Limiting number of client TLS connections
Maxim Dounin
mdounin at mdounin.ru
Sun Nov 19 00:11:05 UTC 2023
Hello!
On Sat, Nov 18, 2023 at 02:44:20PM +0800, Zero King wrote:
> I want Nginx to limit the rate of new TLS connections and the total (or
> per-worker) number of all client-facing connections, so that under a
> sudden surge of requests, existing connections can get enough share of
> CPU to be served properly, while excessive connections are rejected and
> retried against other servers in the cluster.
>
> I am running Nginx on a managed Kubernetes cluster, so tuning kernel
> parameters or configuring layer 4 firewall is not an option.
>
> To serve existing connections well, worker_connections can not be used,
> because it also affects connections with proxied servers.
>
> Is there a way to implement these measures in Nginx configuration?
No, nginx does not provide a way to limit rate of new connections
and/or total number of established connections. Instead, firewall is
expected to be used for such tasks.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list