xfy
6543422281
- config: 反向代理、缓存、负载均衡、安全、SSL 等配置模板 - lua: API 网关、认证、动态路由、限流、WebSocket 等脚本示例 Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
50 lines
1.7 KiB
Nginx Configuration File
50 lines
1.7 KiB
Nginx Configuration File
# NGINX 配置示例:Lua 速率限制
|
||
#
|
||
# 用法:将 lua_shared_dict 添加到 http 块,
|
||
# 在需要限流的 location 中使用 access_by_lua_file 引入 access.lua
|
||
|
||
http {
|
||
# -------------------------------------------------------
|
||
# 共享内存字典:存储限流计数器
|
||
# rate_limit : 速率限制计数器
|
||
# 10m : 约可存储 160,000 个唯一键的状态
|
||
# -------------------------------------------------------
|
||
lua_shared_dict rate_limit 10m;
|
||
|
||
server {
|
||
listen 80;
|
||
server_name api.example.com;
|
||
|
||
# -------------------------------------------------------
|
||
# API 接口:启用 Lua 速率限制
|
||
# -------------------------------------------------------
|
||
location /api/ {
|
||
access_by_lua_file /etc/nginx/lua/rate-limiting/access.lua;
|
||
|
||
# 限流通过时添加响应头
|
||
add_header X-RateLimit-Remaining $upstream_http_x_ratelimit_remaining always;
|
||
add_header X-RateLimit-Limit $upstream_http_x_ratelimit_limit always;
|
||
|
||
proxy_pass http://backend_pool;
|
||
}
|
||
|
||
# -------------------------------------------------------
|
||
# 管理接口:不使用限流(白名单)
|
||
# -------------------------------------------------------
|
||
location /admin/ {
|
||
allow 10.0.0.0/24;
|
||
deny all;
|
||
|
||
proxy_pass http://backend_pool;
|
||
}
|
||
|
||
# -------------------------------------------------------
|
||
# 健康检查端点:不限流
|
||
# -------------------------------------------------------
|
||
location /health {
|
||
access_log off;
|
||
return 200 'ok';
|
||
}
|
||
}
|
||
}
|