Rate limiting at NGiNX level


#1

If I go to my site on a 2GB droplet and hold down F5, usage spikes to 100% and it’s sad face all around.

Is there a recommended way to implement some kind of rate limiting (nginx?) Or do I just need to set up some caching? Buy more hardware?

Cheers


(Jeff Atwood) #2

I believe @sam said he was implementing some basic nginx rate limiting in the docker template soon.

In general the big load is from anonymous users. Try holding down F5 as an anonymous user, not a logged in user.


(Brendan) #3

I would be interested in more info on this as well. For now I’ve preemptively added the following:

In /etc/nginx/nginx.conf in http {}

limit_req_zone $binary_remote_addr zone=discourse:10m rate=10r/s;

In my vhost in server {}

limit_req zone=discourse burst=20;

This can still cause tons of load, but at least mitigates some of it if someone decides to hold down F5.


#4

Awesome! Where could I add this so it won’t be overwritten when I upgrade?


(Brendan) #5

I’m not sure, honestly. It would have to be added to the docker install as far as I know. I don’t currently use the docker install, so I don’t have any issues with it getting overwritten.

I could create a pull request I suppose, but I think it needs more tweaking to ensure that it doesn’t cause issues under moderate/high traffic situations. I set the rate to 10 requests per second and 20 burst (this is per IP address) so that all the ajax calls would run without issues. Might be able to lower these values to provide more protection and same level of service, but I think @sam or @codinghorror would probably know what those values should be better than I would.


#6

I wonder if I could just add my own template and call that from my app.yml - I’ll give it a shot later today!


(Jeff Atwood) #7

@sam did we get any basic nginx rate limiting in the container yet? That should definitely be on the list for container improvements and V1.


(Sam Saffron) #8

Not done yet …


(Jeff Atwood) #9

This is done now I believe?