Nginx Load-Balancing Algorithms and Reverse-Proxy Best Practices

Enviroment

Role IP Address
LB 10.240.35.55
web1 10.240.35.56
web2 10.240.35.57
web3 10.240.35.58

Basic Round-Robin

Load-Balancer

upstream backend_pool {
    server 10.240.35.56:80;
    server 10.240.35.57:80;
    server 10.240.35.58:80;
}

server {
    listen 80;
    server_name www.demo.com;
    location / {
        proxy_pass http://backend_pool;
    }
}

server {
    listen 80;
    server_name bbs.demo.com;
    location / {
        proxy_pass http://backend_pool;
    }
}

server {
    listen 80;
    server_name api.demo.com;
    location / {
        proxy_pass http://backend_pool;
    }
}

Backend Nodes

# web1
server {
    listen 80;
    server_name www.demo.com;
    root /var/www/html;
    index index.html;
}

# web2
server {
    listen 80;
    server_name bbs.demo.com;
    root /var/bbs/html;
    index index.html;
}

# web3
server {
    listen 80;
    server_name api.demo.com;
    root /var/api/html;
    index index.html;
}

Weighted Round-Robin

upstream backend_pool {
    server 10.240.35.56:80 weight=3;
    server 10.240.35.57:80 weight=2;
    server 10.240.35.58:80 weight=1;
}

The node with weight=1 receives roughly one-sixth of the trafffic.

Backup Node

upstream backend_pool {
    server 10.240.35.56:80;
    server 10.240.35.57:80;
    server 10.240.35.58:80 backup;
}

Traffic reaches the backup server only when the first two are down.

Health Checks

upstream backend_pool {
    server 10.240.35.56:80 max_fails=5 fail_timeout=10s;
    server 10.240.35.57:80 max_fails=5 fail_timeout=10s;
    server 10.240.35.58:80 max_fails=5 fail_timeout=10s;
}
  • max_fails: consecutive failures before marking a node as unhealthy.
  • fail_timeout: interval to retry the failed node.

IP Hash (Session Affinity)

upstream backend_pool {
    ip_hash;
    server 10.240.35.56:80;
    server 10.240.35.57:80;
    server 10.240.35.58:80;
}

A client IP is consistently routed to the same backend.

Reverse-Proxy Enhancements

Preserve Host Header

Without the directive below, all virtual hosts resolve to the first server block.

location / {
    proxy_pass http://backend_pool;
    proxy_set_header Host $host:$server_port;
}

Forward Real Client IP

location / {
    proxy_pass http://backend_pool;
    proxy_set_header Host $host:$server_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

Failover on Errors

location / {
    proxy_pass http://backend_pool;
    proxy_set_header Host $host:$server_port;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_next_upstream error timeout invalid_header http_502 http_503 http_504 http_404;
}

proxy_next_upstream instructs Nginx to retry the request on thenext healthy node when the listed conditiosn occur.

Tags: nginx load-balancing reverse-proxy round-robin ip-hash

Posted on Sat, 09 May 2026 23:02:59 +0000 by bbristow

Hot Tags

©2026 Freaks City