typical value(s) for stream/limit_conn
francis at daoine.org
Tue Sep 20 20:27:40 UTC 2016
On Mon, Sep 19, 2016 at 09:53:38AM -0400, itpp2012 wrote:
> Plenty of guidelines for http limit_conn but hardly any for stream, what
> would be a typical value in which cases?
> Has anyone done some log/connection analysis to determine what would be
> typical use?
"stream" is "arbitrary tcp connections". There is no "typical", I think.
If you are using "stream" to handle things that are typically one
long-lasting tcp connection, such as ssh-for-terminal, then you'll
probably be ok with a small number (unless you have multiple clients
appearing as the same "key" (often IP address).
If you are using "stream" to handle things that are typically many
overlapping short-lasting tcp connections (simple cgi mysql clients,
perhaps), then you'll probably want a bigger number.
But a number that is right in your environment for port 389 may be
completely wrong for port 37, for example.
If you are trying to limit based on avoid-abuse, you will need to assess
what is "normal" in your case, and define something else as "too much".
If you are trying to limit based on avoid-overload, you will need to
assess what your backends can handle, and set the limit near that.
(In the latter case, you would presumably not limit based on
$binary_remote_addr, but on something static to limit the total number
of connections, I guess.)
> Atm. I'd say '5', but this is more a feeling then science.
5 could work.
5 per $remote_port might be too many.
This is very much "it depends".
Francis Daly francis at daoine.org
More information about the nginx