Nginx limiting the redirection

nginxredirection

We use nginx to redirect any http request to https connection, So though the user makes http connection nginx will redirect to https connection.

Here does nginx have any limit that can handle only 'n' re-directions per second. Because our application is accessible by other system and they would make http requests always intentionally. So nginx has to redirect all the http requests to https, but It coulndn't handle many requests at a time.

But If we make https requests, It is able handle many number of requests per second as it doesn't require any redirection. Below is our configuration

server {
    listen   6000;                                          ## listen for ipv4; this line is default and implied
    #listen   [::]:80 default ipv6only=on;                  ## listen for ipv6
    server_name     someDomain.com;

    rewrite        ^ https://$server_name$request_uri? ;

    #root /usr/share/nginx/www;
    index index.html index.htm;
}

Best Answer

You need to use the limit_req directive.

http
{
    limit_req_zone $binary_remote_addr zone=zonename:100m rate=25r/s;
    server
    {
        limit_req zone=zonename burst=5;

$binary_remote_addr limits each IP to 25 requests per second rate=25r/s

You can add nodelay to limit_req to make it respond with a 503 as soon as the limit is hit.

Related Solutions

NGINX – Proxy HTTPS Requests to an HTTP Backend

The type of proxy you are trying to set up is called a reverse proxy. A quick search for reverse proxy nginx got me this page:

http://intranation.com/entries/2008/09/using-nginx-reverse-proxy/

In addition to adding some useful features like an X-Forwarded-For header (which will give your app visibility into the actual source IP), it specifically does:

proxy_redirect off

Good luck! :)

Nginx – Properly setting up a “default” nginx server for https

I managed to configure a shared dedicated hosting on a single IP with nginx. Default HTTP and HTTPS serving a 404 for unknown domains incoming.

1 - Create a default zone

As nginx is loading vhosts in ascii order, you should create a 00-default file/symbolic link into your /etc/nginx/sites-enabled.

2 - Fill the default zone

Fill your 00-default with default vhosts. Here is the zone i am using:

server {
    server_name _;
    listen       80  default_server;
    return       404;
}


server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
    return       404;
}

3 - Create self signed certif, test, and reload

You will need to create a self signed certificate into /etc/nginx/ssl/nginx.crt.

Create a default self signed certificate:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt

Just a reminder:

Test the nginx configuration before reloading/restarting : nginx -t
Reload a enjoy: sudo service nginx reload

Hope it helps.

Best Answer

Related Solutions

NGINX – Proxy HTTPS Requests to an HTTP Backend

Nginx – Properly setting up a “default” nginx server for https

Related Topic