BestHub
Sign in
Operations 24 min read

Comprehensive Guide to Installing Nginx, Configuring Reverse Proxy, Load Balancing, SSL, Keepalived, and LVS High‑Availability

This tutorial walks through installing Nginx, setting up upstream reverse‑proxy rules, configuring various load‑balancing algorithms, enabling SSL, deploying Keepalived for failover, and building an LVS‑DR high‑availability cluster with detailed commands and configuration examples.

Architecture Digest
Architecture Digest
Architecture Digest
Comprehensive Guide to Installing Nginx, Configuring Reverse Proxy, Load Balancing, SSL, Keepalived, and LVS High‑Availability

1. Install Nginx

Download the stable package from http://nginx.org/ , upload it to the Linux host, and install required dependencies:

yum install gcc-c++
yum install -y pcre pcre-devel
yum install -y zlib zlib-devel
yum install -y openssl openssl-devel

Extract the source, create a temporary directory, configure, compile and install:

tar -zxvf nginx-1.16.1.tar.gz
mkdir /var/temp/nginx -p
./configure \
    --prefix=/usr/local/nginx \
    --pid-path=/var/run/nginx/nginx.pid \
    --lock-path=/var/lock/nginx.lock \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --with-http_gzip_static_module \
    --http-client-body-temp-path=/var/temp/nginx/client \
    --http-proxy-temp-path=/var/temp/nginx/proxy \
    --http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
    --http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
    --http-scgi-temp-path=/var/temp/nginx/scgi
make
make install

Start/stop/reload Nginx from the sbin directory:

nginx          # start
./nginx -s stop   # stop
./nginx -s reload # reload

2. Configure Reverse Proxy

Define an upstream block with backend servers and a server block that proxies requests:

upstream proxyName {
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

server {
    listen 80;
    server_name www.tomcats.com;
    location / {
        proxy_pass http://proxyName;
    }
}

3. Load‑Balancing Methods

Nginx uses round‑robin by default. Additional methods can be configured in the upstream block:

Weighted round‑robin: add weight= to each server.

IP hash: ip_hash; for source‑IP based persistence.

URL hash: hash $request_url;

Least connections: least_conn;

Example of weighted round‑robin:

upstream proxyName {
    server 192.168.1.173:8080 weight=1;
    server 192.168.1.174:8080 weight=5;
    server 192.168.1.175:8080 weight=2;
}

4. Upstream Directive Parameters

max_conns : limit maximum concurrent connections (commercial edition before 1.11.5).

slow_start : gradually increase weight over seconds (not for hash methods).

down : mark server as unavailable.

backup : designate a backup server.

max_fails : number of failures before marking a server down (default 1).

fail_timeout : time to consider a failure (default 10 s).

5. Enable HTTPS

Compile Nginx with the http_ssl_module and place the *.crt and *.key files in /usr/local/nginx/conf . Add a server listening on port 443:

server {
    listen 443;
    server_name www.imoocdsp.com;
    ssl on;
    ssl_certificate 1_www.imoocdsp.com_bundle.crt;
    ssl_certificate_key 2_www.imoocdsp.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://tomcats/;
        index index.html index.htm;
    }
}

6. Install and Configure Keepalived

Download, extract, configure and install Keepalived (example version 2.0.18):

https://www.keepalived.org/download.html
tar -zxvf keepalived-2.0.18.tar.gz
./configure --prefix=/usr/local/keepalived --sysconf=/etc
make && make install

Edit /etc/keepalived/keepalived.conf to define a VRRP instance and optional health‑check scripts. Example master configuration:

global_defs {
    router_id keep_171
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.161
    }
}

Register Keepalived as a system service, reload systemctl daemon-reload , and start/stop/restart with systemctl .

Example script to monitor Nginx and restart it if it crashes (placed in /etc/keepalived/check_nginx_alive_or_not.sh )

#!/bin/bash
A=`ps -C nginx --no-header | wc -l`
if [ $A -eq 0 ]; then
    /usr/local/nginx/sbin/nginx
    sleep 3
    if [ `ps -C nginx --no-header | wc -l` -eq 0 ]; then
        killall keepalived
    fi
fi

Register the script in the Keepalived configuration:

vrrp_script check_nginx_alive {
    script "/etc/keepalived/check_nginx_alive_or_not.sh"
    interval 2
    weight 10
}

track_script { check_nginx_alive }

7. LVS (Linux Virtual Server) High‑Availability

Three LVS modes are described:

NAT : all traffic passes through the LVS node.

TUN : a tunnel is created; replies bypass LVS.

DR : Direct Routing – replies are sent directly from real servers.

Example DR‑mode setup using ipvsadm :

# Disable NetworkManager to avoid interface conflicts
systemctl stop NetworkManager
systemctl disable NetworkManager

# Create a virtual IP on the LVS node
ip addr add 192.168.1.150/24 dev eth0 label eth0:1

# Install ipvsadm
yum install ipvsadm

# Create the virtual service
ipvsadm -A -t 192.168.1.150:80 -s rr -p 5

# Add real servers in DR mode
ipvsadm -a -t 192.168.1.150:80 -r 192.168.1.171:80 -g
ipvsadm -a -t 192.168.1.150:80 -r 192.168.1.172:80 -g

# Save the configuration
ipvsadm -S

Adjust ARP settings in /etc/sysctl.conf to avoid duplicate‑IP problems:

net.ipv4.conf.all.arp_ignore = 1
net.ipv4.conf.default.arp_ignore = 1
net.ipv4.conf.lo.arp_ignore = 1
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.lo.arp_announce = 2

Apply with sysctl -p and add a static route for the VIP:

route add -host 192.168.1.150 dev lo:1
echo "route add -host 192.168.1.150 dev lo:1" >> /etc/rc.local

8. Combine Keepalived, LVS, and Nginx

Configure Keepalived on the LVS node to manage the virtual IP and define a virtual_server block that points to the Nginx real servers. Example master Keepalived snippet (DR mode):

global_defs { router_id keep_151 }

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 41
    priority 100
    advert_int 1
    authentication { auth_type PASS; auth_pass 1111; }
    virtual_ipaddress { 192.168.1.150 }
}

virtual_server 192.168.1.150 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 5
    protocol TCP
    real_server 192.168.1.171 80 {
        weight 1
        TCP_CHECK { connect_port 80; connect_timeout 2; nb_get_retry 2; delay_before_retry 3; }
    }
    real_server 192.168.1.172 80 {
        weight 1
        TCP_CHECK { connect_port 80; connect_timeout 2; nb_get_retry 2; delay_before_retry 3; }
    }
}

Deploy a matching backup configuration on the secondary node (state BACKUP, lower priority). Restart Keepalived on both nodes; the virtual IP will float between them, providing seamless failover for the Nginx‑LVS cluster.

This guide therefore covers the full lifecycle from Nginx installation to a production‑grade, highly available load‑balancing solution using Keepalived and LVS.

High AvailabilityLoad BalancingNginxReverse ProxySSLLVSKeepalived
Architecture Digest
Written by

Architecture Digest

Focusing on Java backend development, covering application architecture from top-tier internet companies (high availability, high performance, high stability), big data, machine learning, Java architecture, and other popular fields.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment