TIL that nginx http_limit_conn module can wreak havoc to your website

#todayilearned #ansible #nginx

The nginx http_limit_conn module to limit http connections works as advertised. It limits the number of connections an ip-address (or other directives) can make to the nginx.

Also: the Ansible hardening-role for nginx as a default limit of 5 connections (see).

This bit me hard: One website I host makes concurrent connections to two APIs and a static frontend-webserver to fetch contents. This was a small debugging nightmare because these three applications did not log anything.

That’s because the requests never made it to them. They got blocked with a 503 error in the reverseproxy.

As I located the problem on the reverseproxy, the error logs made it obvious:

2021/06/25 13:44:58 [error] 1822158#0: *2105549 limiting connections by zone "default", client: 123.123.123.0 server: example.com, request: "GET /core/modules/views/js/base.js?v=8.9.13 HT
TP/2.0", host: "example.com"

Hands-on debugging session: instrument, monitor, and fix

Join Lazar for a hands-on session where you’ll build it, break it, debug it, and fix it. You’ll set up Sentry, track errors, use Session Replay and Tracing, and leverage some good ol’ AI to find and fix issues fast.

RSVP here →