Nginx 101 — Load-Balancer

This will be the part 3 of my Nginx series. If you havent read first two, please read them before start this. Hope they would give you an idea about nginx (if you are not familiar with nginx). .

Lets get into the topic. Nginx can work as a Layer 7 and layer 4 load balancer. Here I will mostly focus on Layer-7 . First lets see about how to configure nginx as layer-4 load-balancer. Which is not kind of full load balancer we have nginx working in layer-7.

TCP packets are the things in OSI layer 4. Where we can see only IP address and port. As an example, if we want to load-balance traffic coming to port 80. we can use following configuration.

stream {    upstream myservers {
server 127.0.0.1:2222;
server 127.0.0.1:3333;
}
}
server {
listen 80;
proxy_pass myservers;
}

If you have basic understanding about nginx, you may noticed here we do not have the main http config block we had previous examples. Simply because http works in layer-7 and now we try to load-balance traffic at layer-4. Here port-80 is http port, but in layer-4, it sees it just as a port. So any packet coming to port 80 will route to two services running on localhost port 2222 or 3333 in Round-Robin fashion.

To test, you will have to use a tcp connection such as telnet . Normal browser traffic wont be load-balanced. Also here we can not load-balance traffic coming to specific route.

Layer — 7 Load balancing using Nginx

As I understood, this is the most important part in nginx. We can do many more smart load balancing using this option. Its from simple round-robin load balancing for multiple back-end services to caching, certificate checking etc. What I understood and explain may be a small fraction.

http {    
upstream myfirst {
server 127.0.0.1:7070;
server 127.0.0.1:7171;
}
server {
listen 8000;
location / {
proxy_pass ;
}
}
} # http blockevents { } # events block

Above configuration will do load-balancing our service running on port 8000 .

By default nginx will will use Round-Robin algorithm to route default traffic. Http traffic coming to our root of the service will be sent to two services running on port 7070 and 7171 .

If we want to do load-balancing for one client always redirect to one particular server, specially when we use service caching we have to use ip_hash , so config will be like this.

http {
upstream myfirst {
ip_hash;
server 127.0.0.1:7070;
server 127.0.0.1:7171;
}
server {
listen 8000;
location / {
proxy_pass ;
}
}
} # http block
events { } # events block

Using Certificates with Nginx

This had been a real issue one of my colleague at my faced recently. Client requirement was to secure two site with same certificates, both these sites were running on same server.

We had to get some help from , as they have suggested. He could solve it.

server {
listen 192.168.1.2:443 ssl;
server_name 192.168.1.2;
location /mysite1/ {
proxy_pass ;
}
}server {
listen 192.168.1.2:443 ssl;
server_name 192.168.1.2;
ssl_certificate "/path/to/nginx.crt";
ssl_certificate_key "/path/to/private/nginx.key";
location /mysite2 {
proxy_pass ;
}

Because of nginx’s tiny footprint, its been used widely as a loadbalancing solution. Kubernetes uses this behind the scene etc. In layer-7 we can use caches to maximize the user experience.

I have listed tiny bit details about nginx, true power of nginx is yet to be explored by me. There are a lots of good tutorials and official documentations. If you see a mistake here, please update me.

--

--

--

DevOps who is willing to learn and try new things.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Apache Pinot

Create an iOS widget showing Google Spreadsheets data

Drops: Code Review as a Test Strategy?

Starting with Android — The How, What and Where

Java Programming for Complete Stranger

Programming Language Fatigue

knex and Node.js

Which programming language should I learn first if I could start over?

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Sachith Muhandiram

Sachith Muhandiram

DevOps who is willing to learn and try new things.

More from Medium

Jenkins:- Jenkins is an open-source automation tool written in Java with plugins built for…

CICD with Jenkins Pipelines Running in Docker

Configure a local Jenkins instance

How to Setup a Jenkins to Dockerhub Pipeline with Multi-Arch Images