Load balancing is an excellent way to scale out your application and increase its performance\u00a0and redundancy. Nginx, a popular web server software, can be configured as a simple yet powerful load balancer to improve your server’s\u00a0resource availability and efficiency.<\/p>\n\n\n\n

How does Nginx work? Nginx acts as a single entry point to a distributed web application working on multiple separate servers.<\/p>\n\n\n\n

This guide describes the advantages of load balancing. Learn how to set up load balancing with nginx for your cloud servers.<\/p>\n\n\n\n

Try UpCloud for free!<\/a><\/div>\n<\/div>\n\n\n\n

Installing nginx<\/h2>\n\n\n\n
The first thing to do is to set up a new host that will serve as your load balancer. Deploy a new instance at your UpCloud Control Panel if you haven\u2019t already. Currently, nginx packages are available on the latest versions of CentOS, Debian and Ubuntu. So pick whichever of these you prefer.<\/p>\n\n\n\n
After you have set up the server the way you like, install the latest stable nginx. Use one of the following methods.<\/p>\n\n\n\n
# Debian and Ubuntu\nsudo apt-get update\n# Then install the Nginx Open Source edition\nsudo apt-get install nginx<\/pre>\n\n\n\n
# CentOS\n# Install the extra packages repository\nsudo yum install epel-release\n# Update the repositories and install Nginx\nsudo yum update\nsudo yum install nginx<\/pre>\n\n\n\n
Once installed change the directory into the nginx main configuration folder.<\/p>\n\n\n\n
cd \/etc\/nginx\/<\/pre>\n\n\n\n
Now depending on your OS, the web server configuration files will be in one of two places.<\/p>\n\n\n\n
Ubuntu and Debian follow a rule for storing virtual host files in `\/etc\/nginx\/sites-available\/<\/tt>, which are enabled through symbolic links to \/etc\/nginx\/sites-enabled\/<\/tt>. You can use the command below to enable any new virtual host files.<\/p>\n\n\n\n`
`sudo ln -s \/etc\/nginx\/sites-available\/vhost<\/span> \/etc\/nginx\/sites-enabled\/vhost<\/span><\/pre>\n\n\n\nCentOS users can find their host configuration files under \/etc\/nginx\/conf.d\/ in which any .conf<\/em> type virtual host file gets loaded.<\/p>\n\n\n\n Check that you find at least the default configuration and then restart nginx.<\/p>\n\n\n\n`sudo systemctl restart nginx<\/pre>\n\n\n\nTest that the server replies to HTTP requests. Open the load balancer server\u2019s public IP address in your web browser. When you see the default welcoming page for nginx the installation was successful.<\/p>\n\n\n\n<\/figure>\n\n\n\nIf you have trouble loading the page, check that a firewall is not blocking your connection. For example on CentOS 7 the default firewall rules do not allow HTTP traffic, enable it with the commands below.<\/p>\n\n\n\nsudo firewall-cmd --add-service=http --permanent\nsudo firewall-cmd --reload<\/pre>\n\n\n\nThen try reloading your browser.<\/p>\n\n\n\n Configuring nginx as a load balancer<\/h2>\n\n\n\nWhen nginx is installed and tested, start to configure it for load balancing. In essence, all you need to do is set up nginx with instructions for which type of connections to listen to and where to redirect them. Create a new configuration file using whichever text editor you prefer. For example with nano<\/em>:<\/p>\n\n\n\n sudo nano \/etc\/nginx\/conf.d\/load-balancer.conf<\/pre>\n\n\n\nIn the load-balancer.conf<\/em> you\u2019ll need to define the following two segments, upstream<\/em> and server<\/em>, see the examples below.<\/p>\n\n\n\n # Define which servers to include in the load balancing scheme. \n# It's best to use the servers' private IPs for better performance and security.\n# You can find the private IPs at your UpCloud control panel<\/a> Network section.\nhttp {\n upstream backend {\n server 10.1.0.101; \n server 10.1.0.102;\n server 10.1.0.103;\n }\n\n # This server accepts all traffic to port 80 and passes it to the upstream. \n # Notice that the upstream name and the proxy_pass need to match.\n\n server {\n listen 80; \n\n location \/ {\n proxy_pass http:\/\/backend;\n }\n }\n}<\/pre>\n\n\n\nThen save the file and exit the editor.<\/p>\n\n\n\n Next, disable the default server configuration you earlier tested was working after the installation. Again depending on your OS, this part differs slightly.<\/p>\n\n\n\n On Debian and Ubuntu systems you\u2019ll need to remove the default<\/em> symbolic link from the sites-enabled<\/em> folder.<\/p>\n\n\n\nsudo rm \/etc\/nginx\/sites-enabled\/default<\/pre>\n\n\n\nCentOS hosts don\u2019t use the same linking. Instead, simply rename the default.conf<\/em> in the conf.d\/<\/em> directory to something that doesn\u2019t end with .conf<\/em>, for example:<\/p>\n\n\n\nsudo mv \/etc\/nginx\/conf.d\/default.conf \/etc\/nginx\/conf.d\/default.conf.disabled<\/pre>\n\n\n\nThen use the following to restart nginx.<\/p>\n\n\n\nsudo systemctl restart nginx<\/pre>\n\n\n\nCheck that nginx starts successfully. If the restart fails, take a look at the \/etc\/nginx\/conf.d\/load-balancer.conf<\/em> you just created to make sure there are no mistypes or missing semicolons.<\/p>\n\n\n\n When you enter the load balancer\u2019s public IP address in your web browser, you should pass to one of your back-end servers.<\/p>\n\n\n\nLoad balancing methods<\/h2>\n\n\n\nLoad balancing with\u00a0nginx uses a round-robin algorithm by default if no other method is defined, like in the first example above.\u00a0With a round-robin scheme,\u00a0each server is selected\u00a0in turns according to the order you set them in the load-balancer.conf<\/em>\u00a0file. This balances the number of requests\u00a0equally for short operations.<\/p>\n\n\n\n Least connections-based load balancing is another straightforward method. As the name suggests, this method directs the requests to the server with the least active connections at that time. It works more fairly than round-robin would\u00a0with applications where requests might sometimes take longer to complete.<\/p>\n\n\n\n To enable the least connections balancing method,\u00a0add the parameter least_conn<\/em> to your upstream<\/em>\u00a0section as shown in the example below.<\/p>\n\n\n\nupstream backend {\n least_conn;\n server 10.1.0.101; \n server 10.1.0.102;\n server 10.1.0.103;\n}<\/pre>\n\n\n\nRound-robin and least connections balancing schemes are fair and have their uses. However, they cannot provide session persistence. If your web application requires that the users are subsequently directed to the same back-end server as during their previous connection, use the IP hashing method instead. IP hashing uses the visitor’s IP address as a key to determining which host should be selected to service the request. This allows the visitors to be each time directed to the same server, granted that the server is available and the visitor\u2019s IP address hasn\u2019t changed.<\/p>\n\n\n\n To use this method, add the ip_hash<\/em> -parameter to your upstream<\/em> segment like in the example underneath.<\/p>\n\n\n\nupstream backend {\n ip_hash;\n server 10.1.0.101; \n server 10.1.0.102;\n server 10.1.0.103;\n}<\/pre>\n\n\n\nIn a server setup where the available resources between different hosts are not equal, it might be desirable to favour some servers over others. Defining server weights allows you to further fine-tune load balancing with nginx. The server with the highest weight in the load balancer is selected the most often.<\/p>\n\n\n\nupstream backend {\n server 10.1.0.101 weight=4; \n server 10.1.0.102 weight=2;\n server 10.1.0.103;\n}<\/pre>\n\n\n\nFor example in the configuration shown above the first server is selected twice as often as the second, which again gets twice the requests compared to the third.<\/p>\n\n\n\nLoad balancing with HTTPS enabled<\/h2>\n\n\n\nEnable HTTPS for your site, it is a great way to protect your visitors and their data. If you haven\u2019t yet implemented encryption on your web hosts, we highly recommend you take a look at our guide for how to install Let\u2019s Encrypt on nginx<\/a>.<\/p>\n\n\n\n Using encryption with a load balancer is easier than you might think. All you need to do is to add another server section to your load balancer configuration file which listens to HTTPS traffic at port 443 with SSL. \u00a0Then set up a proxy_pass to your upstream segment like with the HTTP in the previous example above.<\/p>\n\n\n\n Open your configuration file again for editing.<\/p>\n\n\n\n sudo nano \/etc\/nginx\/conf.d\/load-balancer.conf<\/pre>\n\n\n\nThen add the following server segment to the end of the file.<\/p>\n\n\n\nserver {\n listen 443 ssl;\n server_name domain_name<\/span>;\n ssl_certificate \/etc\/letsencrypt\/live\/domain_name<\/span>\/cert.pem;\n ssl_certificate_key \/etc\/letsencrypt\/live\/domain_name<\/span>\/privkey.pem;\n ssl_protocols TLSv1 TLSv1.1 TLSv1.2;\n\n location \/ {\n proxy_pass http:\/\/backend;\n }\n}<\/pre>\n\n\n\nThen save the file, exit the editor and restart nginx again.<\/p>\n\n\n\nsudo systemctl restart nginx<\/pre>\n\n\n\nSetting up encryption at your load balancer when you are using private network connections to your back end has some great advantages.<\/p>\n\n\n\n\nAs only your UpCloud servers have access to your private network, it allows you to terminate the SSL at the load balancer and thus only pass forward HTTP connections.<\/li>\n\n\n\nIt also greatly simplifies your certificate management. You can obtain and renew the certificates from a single host.<\/li>\n<\/ul>\n\n\n\nWith the HTTPS-enabled, you also have the option to enforce encryption on all connections to your load balancer. Simply update your server segment by listening to port 80 with a server name and a redirection to your HTTPS port. Then remove or comment out the location<\/em> portion as it\u2019s no longer needed. See the example below.<\/p>\n\n\n\nserver {\n listen 80;\n server_name domain_name<\/span>;\n return 301 https:\/\/$server_name$request_uri;\n\n #location \/ {\n # proxy_pass http:\/\/backend;\n #}\n}<\/pre>\n\n\n\nSave the file again after you have made the changes. Then restart nginx.<\/p>\n\n\n\nsudo systemctl restart nginx<\/pre>\n\n\n\nNow all connections to your load balancer will be served over an encrypted HTTPS connection. Requests to the unencrypted HTTP will be redirected to use HTTPS as well. This provides a seamless transition into encryption. Nothing is required from your visitors.<\/p>\n\n\n\nHealth checks<\/h2>\n\n\n\nIn order to know which servers are available, Nginx\u2019s implementations of reverse proxy include passive server health checks. If a server fails to respond to a request or replies with an error, nginx will note the server has failed. It will try to avoid forwarding connections to that server for a time.<\/p>\n\n\n\n The number of consecutive unsuccessful connection attempts within a certain time period can be defined in the load balancer configuration file. Set a parameter max_fails<\/em> to the server lines. By default, when no max_fails<\/em> is specified, this value is set to 1. Optionally setting the max_fails<\/em> to 0 will disable health checks to that server.<\/p>\n\n\n\n If max_fails<\/em> is set to a value greater than 1 the subsequent fails must happen within a specific time frame for the fails to count. This time frame is specified by a parameter fail_timeout<\/em>, which also defines how long the server should be considered failed. By default, the fail_timeout<\/em> is set to 10 seconds.<\/p>\n\n\n\n After a server is marked failed and the time set by fail_timeout<\/em> has passed, nginx will begin to gracefully probe the server with client requests. If the probes return successful, the server is again marked live and included in the load balancing as normal.<\/p>\n\n\n\nupstream backend {\n server 10.1.0.101 weight=5;\n server 10.1.0.102 max_fails=3 fail_timeout=30s;\n server 10.1.0.103;\n}<\/pre>\n\n\n\nUse the health checks. They allow you to adapt your server back-end to the current demand by powering up or down hosts as required. When you start up additional servers during high traffic, it can easily increase your application performance when new resources become automatically available to your load balancer.<\/p>\n\n\n\n Conclusions on the advantages of load balancing<\/h2>\n\n\n\nIf you wish to improve your web application performance and availability, a load balancer is definitely something to consider. Nginx is powerful yet relatively simple to set up to load balance a web server. Together with an easy encryption solution, such as the Let\u2019s Encrypt client, it makes for a great front-end to your web farm. Check out the documentation for upstream<\/a> over at nginx.org to learn more.<\/p>\n\n\n\n When you are using multiple hosts protects your web service with redundancy, but the load balancer itself can still leave a single point of failure. You can further improve high availability when you set up a floating IP between multiple load balancers. Find out more in our article on\u00a0floating IPs on UpCloud<\/a>.<\/p>\n","protected":false},"featured_media":27387,"comment_status":"open","ping_status":"closed","template":"","community-category":[111,115],"class_list":["post-24654","tutorial","type-tutorial","status-publish","has-post-thumbnail","hentry","community-category-networking","community-category-load-balancing"],"acf":[],"_links":{"self":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial\/24654","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/tutorial"}],"about":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/types\/tutorial"}],"replies":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/comments?post=24654"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media\/27387"}],"wp:attachment":[{"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/media?parent=24654"}],"wp:term":[{"taxonomy":"community-category","embeddable":true,"href":"https:\/\/studiogo.tech\/upcloudold\/wp-json\/wp\/v2\/community-category?post=24654"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}