最近网站刷新后经常出现503 Service Temporarily Unavailable错误,有时有可以,联想到最近在nginx.conf里做了单ip访问次数限制,(limit_req_zone $binary_remote_addr zone=allips:20m rate=20r/s;) 把这个数量放大后在刷新发现问题解决。(还顺便把这个改大了 limit_req zone=allips burst=50 nodelay; )为了证实该问题,反复改动该数量测试发现问题确实在这。这个数量设得太小有问题,通过fiddler发现web页面刷新一下,因为页面上引用的js,css,图片都算一个连接。所以单个页面刷新下就有可能刷爆这个限制,超过这个限制就会提示503 Service Temporarily Unavailable。

  通过修改 Nginx 的配置文件 nginx.conf 实现:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
#user nobody;
worker_processes 1;
#worker_rlimit_nofile 100000;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

##cache##
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_temp_path /home/temp_dir;
proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;
##end##
#limit per ip per second access times 10
limit_req_zone $binary_remote_addr zone=allips:20m rate=20r/s;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;
upstream myweb80{
ip_hash;
server 192.168.3.105:80;
server 192.168.3.103:80;
}

upstream myweb8080{
ip_hash;
server 192.168.3.222:10080;
#server 192.168.3.103:8080;
}
upstream myweb10086{
ip_hash;
server 192.168.3.102:10086;
server 192.168.3.108:10086;
}
upstream myweb443{
ip_hash;
server 192.168.3.105:443;
server 192.168.3.103:443;
}

# another virtual host using mix of IP-, name-, and port-based configuration
#
server {
listen 80;
allow 218.17.158.2;
allow 127.0.0.0/24;
allow 192.168.0.0/16;
allow 58.251.130.1;
allow 183.239.167.3;
allow 61.145.164.1;
deny all;
server_name myweb.com;
location / {
proxy_pass http://myweb80;
proxy_set_header X-Real-IP $remote_addr;
limit_req zone=allips burst=50 nodelay;
}
}

server {
listen 8080;
allow 218.17.158.2;
allow 127.0.0.0/24;
allow 192.168.0.0/16;
allow 58.251.130.1;
allow 183.239.167.3;
allow 61.145.164.1;
deny all;
location / {
proxy_pass http://myweb8080;
proxy_set_header X-Real-IP $remote_addr;
limit_req zone=allips burst=50 nodelay;
}
}

# HTTPS server
#
server {
listen 10086 ssl;
server_name localhost;
allow 218.17.158.2;
allow 127.0.0.0/24;
allow 192.168.0.0/16;
allow 58.251.130.1;
allow 183.239.167.3;
allow 61.145.164.1;
#deny all;
ssl_certificate ssl/1_www.myweb.com_bundle.crt;
ssl_certificate_key ssl/2_www.myweb.com.key;

# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;

# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;

location / {
proxy_pass https:// myweb10086;
#roft html;
#index index.html index.htm;
}
}

服务器{
listen 443 ssl;
server_name localhost;

ssl_certificate ssl / 1_www.myweb.com_bundle.crt;
ssl_certificate_key ssl / 2_www.myweb.com.key;

#ssl_session_cache共享:SSL:1m;
#ssl_session_timeout 5m;

#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;

location / {
proxy_pass https:// myweb443;
#roft html;
#roft html;
#index index.html index.htm;
}
}
}