Detail the Nginx server configuration of the Sysguard module to prevent high load

As an HTTP server, nginx has the following basic features:

Handle static files, indexing files and automatic indexing; Open the file descriptor buffer.

Cache-free reverse proxy acceleration, simple load balancing and fault tolerance.

FastCGI, simple load balancing and fault tolerance.

Modular structure. gzipping, byte ranges, chunked responses, SSI-filter and filter. If multiple SSI on a single page are processed by FastCGI or another proxy server, the processing can be run in parallel without waiting on each other.

Nginx was developed specifically for performance optimization. Performance is the most important consideration, and the implementation is very efficient. It supports the kernel ePoll model, withstands high loads, and has been reported to support up to 50,000 concurrent connections.

Nginx has high stability. Other HTTP servers, when they encounter a peak of access, or when someone maliciously initiates a slow connection, are also likely to cause the server to run out of physical memory and exchange frequently, lose the response, and have to restart the server. For example, when apache1 currently runs to more than 200 processes, web's response speed is obviously very slow. Nginx USES a staged resource allocation technique, which makes its CPU and memory footprint very low. nginx officially maintains 10,000 inactive connections, which only account for 2.5M memory, so an attack like DOS is essentially useless for nginx. In terms of stability,nginx is better than lighthttpd.

However, if nginx is attacked or the traffic suddenly increases, nginx will also cause the server to go down due to high load or insufficient memory, resulting in the site being inaccessible. Today's solution comes from the module nginx-http-sysguard developed by taobao. It is mainly used to perform the corresponding actions when the load and memory reach the threshold of 1, such as directly returning to 503,504 or other. 1 until the memory or load returns to the threshold range and the site is available again. Simply put, these modules allow nginx to have a buffer time, slowly.
1. Install the nginx sysguard module
1.1 download files

# wget http://nginx.org/download/nginx-1.4.2.tar.gz
# wget https://github.com/alibaba/nginx-http-sysguard/archive/master.zip \
-O nginx-http-sysguard-master.zip
# unzip nginx-http-sysguard-master.zip
# tar -xzvf nginx-1.4.2.tar.gz

1.2 patch sysgrard
There is no patch corresponding to nginx-1.4.2 found here, only 1.2.9 and 1.3.9. Just try 1.3.9, it should be similar.

# cd nginx-1.4.2
# patch -p1 < ../nginx-http-sysguard-master/nginx_sysguard_1.3.9.patch

1.3 installation nginx

# ./configure --prefix=/usr/local/nginx-1.4.2 \
--with-http_stub_status_module --add-module=../nginx-http-sysguard
# make
# make install

2. sysguard instructions
Syntax: sysguard [on | off]
Default: sysguard off
Configuration segments: http, server, location
Switch module
Grammar:

sysguard_load load=number [action=/url]

Default: none
Configuration section: http, server, location
Specify the load threshold at which all requests will be redirected to the uri request defined by action. If URL action is not defined, the server returns 503
Grammar:

sysguard_mem swapratio=ratio% [action=/url]

Default: none
Configuration section: http, server, location
Define the threshold used by the swap partition, and if the swap partition is used beyond this threshold, all subsequent requests are redirected to uri requests defined by action. If URL action is not defined, the server returns 503 directly
Grammar:

sysguard_interval time

Default: sysguard_interval 1s
Configuration section: http, server, location
Define the frequency of system information updates, default 1 second.
Grammar:

sysguard_log_level info | notice | warn | error

Default: sysguard_log_level error
Configuration section: http, server, location
Define the logging level for sysguard
3. Use example of sysguard
3.1 nginx configuration

server {
  listen    80;
  server_name www.ofstack.com www.heytool.com;
  access_log /data/logs/nginx/www.ofstack.com.access.log main;
 
  index index.html index.php index.html;
  root /data/site/www.ofstack.com;
 
  sysguard on;
  #  For testing purposes, load The threshold for 0.01 At ordinary times 1 As in the 5 or 10+
  sysguard_load load=0.01 action=/loadlimit; 
  sysguard_mem swapratio=20% action=/swaplimit;
 
  location / {
 
  }
 
  location /loadlimit {
    return 503;
  }
 
  location /swaplimit {
    return 503;
  }
}

3.2 test
Load OK and access nginx

# uptime 

 16:23:37 up 6 days, 8:04, 2 users, load average: 0.00, 0.01, 0.05

# cd nginx-1.4.2
# patch -p1 < ../nginx-http-sysguard-master/nginx_sysguard_1.3.9.patch

0

# cd nginx-1.4.2
# patch -p1 < ../nginx-http-sysguard-master/nginx_sysguard_1.3.9.patch

1

Because there are no files under the site, 403 is returned, and it doesn't really matter.
When the load exceeds the threshold, access nginx

# cd nginx-1.4.2
# patch -p1 < ../nginx-http-sysguard-master/nginx_sysguard_1.3.9.patch

2

 16:25:59 up 6 days, 8:06, 2 users, load average: 0.05, 0.04, 0.05

# cd nginx-1.4.2
# patch -p1 < ../nginx-http-sysguard-master/nginx_sysguard_1.3.9.patch

4

# cd nginx-1.4.2
# patch -p1 < ../nginx-http-sysguard-master/nginx_sysguard_1.3.9.patch

5

I will not test swap beyond the threshold. You can do it yourself when you go home.
conclusion
Is nginx realserver cases, the individual is recommended to use this method, if the load on the server as the climb, 1 was to a relatively long time to be able to return to normal level, in the case of using this plugin, load reaches the threshold, nginx back to 503, using a failover to requests to other servers, in the case of without access to the server, can quickly return to normal levels, and able to work immediately. If the server exceeds the threshold, the processing speed of the request will be greatly reduced. With this module, the request will be sent to a faster server skillfully, thus avoiding the problem of slow access speed to a certain extent.