Created
April 11, 2014 22:54
-
-
Save yanatan16/10508044 to your computer and use it in GitHub Desktop.
Example nginx load balancer
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## Global parameters | |
| ## StatsD Plugin: https://github.com/zebrafishlabs/nginx-statsd | |
| statsd_server statsd.domain.tld; | |
| # Stop proxying to an upstream if any of these happen | |
| proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504; | |
| # Setup standard forwarding headers | |
| proxy_set_header Accept-Encoding ""; | |
| proxy_set_header X-Forwarded-Host $host; | |
| proxy_set_header X-Real-IP $remote_addr; | |
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
| proxy_set_header X-Forwarded-Proto $scheme; | |
| # For keepalive | |
| proxy_http_version 1.1; | |
| proxy_set_header Connection ""; ## Override for websockets | |
| # Don't redirect, proxy! | |
| proxy_redirect off; | |
| ## Force HTTPS | |
| server { | |
| # default_server says to route to this server if none are available | |
| listen 80 default_server; | |
| statsd_count "prefix.lb.forcehttps.requests" 1; | |
| # rewrite a 301 for HTTPS forcing | |
| rewrite ^ https://$host$request_uri? permanent; | |
| } | |
| ## Catch-all server to respond 404 to any erroneous request | |
| server { | |
| # any request not routed to another server will go here and get 404'd | |
| listen 443 default_server; | |
| ssl on; | |
| ## <snip>ssl options...</snip> | |
| statsd_count "prefix.lb.erroneous.requests" 1; | |
| return 404 "Not Found"; | |
| } | |
| ## Setup our first load balanced domain | |
| upstream application { | |
| ## We usually use /etc/hosts for these IPs. You could hard-code or use internal DNS for it. | |
| instance-01.application.production.domain.tld; | |
| instance-02.application.production.domain.tld; | |
| instance-03.application.production.domain.tld; | |
| ## Allows 32 connections to be kept alive to the backend servers | |
| # This speeds up services with repeated requests | |
| # but adds on open connections | |
| keepalive 32; | |
| } | |
| ## Load balanced application server | |
| server { | |
| listen 443; | |
| server_name application.domain.tld; | |
| ssl on; | |
| ## <snip> ssl options... </snip> | |
| # Count requests to this domain | |
| statsd_count "prefix.lb.application.https.requests" 1; | |
| access_log /var/log/nginx/application-access.log; | |
| error_log /var/log/nginx/application-error.log; | |
| location / { | |
| # Keep a timing record to notice spikes | |
| statsd_timing "prefix.lb.application.https.response_time" "$upstream_response_time"; | |
| # The actual proxying! | |
| proxy_pass http://application; | |
| } | |
| } | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment