"Correct" speed limit in nginx. Myth or reality?

For many years, Nginx users have been tormented by the same question: “How can I limit the overall speed for an IP address regardless of the number of sessions (connections)? Why is Nginx not able to? Why the Nginx developers so stubbornly don’t want to implement this simple functional? ”And they don’t have anything to say to me, what the Nginx developers are thinking about - it’s not clear and it’s known only to God

You can fight this in different ways, someone uses scripts like htb.init , someone writes shaping scripts on their own and shares successful experiences on Habré , and some use PHP to limit the speed of uploading files. Just imagine what the overhead projector and memory consumption will be when using PHP for such purposes.

At the moment, Nginx does not know how to limit the speed for IP and only does this during individual sessions. What does this mean? If the administrator has set a speed limit of 100 KB / s in the config, then by creating 10 connections to the server, you can get a speed of 1 MB / s, which does not fit into the administrator's plans. To achieve the desired means of Nginx itself can only set a limit, for example
')

http { limit_conn_zone $binary_remote_addr zone=perip:10m; server { location /download/ { limit_conn perip 1; } } } 

which will not allow you to create more than 1 connection from a single IP address. However, in practice, using such a restriction on the server makes little sense, because thousands of users can hide behind one IP address, and if the network connection is unstable, the user runs the risk of not getting access to the file.

But, as it turned out, not everything is so gloomy and there is a way out of the situation. This is a simple little yaoweibin module called nginx_limit_speed_module . Let's take a look at how this module works:

 http { limit_speed_zone one $binary_remote_addr 10m; server { location /download/ { limit_speed one 100k; } } } 

The limit_speed directive sets the total speed for all connections from the same IP address. For example, if a speed limit of 100 Kb / s is set, and the user downloads a file into 10 streams, the download speed for each individual stream will be 10 Kb / sec (100k / 10). Notice, this is without any dancing with shaping in Linux and no perversions using PHP. Convenient, simple and clear. In my opinion, this is exactly how it should be, but for some reason this port is still not in Nginx “out of the box” for which I would like to throw a big such pebble into the Nginx garden.

To build Nginx with this great module, just add the following entry to the ./configure parameters:

--add-module=/ /nginx_limit_speed_module

For example:

./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-file-aio --with-ipv6 --with-http_spdy_module --add-module=/root/nginx_limit_speed_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic'

I will not dwell on building Nginx in detail; quite a few articles have already been written on this topic. As a brief guide to the assembly, you can use this instruction .

The module page on GitHub: https://github.com/yaoweibin/nginx_limit_speed_module