DNS UDP Load Balancer using Nginx

The plan is to build a DNS- UDP load balancer DNS recursive server (actually forwarding service). The design logic is simple-

On client side a public recursive+forwarding DNS IP –> hits the Nginx Load Balancers  –> sends traffic to Google Public DNS/IBM Public DNS/Own recursive DNS/OpenDNS.

The configuration is quite simple on Nginx Load Balancer, the core configuration content is pretty straight forward:

# Load balance UDP-based DNS traffic across two servers
stream {
upstream dns_upstreams {
server 192.168.136.130:53;
server 192.168.136.131:53;
}

server {
listen 53 udp;
proxy_pass dns_upstreams;
proxy_timeout 1s;
proxy_responses 1;
error_log logs/dns.log;
}
}

Continue reading “DNS UDP Load Balancer using Nginx” »

Share

Nginx upstream timed out

There are two main directives responsible for Nginx upstream timed out (110: Connection timed out) error:

proxy_read_timeout – Defines a timeout for reading a response from the proxied server. Default is 60 seconds.

location ~ ^/slow-proxy {
proxy_read_timeout 180; # <---
proxy_pass ...;
}

* you can use proxy_read_timeout inside http, server and location blocks. Continue reading “Nginx upstream timed out” »

Share

Set Up Nginx Load Balancing with SSL Termination

Nginx can be configured as a load balancer to distribute incoming traffic around several backend servers. SSL termination is the process that occurs on the load balancer which handles the SSL encryption/decryption so that traffic between the load balancer and backend servers is in HTTP. The backends must be secured by restricting access to the load balancer’s IP, which is explained later in this article.

Prerequisites
In this tutorial the commands must be run as the root user or as a user with sudo privileges. You can see how to set that up in the Users Tutorial. Continue reading “Set Up Nginx Load Balancing with SSL Termination” »

Share

Creating Nginx Virtual Hosts

Step One— Create a New Directory

The first step in creating a virtual host is to a create a directory where we will keep the new website’s information. This location will be your Document Root in the nginx virtual configuration file later on. By adding a -p to the line of code, the command automatically generates all the parents for the new directory.

sudo mkdir -p /var/www/example.com/public_html

You will need to designate an actual DNS approved domain, or an IP address, to test that a virtual host is working. In this tutorial we will use example.com as a placeholder for a correct domain name.

However, should you want to use an unapproved domain name to test the process you will find information on how to make it work on your local computer in Step Six.

Step Two—Grant Permissions

We need to grant ownership of the directory to the right user, instead of just keeping it on the root system. You can replace the “www-data” below with the appropriate username.

sudo chown -R www-data:www-data /var/www/example.com/public_html

Additionally, it is important to make sure that everyone is able to read our new files.

sudo chmod 755 /var/www

Now you are all done with permissions. Continue reading “Creating Nginx Virtual Hosts” »

Share

Tuning Nginx for Maximum Performance

Worker_processes

Make sure you use the correct amount of worker_processes in your /etc/nginx/nginx.conf. This should be equal to the amount of CPU cores in the output of

cat /proc/cpuinfo | grep processor
root@server1:~# cat /proc/cpuinfo | grep processor
processor : 0
processor : 1
processor : 2
processor : 3
processor : 4
processor : 5
processor : 6
processor : 7
root@server1:~#

In this example, we have eight CPU cores, so we set

vi /etc/nginx/nginx.conf

[...]
worker_processes 8;
[...]

Keepalive_timeout, sendfile, tcp_nopush, tcp_nodelay

Continue reading “Tuning Nginx for Maximum Performance” »

Share

413 Request Entity Too Large

If you’re getting 413 Request Entity Too Large errors trying to upload with nginx.net/, you need to increase the size limit in nginx.conf . Add ‘client_max_body_size xxM’ inside the server section, where xx is the size (in megabytes) that you want to allow.

http {
 include mime.types;
 default_type application/octet-stream;
 sendfile on;
 keepalive_timeout 65;
server {
 client_max_body_size 20M;
 listen 80;
 server_name localhost;
# Main location
 location / {
 proxy_pass http://127.0.0.1:8000/;
 }
 }
}
Share

Nginx- Allow Directory browsing

Enabling directory listing in a folder in nginx is simple enough with just an autoindex on;directive inside the location directive. You can also enable sitewide directory listing by putting it in the server block or even enable directory access for all sites by putting it in the http block.

An example config file:

server {
 listen 80;
 server_name domain.com www.domain.com;
 access_log /var/...........................;
 root /path/to/root;
 location / {
 index index.php index.html index.htm;
 }
 location /somedir {
 autoindex on;
 }
}
Share

Reverse Proxy with Caching

A Sample Nginx Reverse proxy configuration- an alternative to Varnish cache (kind of more simplistic)-

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;
events {
 worker_connections 768;
 # multi_accept on;
}
http {
 proxy_cache_path /cache levels=1:2 keys_zone=STATIC:10m
 inactive=24h max_size=1g;
 server {
 location / {
 proxy_pass http://127.0.0.1:8080;
 proxy_set_header Host $host;
 proxy_cache STATIC;
 proxy_cache_valid 200 1d;
 proxy_cache_use_stale error timeout invalid_header updating
 http_500 http_502 http_503 http_504;
 }
 }
}
Share

Nginx wordpress fancy URL or permalink fixing

If your wordpress is installed in the root directory i.e. yourdomain.com, you can use the following directives-

location / {
try_files $uri $uri/ /index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;

location ~* \.(jpg|jpeg|png|gif|css|js|ico)$ {
expires max;
log_not_found off;
}

Or if your wordpress is installed inside a sub-directory the directive will be a bit different-

location /test/site1 {
try_files $uri $uri/ /test/site1/index.php?$args;
}

# Add trailing slash to */wp-admin requests.
rewrite /test/site1/wp-admin$ $scheme://$host$uri/ permanent;

Share