NGINX RATELIMIT HTTP2 Example

# This setting to make Nginx use HTTP2 and Rate Limit
# Set global rate limiting log level
limit_req_log_level warn;

# Create a shared memory zone for rate limiting
limit_req_zone $binary_remote_addr zone=global:10m rate=10r/s;

# Server block for the main domain
server {
  listen 443 ssl http2 reuseport backlog=4096;
  listen [::]:443 ssl http2 reuseport backlog=4096;
  server_name example.com;

  ssl_certificate /path/to/subdomain/certificate.crt;
  ssl_certificate_key /path/to/subdomain/private-key.key;

  # Enable rate limiting for the entire server
  limit_req zone=global;

  # Location block for the login page
  location /login/ {
    # Apply stricter rate limiting for the login page
    limit_req zone=global burst=5 nodelay;

    # ...
  }

  # Location block for static content
  location /static/ {
    # Allow higher rate limits for static content
    limit_req zone=global burst=10 nodelay;

    # ...
  }

  # Default location block
  location / {
    # ...
  }
}

# Server block for a subdomain
# Any Nginx error with backlog=4096 and reuseport, remove and maintain only one server config

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name subdomain.example.com;

  # Enable rate limiting for the entire subdomain server
  limit_req zone=global;

  # Location block for the subdomain's login page
  location /login/ {
    # Apply stricter rate limiting for the subdomain's login page
    limit_req zone=global burst=5 nodelay;

    # ...
  }

  # Location block for the subdomain's static content
  location /static/ {
    # Allow higher rate limits for subdomain's static content
    limit_req zone=global burst=10 nodelay;

    # ...
  }

  # Default location block
  location / {
    # ...
  }
}
linuxmalaysia/nginx-ratelimit-http2-example-conf.md

Select an option

No results found

Select an option

No results found

m-faraz commented Dec 24, 2025

Uh oh!
