https://backend-engineering-strategy-tools.github.io/site/tags/load-balancer/Recent content in Load-Balancer on Backend Engineering Strategy ToolsHugo -- gohugo.ioen-usMon, 01 Jan 2024 00:00:00 +0000https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/nginx/Mon, 01 Jan 2024 00:00:00 +0000https://backend-engineering-strategy-tools.github.io/site/public-notes/frameworks-tools/nginx/<p><img alt="NGINX" loading="lazy" sizes="(max-width: 767px) calc(100vw - 30px), (max-width: 1023px) 700px, (max-width: 1279px) 950px, 1232px"></p> <p>NGINX is a high-performance web server and reverse proxy built around an event-driven, non-blocking architecture. Where Apache spawns a thread per connection, NGINX handles thousands of concurrent connections from a small, fixed number of worker processes — making it well-suited to acting as the entry point for modern distributed systems.</p> <h2 id="server-blocks">Server blocks </h2><p>NGINX configuration is structured around <code>server</code> blocks (analogous to Apache&rsquo;s VirtualHost). Each block defines how to handle requests for a given hostname or port:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">server</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">listen</span> <span style="color:#ae81ff">80</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server_name</span> <span style="color:#e6db74">example.com</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">location</span> <span style="color:#e6db74">/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">root</span> <span style="color:#e6db74">/var/www/html</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">index</span> <span style="color:#e6db74">index.html</span>; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>Multiple server blocks in a single NGINX instance handle traffic for different domains — NGINX selects the block by matching the <code>Host</code> header against <code>server_name</code>.</p> <h2 id="reverse-proxy">Reverse proxy </h2><p>The primary use case in infrastructure work: NGINX sits in front of application servers and forwards requests to them. The application never needs to be exposed directly.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">server</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">listen</span> <span style="color:#ae81ff">80</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server_name</span> <span style="color:#e6db74">api.example.com</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">location</span> <span style="color:#e6db74">/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">proxy_pass</span> <span style="color:#e6db74">http://127.0.0.1:8080</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">proxy_set_header</span> <span style="color:#e6db74">Host</span> $host; </span></span><span style="display:flex;"><span> <span style="color:#f92672">proxy_set_header</span> <span style="color:#e6db74">X-Real-IP</span> $remote_addr; </span></span><span style="display:flex;"><span> <span style="color:#f92672">proxy_set_header</span> <span style="color:#e6db74">X-Forwarded-For</span> $proxy_add_x_forwarded_for; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p><code>X-Forwarded-For</code> and <code>X-Real-IP</code> headers pass the original client IP to the upstream — without these the application sees only the proxy address.</p> <h2 id="ssl-termination">SSL termination </h2><p>NGINX handles TLS and speaks plain HTTP to backends. This centralises certificate management and offloads crypto from application processes:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">server</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">listen</span> <span style="color:#ae81ff">443</span> <span style="color:#e6db74">ssl</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server_name</span> <span style="color:#e6db74">example.com</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">ssl_certificate</span> <span style="color:#e6db74">/etc/letsencrypt/live/example.com/fullchain.pem</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">ssl_certificate_key</span> <span style="color:#e6db74">/etc/letsencrypt/live/example.com/privkey.pem</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">ssl_protocols</span> <span style="color:#e6db74">TLSv1.2</span> <span style="color:#e6db74">TLSv1.3</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span> <span style="color:#f92672">location</span> <span style="color:#e6db74">/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">proxy_pass</span> <span style="color:#e6db74">http://127.0.0.1:8080</span>; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#75715e"># Redirect HTTP → HTTPS </span></span></span><span style="display:flex;"><span><span style="color:#66d9ef">server</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">listen</span> <span style="color:#ae81ff">80</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server_name</span> <span style="color:#e6db74">example.com</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">return</span> <span style="color:#ae81ff">301</span> <span style="color:#e6db74">https://</span>$host$request_uri; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>Pair with <a class="link" href="../letsencrypt/" >Let&rsquo;s Encrypt</a> and Certbot for automated certificate issuance and renewal.</p> <h2 id="load-balancing">Load balancing </h2><p>NGINX distributes traffic across multiple upstream instances using an <code>upstream</code> block:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">upstream</span> <span style="color:#e6db74">app</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">server</span> 10.0.0.1:<span style="color:#ae81ff">8080</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server</span> 10.0.0.2:<span style="color:#ae81ff">8080</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">server</span> 10.0.0.3:<span style="color:#ae81ff">8080</span>; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">server</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">listen</span> <span style="color:#ae81ff">80</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">location</span> <span style="color:#e6db74">/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">proxy_pass</span> <span style="color:#e6db74">http://app</span>; </span></span><span style="display:flex;"><span> } </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>Default is round-robin. Other strategies: <code>least_conn</code> (fewest active connections), <code>ip_hash</code> (sticky sessions by client IP), <code>hash</code> (consistent hashing by arbitrary key).</p> <h2 id="static-files">Static files </h2><p>NGINX serves static assets efficiently — far more so than most application frameworks. A common pattern: serve static files directly from NGINX, proxy only dynamic requests to the application.</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">location</span> <span style="color:#e6db74">/static/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">alias</span> <span style="color:#e6db74">/var/www/static/</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">expires</span> <span style="color:#e6db74">1y</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">Cache-Control</span> <span style="color:#e6db74">&#34;public,</span> <span style="color:#e6db74">immutable&#34;</span>; </span></span><span style="display:flex;"><span>} </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">location</span> <span style="color:#e6db74">/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">proxy_pass</span> <span style="color:#e6db74">http://app</span>; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><h2 id="useful-patterns">Useful patterns </h2><p><strong>Rate limiting</strong> — protect endpoints from abuse:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">limit_req_zone</span> $binary_remote_addr <span style="color:#e6db74">zone=api:10m</span> <span style="color:#e6db74">rate=10r/s</span>; </span></span><span style="display:flex;"><span> </span></span><span style="display:flex;"><span><span style="color:#66d9ef">location</span> <span style="color:#e6db74">/api/</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">limit_req</span> <span style="color:#e6db74">zone=api</span> <span style="color:#e6db74">burst=20</span> <span style="color:#e6db74">nodelay</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">proxy_pass</span> <span style="color:#e6db74">http://app</span>; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p><strong>Health check path</strong> — expose a simple status endpoint:</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;-webkit-text-size-adjust:none;"><code class="language-nginx" data-lang="nginx"><span style="display:flex;"><span><span style="color:#66d9ef">location</span> <span style="color:#e6db74">/healthz</span> { </span></span><span style="display:flex;"><span> <span style="color:#f92672">access_log</span> <span style="color:#66d9ef">off</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">return</span> <span style="color:#ae81ff">200</span> <span style="color:#e6db74">&#34;ok\n&#34;</span>; </span></span><span style="display:flex;"><span> <span style="color:#f92672">add_header</span> <span style="color:#e6db74">Content-Type</span> <span style="color:#e6db74">text/plain</span>; </span></span><span style="display:flex;"><span>} </span></span></code></pre></div><p>Test config before reloading: <code>nginx -t</code>. Reload without dropping connections: <code>nginx -s reload</code>.</p> <h2 id="resources">Resources </h2><ul> <li><a class="link" href="https://nginx.org/en/docs/" target="_blank" rel="noopener" >NGINX documentation</a></li> <li><a class="link" href="https://www.digitalocean.com/community/tools/nginx" target="_blank" rel="noopener" >NGINX config generator</a></li> <li><a class="link" href="https://ssl-config.mozilla.org/" target="_blank" rel="noopener" >Mozilla SSL Configuration Generator</a></li> </ul>