So what am I not understanding about nginx rate limiting? (HTTP 429)

raindog308

I have server #1 which analyzes a bunch of things in a database and then does a few hundred POST requests to server #2, which accepts them via nginx.

When server #1 does its thing, it might fire off maybe 5-10 POSTs per second. Server #2 is an E31240 dedicated server with 32GB of RAM and is mostly idle other than handling this traffic.

I'm getting a bunch of 429s from nginx (rate limit exceeded). So I researched and put this in the nginx config for the site on server #2:

limit_req_zone $binary_remote_addr zone=zone1:10m rate=100r/s;

    location / {
        limit_req zone=zone1;
        ...

Also put that limit_req_zone in this block, which enables fpm:

    location ~ \.php$ {
        limit_req zone=zone1;
        ...

Yet the 429s persist. As. I understand how this works, nginx will create a 10MB bucket and fill it with IP addresses to track requests. They'll be limited to 100 requests a second, which I'm nowhere near.

raindog308

Turns out it was Laravel, not nginx.

in app/Providers/RouteServiceProvider.php

There is this code:

   public function boot(): void {
        RateLimiter::for('api', function (Request $request) {
            return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
        });

Changing that value fixed the problem

Levi

@raindog308 said:
Turns out it was Laravel, not nginx.

in app/Providers/RouteServiceProvider.php

There is this code:

>    public function boot(): void {
>         RateLimiter::for('api', function (Request $request) {
>             return Limit::perMinute(60)->by($request->user()?->id ?: $request->ip());
>         });
> 

Changing that value fixed the problem

Any reason why you are using bloated laravel instead more api focused and lightweight alternatives? Phalcon maybe.

raindog308

@Levi said: Any reason why you are using bloated laravel instead more api focused and lightweight alternatives? Phalcon maybe.

The rest of the app is Laravel. And I know Laravel. Sort of.

Laravel may have a lot of knobs and dials but so far it's been performant enough for me, even though I'm sure I'm only using a fraction of its features.

dbContext

Just to clarify, nginx has no imposed rate limits by default (unless you add them via the mentioned limit_req_zone)

I hadn't even scrolled down and seen your comment regarding Laravel before I was going to type "it's your origin/backend/downstream, not nginx". nginx was simply forwarding the response to you, from the origin/backend/downstream.

Glad you figured it out.

lowenduser1

FWIW the nginx premium queue feature is possible for free by using the burst and delay parameters in limit_req_zone. implementing this on a global scope instead of per IP can be effective

emgh

@raindog308 said: The rest of the app is Laravel. And I know Laravel. Sort of.

Laravel may have a lot of knobs and dials but so far it's been performant enough for me, even though I'm sure I'm only using a fraction of its features.

This is the way

I see so many devs spending unnecessary time learning new frameworks (sometimes even new LANGUAGES) simply for the small performance benefit

While at the same time not even being CLOSE to maxing out what their current language & framework combination is capable of

Someone really MASTERING a "slow" language or framework will likely build a faster and generally more stable app compared to someone who's chasing the speed and therefore always being a noob at whatever language they're currently coding in

As said, I've seen this WAY too much