Resolve the nginx 503 Service Temporarily Unavailable method example
- 2020-05-17 07:50:46
- OfStack
Recently, there is often a 503 Service Temporarily Unavailable error after the website is refreshed. Sometimes, it is possible to recall that a single ip access limit has been made in nginx.conf recently. (limit_req_zone $binary_remote_addr zone=allips:20m rate=20r/s;) Zoom in on this quantity and find the problem solved in the refresh. (and by the way, make this bigger, limit_req zone=allips burst=50 nodelay; ) in order to confirm the problem, repeated changes to the number of tests found that the problem is indeed here. There is a problem with setting this amount too small. It is found that the web page refreshes 1 time through fiddler, because the js,css and images quoted on the page all count as 1 link. So a single page refresh will likely Max out this limit, exceeding which will prompt 503 Service Temporarily Unavailable.
The enclosed nginx conf
#user nobody;
worker_processes 1;
#worker_rlimit_nofile 100000;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
##cache##
proxy_connect_timeout 5;
proxy_read_timeout 60;
proxy_send_timeout 5;
proxy_buffer_size 16k;
proxy_buffers 4 64k;
proxy_busy_buffers_size 128k;
proxy_temp_file_write_size 128k;
proxy_temp_path /home/temp_dir;
proxy_cache_path /usr/local/nginx/cache levels=1:2 keys_zone=cache_one:200m inactive=1d max_size=30g;
##end##
#limit per ip per second access times 10
limit_req_zone $binary_remote_addr zone=allips:20m rate=20r/s;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
upstream myweb80{
ip_hash;
server 192.168.3.105:80;
server 192.168.3.103:80;
}
upstream myweb8080{
ip_hash;
server 192.168.3.222:10080;
#server 192.168.3.103:8080;
}
upstream myweb10086{
ip_hash;
server 192.168.3.102:10086;
server 192.168.3.108:10086;
}
upstream myweb443{
ip_hash;
server 192.168.3.105:443;
server 192.168.3.103:443;
}
# another virtual host using mix of IP-, name-, and port-based configuration
#
server {
listen 80;
allow 218.17.158.2;
allow 127.0.0.0/24;
allow 192.168.0.0/16;
allow 58.251.130.1;
allow 183.239.167.3;
allow 61.145.164.1;
deny all;
server_name myweb.com;
location / {
proxy_pass http://myweb80;
proxy_set_header X-Real-IP $remote_addr;
limit_req zone=allips burst=50 nodelay;
}
}
server {
listen 8080;
allow 218.17.158.2;
allow 127.0.0.0/24;
allow 192.168.0.0/16;
allow 58.251.130.1;
allow 183.239.167.3;
allow 61.145.164.1;
deny all;
location / {
proxy_pass http://myweb8080;
proxy_set_header X-Real-IP $remote_addr;
limit_req zone=allips burst=50 nodelay;
}
}
# HTTPS server
#
server {
listen 10086 ssl;
server_name localhost;
allow 218.17.158.2;
allow 127.0.0.0/24;
allow 192.168.0.0/16;
allow 58.251.130.1;
allow 183.239.167.3;
allow 61.145.164.1;
#deny all;
ssl_certificate ssl/1_www.myweb.com_bundle.crt;
ssl_certificate_key ssl/2_www.myweb.com.key;
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 5m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
location / {
proxy_pass https : // myweb10086;
#roft html;
#index index.html index.htm;
}
}
The server {
listen 443 ssl;
server_name localhost;
ssl_certificate ssl / 1_www.myweb.com_bundle.crt;
ssl_certificate_key ssl / 2_www.myweb.com.key;
#ssl_session_cache Sharing: SSL : 1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH :! aNULL :! MD5;
#ssl_prefer_server_ciphers on;
location / {
proxy_pass https : // myweb443;
#roft html;
#roft html;
#index index.html index.htm;
}
}
}