# # Various Nginx Server Run-Time Limits # # # Buffer Limits # # Buffer size for reading client request header, # before the large_client_header_buffers is used. # Default 1k #client_header_buffer_size 1k; # Maximum number and size allowed large client request headers, # before a 414 (Request-URI Too Large) error is returned to the client. #large_client_header_buffers 4 8k; # 32k total size # Buffer size for reading client request bodies without saving to disk. # Default: 16k client_body_buffer_size 32k; # Maximum allowed size of the client request body, # before a 413 (Request Entity Too Large) error is returned to the client. # Default: 1m #client_max_body_size 1m; # Sets the maximum size of chunks into which the response body is sliced. A too # low value results in higher overhead. A too high value impairs prioritization # due to HOL blocking (http://en.wikipedia.org/wiki/Head-of-line_blocking). # Default: 8k #http2_chunk_size 8k; # Sets the size of the per worker input buffer. # Default: 256k #http2_recv_buffer_size 256k; # # Timeouts # # Maximum time between packets the client can pause when sending nginx any data # Default: 60s client_body_timeout 4s; # Maximum time the client has to send the entire header to nginx # Default: 60s client_header_timeout 4s; # Timeout which a single keep-alive client connection will stay open. # Set this to the same as set 'ssl_session_timeout' to reduce the number of # needed TLS handshakes. Second number sets what is sent to clients. # Default: 75s keepalive_timeout 1d 1d; # Timeout for sending response to clients, before the connection is closed. # Default: 60s send_timeout 24s; # Sets the timeout of inactivity after which the connection is closed. # Default: 3m; #http2_idle_timeout 3m; # Sets the timeout for expecting more data from the client, after which the # connection is closed. # Default: 30s #http2_recv_timeout 30s; # # Request Rate Limits # # Limit the rate of requests an IP can make over a certain time. # Returns 503 (Service Temporarily Unavailable) error if clients sends to many # requests too quickly. # Default: none limit_req_zone $binary_remote_addr zone=ip_req:10m rate=1000r/s; limit_req_zone $server_name zone=server_req:10m rate=1000r/s; # Sets the status code to return in response to rejected requests. # Default: 503 limit_req_status 429; # Enforce limit_req zone=ip_req burst=50 nodelay; limit_req zone=server_req burst=100; # # Response Rate Limits # # Rate of response transmission to a client in bytes per second (per request). # Default: 0 (unlimited) #limit_rate 0; # Initial amount of data sent at an unlimited rate, before response rate # limiting starts. # Default: 0 (unlimited) #limit_rate_after 0; # # Connection Limits # # Define zone for storing session states. Handles 16,000 sessions per MB # Returns 503 (Service Temporarily Unavailable) error if storage is exhausted. limit_conn_zone $binary_remote_addr zone=ip_conn:10m; # Max. number of simultaneous connections per session (IP address) limit_conn ip_conn 512; # Logging level used for connection-limits ( info | notice | warn | error). # Default: Error; #limit_conn_log_level Error; # Sets the status code to return in response to rejected requests. # Default: 503 (Service Unavailable); limit_conn_status 429; # (429 Too Many Requests) # Max. requests through one keep-alive connection before it will be closed. # Default: 100 #keepalive_requests 50; # Allow a single range header for resumed downloads only. # Stops large range header DoS attacks # Default: unlimited #max_ranges 1; # Enables or disables adding comments to responses for MSIE clients with status # greater than 400 to increase the response size to 512 bytes. # Default: on #msie_padding off; # Sets the maximum number of concurrent HTTP/2 streams in a connection. # Default: 128 #http2_max_concurrent_streams 128;