_conn perserver 100; # 限制每个IP能够最多建立10个请求 limit_conn perip 10; # 限制每个IP每秒不超过1个请求,突发不超过3个请求。 # limit_req zone=one burst=3 nodelay; location / { proxy_pass http://127.0.0.1:8080; # 转发规则 proxy_set_header Host $proxy_host; # 修改转发请求头,让8080端口的应用可以受到真实的请求 proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
