Blocking tens of thousands of IP's
Jonathan Vanasco
nginx at 2xlp.com
Tue Nov 8 18:28:20 UTC 2016
On Nov 4, 2016, at 5:43 AM, mex wrote:
> we do a similar thing but keep a counter within nginx (lua_shared_dict FTW)
> and export this stuff via /badass - location.
>
> although its not realtime we have a delay of 5 sec which is enough for us
We have a somewhat similar setup under openresty/nginx, but for some different purposes -- I imagine it would transition nicely to this though.
We use lua_shared_dict as a read-through cache on each nginx node, with lookups failing over to a central Redis server on the LAN. A small python app manages the Redis server, and each nginx server has an internal api (LAN only access, written in lua) that can flush, prime, or add/delete items to the shared dict as needed. the python app runs on-demand, and also at intervals to reformat internal data for Redis and nginx.
this may sound like a lot, but it only took a few hours to get it working and it was much easier to have Redis+Python broker the information between nginx and internal systems than to have them talk directly to one another.
More information about the nginx
mailing list