BestHub
Sign in
Operations 21 min read

Comprehensive Guide to Installing Nginx, Configuring Reverse Proxy, Load Balancing, SSL, and High‑Availability with Keepalived and LVS

This article provides a step‑by‑step tutorial on installing Nginx, setting up reverse proxy and various load‑balancing methods, configuring upstream directives, enabling SSL, and building high‑availability clusters using Keepalived and LVS with detailed command examples and configuration snippets.

Laravel Tech Community
Laravel Tech Community
Laravel Tech Community
Comprehensive Guide to Installing Nginx, Configuring Reverse Proxy, Load Balancing, SSL, and High‑Availability with Keepalived and LVS

This guide walks through the complete process of installing Nginx on a Linux system, including prerequisite packages such as gcc, pcre, zlib, and OpenSSL.

yum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl openssl-devel

After extracting the source, create a temporary directory, then configure the build with a custom prefix and various paths.

./configure \
    --prefix=/usr/local/nginx \
    --pid-path=/var/run/nginx/nginx.pid \
    --lock-path=/var/lock/nginx.lock \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --with-http_gzip_static_module \
    --http-client-body-temp-path=/var/temp/nginx/client \
    --http-proxy-temp-path=/var/temp/nginx/proxy \
    --http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
    --http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
    --http-scgi-temp-path=/var/temp/nginx/scgi

Compile and install, then start or stop Nginx using the provided commands.

make
make install
nginx          # start
./nginx -s stop   # stop
./nginx -s reload # reload

For reverse‑proxy configuration, define an upstream block with backend servers and a server block that proxies requests.

upstream myapp {
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

server {
    listen 80;
    server_name www.tomcats.com;
    location / {
        proxy_pass http://myapp;
    }
}

Nginx supports several load‑balancing algorithms. Examples include weighted round‑robin, ip_hash , URL hash, and least connections, each with its own upstream syntax.

# weighted round‑robin
upstream myapp {
    server 192.168.1.173:8080 weight=1;
    server 192.168.1.174:8080 weight=5;
    server 192.168.1.175:8080 weight=2;
}

# ip_hash
upstream myapp {
    ip_hash;
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

# least_conn
upstream myapp {
    least_conn;
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

Additional upstream parameters such as max_conns , slow_start , down , backup , max_fails , and fail_timeout can fine‑tune behavior.

To enable HTTPS, compile Nginx with the --with-http_ssl_module flag, place the .crt and .key files in /usr/local/nginx/conf , and add an SSL server block.

server {
    listen 443;
    server_name www.example.com;
    ssl on;
    ssl_certificate 1_www.example.com_bundle.crt;
    ssl_certificate_key 2_www.example.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://myapp/;
    }
}

High availability can be achieved with Keepalived. Install it, configure keepalived.conf with a global_defs block, a vrrp_instance defining the virtual IP, and optional health‑check scripts for Nginx.

global_defs {
    router_id keep_171
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.161
    }
}

vrrp_script check_nginx_alive {
    script "/etc/keepalived/check_nginx_alive_or_not.sh"
    interval 2
    weight 10
}

The accompanying Bash script checks if Nginx is running and restarts it or triggers failover.

#!/bin/bash
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ]; then
    /usr/local/nginx/sbin/nginx
    sleep 3
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        killall keepalived
    fi
fi

LVS (Linux Virtual Server) can be combined with Nginx for layer‑4 load balancing. The three LVS modes—NAT, TUN, and DR—are described, and a DR‑mode cluster is built using ipvsadm commands.

# create virtual service
ipvsadm -A -t 192.168.1.150:80 -s rr -p 5
# add real servers
ipvsadm -a -t 192.168.1.150:80 -r 192.168.1.171:80 -g
ipvsadm -a -t 192.168.1.150:80 -r 192.168.1.172:80 -g
# save rules
ipvsadm -S

System configuration for ARP handling, virtual interface creation, and routing ensures the VIP works correctly. Finally, Keepalived can manage the LVS cluster, providing automatic failover between master and backup nodes.

virtual_server 192.168.1.150 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 5
    protocol TCP
    real_server 192.168.1.171 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 2
            nb_get_retry 2
            delay_before_retry 3
        }
    }
}

By following these steps, you can deploy a robust, secure, and highly available Nginx‑based service architecture.

high availabilityload balancingnginxReverse ProxySSLLVSkeepalived
Laravel Tech Community
Written by

Laravel Tech Community

Specializing in Laravel development, we continuously publish fresh content and grow alongside the elegant, stable Laravel framework.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment