2

If I limit my nginx worker processes to 1 and allow for 500 connections, what happens if I exceed this limit? Does the server return a 503 Service Unavailable?

Basically, I'm trying to secure my system against DoS and do not expect more than 500 simultaneous connections per second.

Tom O'Connor
  • 27,480
  • 10
  • 73
  • 148
Frank Vilea
  • 561
  • 2
  • 8
  • 16

1 Answers1

6

How many cores your server has ? If you have two cores, i suggest you can set 2 workers and 250 conn. max.

max_clients = worker_processes * worker_connections

And Yes, the 501 connection will receive an error. But be carefull, a browser opens 2 connections by default.

EDIT: One more thing, you can set a max connection limit by IP (10 here) with

## Max conns for one ip
 limit_zone gulag $binary_remote_addr 5m;
 limit_conn gulag 10;

in /etc/nginx/nginx.conf

Adrien P.
  • 789
  • 3
  • 9
  • Thanks Adrien, very helpful. My server only has one core so I set it to 1. I will double the amount of connections then. Is a connection immediately closed after the user has been served the needed content? – Frank Vilea Oct 27 '11 at 13:52
  • Yes of course, a connection is immediately closed after the content has ben served but if the attacker use only a SYN and no ACK (SYN flood attack) with the default timeout of nignx (60s) you can set: client_body_timeout 15; client_header_timeout 15; keepalive_timeout 15; send_timeout 15; In the http{} section. – Adrien P. Oct 27 '11 at 14:11
  • This is a great configuration and exactly what I was looking for. Thanks again Adrien. – Frank Vilea Oct 27 '11 at 14:15