You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2022/05/03 18:35:51 UTC

[GitHub] [apisix] waxi-i opened a new issue, #6978: help request:

waxi-i opened a new issue, #6978:
URL: https://github.com/apache/apisix/issues/6978

   ### Description
   
   Consult, the front cdn followed by the structure of apisix, in this case the problem of current limit. 
   
   We have two apisix, and there is cloud platform load balancer in front of us. 
   The problem is that we failed the test when we limited concurrency based on IP. 
   is X-Forwarded-For or http_x_forwarded_for? Tests don't work
   https://apisix.apache.org/docs/apisix/plugins/limit-conn/
   
   ### Environment
   
   - APISIX version (run `apisix version`): apache/apisix:2.13.1-alpine
   - Operating system (run `uname -a`): Linux 92a4dd4378ea 3.10.0-1127.8.2.el7.x86_64 #1 SMP Tue May 12 16:57:42 UTC 2020 x86_64 Linux
   - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): nginx version: openresty/1.19.9.1
   - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): bitnami/etcd:3.4.15
   - APISIX Dashboard version, if relevant: apache/apisix-dashboard:2.11-alpine
   - Plugin runner version, for issues related to plugin runners: docker The deployment of
   - LuaRocks version, for installation issues (run `luarocks --version`): /usr/local/bin/luarocks 3.8.0
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] soulbird commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

soulbird commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1118036805

   Are you trying to implement rate limiting on apisix by client IP? Can you sure that the correct client IP is included in the X-Forwarded-For? After forwarding through CDN, X-Forwarded-For does not necessarily contain only the client IP, but may also contain the IP of other proxy nodes. In addition, could you provide the configuration of the limit-conn plugin?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] fatihbm commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

fatihbm commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1117643748

   > @tokers @fatihbm [#6978 (comment)](https://github.com/apache/apisix/issues/6978#issuecomment-1117273152)
   
   sorry, i don't know exactly how slb works.  so i don't fully understand your problem.  I guess I won't be able to help.  
   Can you try using just one apisix without the slb?  So we can try things in order to get the right result.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1117222031

   @waxi-i Could you give us more details about the reality and the expectation? As an example, let's say I want to allow five requests in a second but actually there are only three requests that can be handled.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] waxi-i commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

waxi-i commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1119236774

   > @waxi-i Maybe you can use the [real-ip](https://apisix.apache.org/zh/docs/apisix/plugins/real-ip/) plugin to fetch the client IP from the `X-Forwarded-For` header so that you can eliminate the problem said by @soulbird, and then use the `remote_addr` as the limit key.
   
   I have also heard about this, please ask how to configure this, Do you have screenshots like this


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] waxi-i commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

waxi-i commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1119236321

   > Are you trying to implement rate limiting on apisix by client IP? Can you sure that the correct client IP is included in the X-Forwarded-For? After forwarding through CDN, X-Forwarded-For does not necessarily contain only the client IP, but may also contain the IP of other proxy nodes. In addition, could you provide the configuration of the limit-conn plugin?
   
   I'm also testing whether I got the address of X-Forwarded-For correctly. I'm worried.
       location / {
           proxy_pass http://127.0.0.1:9080/;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header REMOTE-HOST $remote_addr;
       }


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] waxi-i commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

waxi-i commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1119237455

   > You can refer to this discussion to know: how to get APISIX to get the real client ip behind the LB: #4793
   > 
   > Then, I hope you can verify that the limit plugin works with just one SLB and one APISIX instance, and that the description is clear.
   
   Thank you. This is the scene. I'll study it.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tzssangglass commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

tzssangglass commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1118093092

   You can refer to this discussion to know: how to get APISIX to get the real client ip behind the LB: https://github.com/apache/apisix/discussions/4793
   
   Then, I hope you can verify that the limit plugin works with just one SLB and one APISIX instance, and that the description is clear.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] fatihbm commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

fatihbm commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1117146976

   Can you explain your issue and topology? If I was a right understanding you have two apisix nodes behind a layer 4 (cloud platform) load balancer. L4 LB terminates tcp connections from the client and creates new connections to the apisix. By default, the original client ip information is not preserved. And you couldn't use forwarders headers in this situation. Of course this is based on limited info. 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] github-actions[bot] commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1517593648

   This issue has been marked as stale due to 350 days of inactivity. It will be closed in 2 weeks if no further activity occurs. If this issue is still relevant, please simply write any comment. Even if closed, you can still revive the issue at any time or discuss it on the dev@apisix.apache.org list. Thank you for your contributions.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] github-actions[bot] commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1537107358

   This issue has been closed due to lack of activity. If you think that is incorrect, or the issue requires additional review, you can revive the issue at any time.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] tokers commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

tokers commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1118071779

   @waxi-i Maybe you can use the [real-ip](https://apisix.apache.org/zh/docs/apisix/plugins/real-ip/) plugin to fetch the client IP from the `X-Forwarded-For` header so that you can eliminate the problem said by @soulbird, and then use the `remote_addr` as the limit key.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] waxi-i commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

waxi-i commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1117273152

   ![image](https://user-images.githubusercontent.com/39110760/166682641-c3f0a9ea-706b-440d-9540-a47e9ea64cba.png)
   
   There are two problems
   1. Being violently assaulted
   2. The service is unavailable due to high instantaneous concurrency
   I used nginx for stream limiting a long time ago, and now I want to try API gateway management
   Architecture: client - load balancer - Apisix Gateway - Web service
   In Apisix, limit-conn, limit-count, limit-req are used to limit traffic
   Test the concurrency set by limit-count. No test passed
   
   ![image](https://user-images.githubusercontent.com/39110760/166684122-4a86d278-398a-45b7-bf07-613181188c61.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] waxi-i commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

waxi-i commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1117274464

   @tokers @fatihbm 
   https://github.com/apache/apisix/issues/6978#issuecomment-1117273152


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] waxi-i commented on issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by GitBox <gi...@apache.org>.

waxi-i commented on issue #6978:
URL: https://github.com/apache/apisix/issues/6978#issuecomment-1119235749

   > > @tokers @fatihbm [第6978章（评论）](https://github.com/apache/apisix/issues/6978#issuecomment-1117273152)
   > 
   > 抱歉，我不知道 slb 是如何工作的。所以我不完全理解你的问题。我想我将无法提供帮助。 你可以尝试只使用一个没有 slb 的 apisix 吗？所以我们可以尝试一些事情以获得正确的结果。
   
   SLB has layers 4 and 7, and I have to test both of them 
   If the pressure is big, apisix can't carry it 
       location / {
           proxy_pass http://127.0.0.1:9080/; # apisix
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header REMOTE-HOST $remote_addr;
       }


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [apisix] github-actions[bot] closed issue #6978: help request: Load balancer after apisix, how to set limit-conn

Posted by "github-actions[bot] (via GitHub)" <gi...@apache.org>.

github-actions[bot] closed issue #6978: help request: Load balancer after apisix, how to set limit-conn
URL: https://github.com/apache/apisix/issues/6978


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@apisix.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org