Operations 25 min read

Comprehensive Guide to Installing Nginx, Configuring Reverse Proxy, Load Balancing, and High Availability with Keepalived and LVS

This article provides a step‑by‑step tutorial on installing Nginx, setting up reverse proxy and various load‑balancing methods, configuring upstream directives, deploying Keepalived for high‑availability failover, and building an LVS‑DR cluster to achieve robust, production‑grade traffic distribution.

Top Architect

Jan 12, 2023

Comprehensive Guide to Installing Nginx, Configuring Reverse Proxy, Load Balancing, and High Availability with Keepalived and LVS

The guide walks through the complete process of preparing a Linux server for high‑availability web traffic handling using Nginx, Keepalived, and LVS.

1. Nginx Installation

1.1 Download Nginx

Visit nginx.org and download the stable version.

1.2 Upload to Linux and install dependencies

yum install gcc-c++

yum install -y pcre pcre-devel

yum install -y zlib zlib-devel

yum install -y openssl openssl-devel

1.3 Extract source

tar -zxvf nginx-1.16.1.tar.gz

1.4 Create temporary directory

mkdir /var/temp/nginx -p

1.5 Configure and compile

./configure \
    --prefix=/usr/local/nginx \
    --pid-path=/var/run/nginx/nginx.pid \
    --lock-path=/var/lock/nginx.lock \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --with-http_gzip_static_module \
    --http-client-body-temp-path=/var/temp/nginx/client \
    --http-proxy-temp-path=/var/temp/nginx/proxy \
    --http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
    --http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
    --http-scgi-temp-path=/var/temp/nginx/scgi

Note: the backslashes indicate line continuation for readability.

make
make install

1.6 Start/stop Nginx

启动：nginx
停止：./nginx -s stop
重新加载：./nginx -s reload

2. Configure Reverse Proxy

upstream [proxyName] {
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

server {
    listen 80;
    server_name www.tomcats.com;
    location / {
        proxy_pass http://tomcats;
    }
}

3. Load‑Balancing Methods

Nginx defaults to round‑robin. Additional methods include weighted round‑robin, ip_hash , URL hash, and least connections.

upstream [proxyName] {
    server 192.168.1.173:8080 weight=1;
    server 192.168.1.174:8080 weight=5;
    server 192.168.1.175:8080 weight=2;
}

upstream [proxyName] {
    ip_hash;
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

upstream [proxyName] {
    hash $request_url;
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

upstream [proxyName] {
    least_conn;
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

Upstream directive parameters

max_conns : limit maximum concurrent connections (commercial edition before 1.11.5)

slow_start : weight ramps up over seconds (not for hash or random)

down : mark server as unavailable

backup : backup server used only when others fail

max_fails : failures before marking down (default 1)

fail_timeout : time to consider a server failed (default 10s)

4. Keepalived Installation and Configuration

4.1 Install Keepalived

https://www.keepalived.org/download.html

tar -zxvf keepalived-2.0.18.tar.gz

./configure --prefix=/usr/local/keepalived --sysconf=/etc

make && make install

4.2 Basic keepalived.conf

global_defs {
    router_id keep_171
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.161
    }
}

4.3 Script for Nginx health check

#!/bin/bash
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ]; then
    /usr/local/nginx/sbin/nginx
    sleep 3
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        killall keepalived
    fi
fi

chmod +x /etc/keepalived/check_nginx_alive_or_not.sh

vrrp_script check_nginx_alive {
    script "/etc/keepalived/check_nginx_alive_or_not.sh"
    interval 2
    weight 10
}

track_script { check_nginx_alive }

5. LVS (Linux Virtual Server) High‑Availability Setup

5.1 Why combine LVS + Nginx

LVS operates at layer‑4 offering higher throughput, while Nginx provides layer‑7 processing; together they give both performance and flexibility.

5.2 LVS modes

NAT : all traffic passes through LVS, suitable for small clusters.

TUN : creates a tunnel; real servers reply directly to clients.

DR : Direct Routing; real servers reply via the original client IP, avoiding NAT.

5.3 DR mode configuration steps

Disable NetworkManager to avoid interface conflicts.

Create a virtual IP on the LVS node (e.g., 192.168.1.150).

Install ipvsadm.

Configure real servers (RS) with the same virtual IP on loopback.

Set ARP behavior to avoid IP conflict.

Add a host route for the VIP.

Define LVS cluster with ipvsadm.

5.4 LVS load‑balancing algorithms

Static: rr, wrr, sh, dh

Dynamic: lc, wlc, sed, nq

6. Keepalived + LVS + Nginx High‑Availability Cluster

6.1 Master LVS keepalived.conf

global_defs { router_id keep_151 }

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 41
    priority 100
    advert_int 1
    authentication { auth_type PASS auth_pass 1111 }
    virtual_ipaddress { 192.168.1.150 }
}

virtual_server 192.168.1.150 80 {
    delay_loop 6
    lb_algo rr
    lb-kind DR
    persistence_timeout 5
    protocol TCP
    real_server 192.168.1.171 80 {
        weight 1
        TCP_CHECK { connect_port 80 connect_timeout 2 nb_get_retry 2 delay_before_retry 3 }
    }
    real_server 192.168.1.172 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 2 nb_get_retry 2 delay_before_retry 3 } }
}

6.2 Backup LVS keepalived.conf (state BACKUP, lower priority)

global_defs { router_id keep_152 }

vrrp_instance VI_1 {
    state BACKUP
    interface ens33
    virtual_router_id 41
    priority 50
    advert_int 1
    authentication { auth_type PASS auth_pass 1111 }
    virtual_ipaddress { 192.168.1.150 }
}

virtual_server 192.168.1.150 80 {
    delay_loop 6
    lb_algo rr
    lb-kind DR
    persistence_timeout 5
    protocol TCP
    real_server 192.168.1.171 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 2 nb_get_retry 2 delay_before_retry 3 } }
    real_server 192.168.1.172 80 { weight 1 TCP_CHECK { connect_port 80 connect_timeout 2 nb_get_retry 2 delay_before_retry 3 } }
}

6.3 Start services

systemctl restart keepalived
systemctl restart nginx

After these steps, the virtual IP (192.168.1.150) will float between the master and backup nodes, providing seamless failover for Nginx‑served applications.

high availability load balancing linux nginx LVS keepalived

Written by

Top Architect

Top Architect focuses on sharing practical architecture knowledge, covering enterprise, system, website, large‑scale distributed, and high‑availability architectures, plus architecture adjustments using internet technologies. We welcome idea‑driven, sharing‑oriented architects to exchange and learn together.

0 followers

Reader feedback

How this landed with the community

Rate this article

Was this worth your time?

Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.