This configuration implements finite request quotas. Without changes, each client IP address is limted to 10 requests per minute.
With each response, a header RateLimit is returned that indicates the remaining quota
for that client. The format of this header follows the draft RFC for this field.
https://datatracker.ietf.org/doc/draft-ietf-httpapi-ratelimit-headers/
NGINX JavaScript (njs) is used to manage the quota counter and perform the quota reset.
| limit_req_zone $remote_addr zone=per_ip:1M rate=5r/s sync; # Cluster-aware rate limiting | |
| limit_req_status 429; | |
| keyval_zone zone=sinbin:1M timeout=60 sync; | |
| keyval $remote_addr $sinbin_rate zone=sinbin; | |
| # Frontend | |
| # | |
| server { | |
| listen 80; |
| #!/usr/bin/env bash | |
| # | |
| # oas2nginx.sh (c) NGINX, Inc. [v0.5 13-Jan-2020] Liam Crilly <liam.crilly@nginx.com> | |
| # | |
| # Converts OpenAPI/Swagger spec into nginx.conf snippet (server context) as per | |
| # https://www.nginx.com/blog/deploying-nginx-plus-as-an-api-gateway-part-1/ | |
| # Requires shyaml for YAML processing: https://github.com/0k/shyaml | |
| # Defaults | |
| # |
| # This Dockerfile builds NGINX Unit from source, including njs, and | |
| # by applying any .patch files found in the current directory. The | |
| # latest Docker Official Image is used to select the code branch and | |
| # copies the configure arguments so that the lanauge module in the | |
| # Docker Image is compatible with the new unitd binary. | |
| # | |
| # Build by specifying the tag of the most suitable Docker Official Image | |
| # from <https://hub.docker.com/_/unit/tags> as | |
| # docker build --build-arg TAG=php -t unit:test . | |
| # |
The NGINX Unit control API includes a /status endpoint for usage statistics. This is a solution for exposing these metrics in Prometheus format.
The application (run by Unit) queries the /status URI on the control socket and converts the JSON response into Prometheus text format. PHP and Python implementations are available.
These instructions assume an existing Unit installation with a working configuration. We will add a new listener on the default prometheus port (9090) and route it directly to the Prometheus app.
Step 0. Install the preferred Unit language module (unit-php or unit-python)
| #!/bin/bash | |
| NJS_VER="" | |
| RBT=0 | |
| UNIT_VER="" | |
| SUFFIX=() | |
| PATCH_FILES=() | |
| CONFIGURE_OPTIONS="" | |
| STARTDIR=$PWD | |
| WORKDIR=/tmp/build_unit.$$ |
Moved to GitHub repo https://github.com/lcrilly/unitc
Converts the output of the NGINX stub_status module to Prometheus format so that basic metrics can be scraped from a /metrics endpoint.
The NGINX JavaScript module is used to filter the stub_status response.
$ curl -i http://localhost:8080/metrics