Nginx Nginx your load balancer & cacheyour load balancer & cache

Marian Marian HackManHackMan Marinov <mm@1h.com> Marinov <mm@1h.com>CEO of 1H Ltd.CEO of 1H Ltd.

Why load balance with Nginx?Why load balance with Nginx?

Why load balance with Nginx?Why load balance with Nginx?

Why not do it with other tools?Why not do it with other tools?

➢ Balancing with iptablesBalancing with iptables➢ Balancing with iproute2Balancing with iproute2➢ LinuxVserverLinuxVserver➢ HAproxyHAproxy➢ VarnishVarnish➢ even Apache can do iteven Apache can do it

with mod_proxy_balancerwith mod_proxy_balancer

sample.comsample.comIN A 10.0.0.1IN A 10.0.0.1IN A 10.0.0.2IN A 10.0.0.2

10.0.0.110.0.0.1 10.0.0.210.0.0.2

DNS balancingDNS balancing

sample.comsample.comIN A 10.0.0.1IN A 10.0.0.1IN A 10.0.0.2IN A 10.0.0.2

10.0.0.110.0.0.1 10.0.0.210.0.0.2 10.0.0.110.0.0.1

Fault ToleranceFault ToleranceHigh AvailabilityHigh Availability

➢Always have at least two LB nodesAlways have at least two LB nodes➢Use DNS balancing Use DNS balancing

(two A/AAAA) records(two A/AAAA) records➢Use vrrpd or keepalived Use vrrpd or keepalived

for floating IPs (on layer 2)for floating IPs (on layer 2)➢In more complex network setups In more complex network setups

Corosync + PacemakerCorosync + Pacemaker

Make sure your infrastructureMake sure your infrastructure can handle a single LB failurecan handle a single LB failure(has enough resources CPU, Bandwidth)(has enough resources CPU, Bandwidth)

Load balancing with NginxLoad balancing with Nginx

Load balancing with NginxLoad balancing with Nginx

➢ upstreamupstream➢ scgi/uwsgi/fastcgi/memcachedscgi/uwsgi/fastcgi/memcached

➢_pass (using upstream)_pass (using upstream)➢_next_server_next_server

➢ upstream_conf (commercial)upstream_conf (commercial)➢ Your own monitoringYour own monitoring

Load balancing with NginxLoad balancing with Nginx

synopsis:synopsis: server IP [options];server IP [options];

upstream static_backend {upstream static_backend { server 10.0.0.1 fail_timeout=5s max_fails=1;server 10.0.0.1 fail_timeout=5s max_fails=1; server 10.0.0.2 fail_timeout=5s max_fails=1;server 10.0.0.2 fail_timeout=5s max_fails=1; keepalive 512;keepalive 512;}}

Load balancing with NginxLoad balancing with Nginx

weight=numberweight=number max_fails=number max_fails=number fail_timeout=time fail_timeout=time backupbackup downdown max_conns=number max_conns=number resolveresolve slow_start=timeslow_start=time

Load balancing with NginxLoad balancing with Nginx

Request distribution methodRequest distribution method➢ round-robin (default)round-robin (default)➢ ip_haship_hash➢ hashhash➢ least_connleast_conn➢ least_time least_time header/bytesheader/bytes

Load balancing with NginxLoad balancing with Nginx

keepalivekeepalivehealth_check [parameters]health_check [parameters]match name match name queue number [timeout=time]queue number [timeout=time]sticky cookie name sticky cookie name

Load balancing with NginxLoad balancing with Nginx

health_check interval=1 uri=/health;health_check interval=1 uri=/health;# status ok and not in maintenance mode# status ok and not in maintenance modematch server_ok {match server_ok { status 200-399;status 200-399; body !~ "maintenance mode";body !~ "maintenance mode";}}

Caching in NginxCaching in Nginx

➢ Why not cache the static content?Why not cache the static content?➢ Limited ESI support trough Limited ESI support trough

ngx_http_ssi and ngx_esingx_http_ssi and ngx_esi➢ Handle traffic extremesHandle traffic extremes

with with stale cachingstale caching➢ Reduce response timesReduce response times

If there are people willing to extend ngx_esi If there are people willing to extend ngx_esi I would join forces with them!I would join forces with them!

Caching in NginxCaching in Nginx

proxy_cache_path /var/lib/nginx/cache proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=WP:1024m levels=1:2 keys_zone=WP:1024m max_size=2048m;max_size=2048m;

proxy_cache_key proxy_cache_key "$host$request_uri $cookie_user";"$host$request_uri $cookie_user";

proxy_cache_valid 200 301 302 2s;proxy_cache_valid 200 301 302 2s;proxy_cache_use_stale proxy_cache_use_stale

error timeout invalid_header updating;error timeout invalid_header updating;expires 60s;expires 60s;

?/? Questions ?/??/? Questions ?/?

Marian Marian HackManHackMan Marinov Marinov<mm@1h.com><mm@1h.com>CEO of 1H Ltd.CEO of 1H Ltd.

Thank Youuuuuu!!!Thank Youuuuuu!!!