Nginx Rate limiting for HTTPS requests

rickGsp nginx-forum at
Mon May 21 05:09:04 UTC 2018

> Rate limiting is a useful but crude tool that should only be one if four
or five different things you do to protect your backend:
> 1 browser caching 
> 2 cDN
> 3 rate limiting
> 4 nginx caching reverse proxy 
> What are your requests? Are they static content or proxied to a back end?
> Do users login?
> Is it valid for dynamic content built for one user to be returned to

I am mainly using it to do reverse proxy to the backend.

>Do you use keepalive?

Here is the cleaned up version of the configuration in use:

# configuration file /etc/nginx/nginx.conf:
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log warn;
pid /var/run/;

events {
  worker_connections 4096 ;

http {
  include /etc/nginx/mime.types;
  default_type application/octet-stream;
  log_format main '$remote_addr - $remote_user [$time_local] "$request" '
  '$status $body_bytes_sent "$http_referer" '
  '"$http_user_agent" "$http_x_forwarded_for"';

  access_log /var/log/nginx/access.log main;
  sendfile on;
  client_header_buffer_size 64k;
  #tcp_nopush on;
  keepalive_timeout 65s;
  #gzip on;
  include /etc/nginx/conf.d/*.conf;

  limit_req_zone $host zone=perhost:10m rate=100r/s;
  limit_req zone=perhost burst=100 nodelay;

  upstream service_lb {

worker_rlimit_nofile 10000;

# configuration file /etc/nginx/conf.d/nginx_ssl.conf:
server {
  listen ssl backlog=1024;
  listen ssl;

  ssl_certificate /etc/nginx/conf.d/nginx.crt;
  ssl_certificate_key /etc/nginx/conf.d/nginx.key;
  ssl_protocols TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_session_cache shared:SSL:1024000;
  ssl_session_timeout 300;
  ssl_verify_client off;

  #charset koi8-r;
  access_log /var/log/nginx/access.log main;

  location /service/ {
    proxy_pass http://service_lb;

Posted at Nginx Forum:,279802,279879#msg-279879

More information about the nginx mailing list