100-Days-Of-DevOps-Challenge-KodeKloud

Install and Configure NGINX as Load Balancer

Day by day traffic is increasing on one of the websites managed by the Nautilus production support team. Therefore, the team has observed a degradation in website performance. Following discussions about this issue, the team has decided to deploy this application on a high availability stack i.e on Nautilus infra in Stratos DC. They started the migration last month and it is almost done, as only the LBR server configuration is pending. Configure LBR server as per the information given below:

• Install nginx on LBR server
• Configure load-balancing with the an http context making use of all App Servers. Ensure that you update only the main Nginx configuration file located at /etc/nginx/nginx.conf
• Make sure you do not update the apache port that is already defined in the apache configuration on all app servers, also make sure apache server is up and running on all app servers
• Once done, you can access the website using StaticApp button on the top bar

Steps

1. Login into each app server and make sure httpd service is running. We have to find in which port they are running:

    sudo ss -tlnup
   

    Netid     State      Recv-Q     Send-Q         Local Address:Port            Peer Address:Port     Process                                                                                            
    udp       UNCONN     0          0                 127.0.0.11:45089                0.0.0.0:*                                                                                                           
    tcp       LISTEN     0          511                  0.0.0.0:5001                 0.0.0.0:*         users:(("httpd",pid=1690,fd=3),("httpd",pid=1689,fd=3),("httpd",pid=1688,fd=3),("httpd",pid=1680,fd=3))
    tcp       LISTEN     0          128                  0.0.0.0:22                   0.0.0.0:*         users:(("sshd",pid=1102,fd=3))                                                                    
    tcp       LISTEN     0          4096              127.0.0.11:42483                0.0.0.0:*                                                                                                           
    tcp       LISTEN     0          128                     [::]:22                      [::]:*         users:(("sshd",pid=1102,fd=4))                  
   

   Apache service is running on port: 5001

2. Login into lbr server and install nginx

    sudo yum install nginx -y
    sudo systemctl enable nginx
    sudo systemctl start nginx
   

3. Configure Load Balancer, lets modify /etc/nginx/nginx.conf:

   • First, lets add upstream servers. copy and paste following servers inside http section just before server:80 in /etc/nginx/nginx.conf file:

           upstream stapp {
           server stapp01:5001;
           server stapp02:5001;
           server stapp03:5001;
       }
     

   • Then redirect call to these server using proxy_pass, copy paste following lines inside server:80:

       location / {
           proxy_pass http://stapp;
           proxy_set_header Host $host;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto $scheme;
     
           proxy_http_version 1.1;
           proxy_set_header Upgrade $http_upgrade;
           proxy_set_header Connection "upgrade";
     
           proxy_connect_timeout 5s;
           proxy_read_timeout 60s;
       }
     

   • Done, lets check config is okay and restart nginx server:

       sudo nginx -t
       sudo systemctl restart nginx
     

Full NGINX LBR Configuration

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}


http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    upstream stapp {
        server stapp01:5001;
        server stapp02:5001;
        server stapp03:5001;
    }

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        #root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }

        location / {
            proxy_pass http://stapp;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            proxy_connect_timeout 5s;
            proxy_read_timeout 60s;
        }
    }

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#            location = /40x.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#            location = /50x.html {
#        }
#    }

}

Good to Know?

Load Balancing Fundamentals

• Purpose: Distribute incoming requests across multiple servers
• Benefits: High availability, scalability, fault tolerance
• Algorithms: Round-robin (default), least connections, IP hash
• Health Checks: Monitor backend server availability

NGINX Load Balancing

• Upstream Block: Define backend server pool
• Proxy Pass: Forward requests to upstream servers
• Load Methods: round_robin, least_conn, ip_hash, random
• Server Weights: server backend1:80 weight=3;

Proxy Headers

• Host: Preserve original host header
• X-Real-IP: Client’s real IP address
• X-Forwarded-For: Chain of proxy IPs
• X-Forwarded-Proto: Original protocol (HTTP/HTTPS)

High Availability Features

• Backup Servers: server backend4:80 backup;
• Health Checks: Automatic failure detection
• Session Persistence: Sticky sessions with ip_hash
• SSL Termination: Handle SSL at load balancer level

This site is open source. Improve this page.