exception for NGINX limit_req_zone

Francis Daly francis at daoine.org
Tue Jul 24 21:08:26 UTC 2012 

On Tue, Jul 24, 2012 at 09:25:29AM +0800, fhal wrote:

Hi there,

> Thanks very much for your kindly help.
> I testes the configuration as following steps:

Thanks for the description.

I am not able to reproduce your failure case.

When I use "siege -c 100 -t 10" against /forum.php, I rapidly start
seeing HTTP 503 messages. When I use it against /forum.php?mod=image,
I see only HTTP 200 messages, until I start seeing HTTP 502 -- which is
because my php fastcgi service has died.

I then test against /env.php, and I see about the same number of HTTP
200 messages before they revert to HTTP 502 after the php service dies.

"siege" is not the same as "webbench", but it was trivially available
on my test system, and it seems to do approximately the same thing.

Since you have a test case which reliably shows failure, can I suggest
you make some quick changes and repeat the test, in order to see at what
point things change from "failure" to "success"? That will hopefully
provide information that may point at the fix.

First: you are testing /forum.php. What happens if you test /mytest.php --
ideally, the php script should do roughly the same as /forum.php. Possibly
just copying forum.php to mytest.php will work. Your config puts no limits
on /mytest.php. Does it show any failures, or does it run perfectly?

Next: you are testing with two different limits. What happens if
you comment the limit_conn directive are restart nginx? Then instead
comment the limit_req directive? Can you see that it fails only when both
directives are active, or when either directive is active, or whenever
one particular directive is active?

Next: can the problem be due to the work done by the php script? (This
one strikes me as unlikely.) Replace the contents of forum.php with
just the single word "forum". Repeat the "unlimited" test. Does it
fail differently?

If that doesn't help find a configuration which doesn't fail: what
happens if you use "-c 10" instead of "-c 10000"? How about "-c 100"?

And finally, for testing: change the limit to be (say) 1r/m, and manually
make the requests. Does it fail for you now? If a mod=image request shows
a HTTP 503 within the first 10 requests, you now have a much more easily
reproducible test case.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

More information about the nginx mailing list