BestHub
Sign in
Operations 23 min read

Comprehensive Guide to Installing Nginx, Configuring Reverse Proxy, Load Balancing, SSL, Keepalived, LVS, and High‑Availability Clusters

This tutorial walks through installing Nginx from source, setting up upstream reverse‑proxy groups, configuring various load‑balancing methods (weight, IP hash, URL hash, least connections), enabling SSL, deploying Keepalived for failover, and building an LVS‑DR high‑availability cluster with detailed command‑line examples.

IT Xianyu
IT Xianyu
IT Xianyu
Comprehensive Guide to Installing Nginx, Configuring Reverse Proxy, Load Balancing, SSL, Keepalived, LVS, and High‑Availability Clusters

1. Nginx Installation

1.1 Download the stable package from the official site

Visit nginx.org and download the appropriate tarball.

1.2 Upload to the Linux host

Transfer the tar.gz file to the target server.

1.3 Install dependencies

(1) GCC:

yum install gcc-c++

(2) PCRE (regular‑expression library):

yum install -y pcre pcre-devel

(3) Zlib (compression library):

yum install -y zlib zlib-devel

(4) OpenSSL (HTTPS support):

yum install -y openssl openssl-devel

1.4 Extract source code

tar -zxvf nginx-1.16.1.tar.gz

1.5 Create temporary directory

mkdir /var/temp/nginx -p

1.6 Configure build options

./configure \
    --prefix=/usr/local/nginx \
    --pid-path=/var/run/nginx/nginx.pid \
    --lock-path=/var/lock/nginx.lock \
    --error-log-path=/var/log/nginx/error.log \
    --http-log-path=/var/log/nginx/access.log \
    --with-http_gzip_static_module \
    --http-client-body-temp-path=/var/temp/nginx/client \
    --http-proxy-temp-path=/var/temp/nginx/proxy \
    --http-fastcgi-temp-path=/var/temp/nginx/fastcgi \
    --http-uwsgi-temp-path=/var/temp/nginx/uwsgi \
    --http-scgi-temp-path=/var/temp/nginx/scgi

Note: the backslashes indicate line continuation for readability.

1.7 Compile and install

make
make install

1.8 Start/stop/reload

启动:nginx
停止:./nginx -s stop
重新加载:./nginx -s reload

2. Configure Reverse Proxy

Define an upstream block with backend servers:

upstream [proxyName] {
    server 192.168.1.173:8080;
    server 192.168.1.174:8080;
    server 192.168.1.175:8080;
}

Then reference it in a server block:

server {
    listen 80;
    server_name www.tomcats.com;
    location / {
        proxy_pass http://[proxyName];
    }
}

3. Load‑Balancing Methods

Nginx uses round‑robin by default. Additional methods:

Weighted round‑robin – add weight= to each server.

IP hash – use ip_hash directive for source‑IP based persistence.

URL hash – hash $request_url for URL‑based distribution.

Least connections – least_conn to send new requests to the server with the fewest active connections.

4. Upstream Directive Parameters

max_conns : limit maximum concurrent connections (commercial edition before 1.11.5).

slow_start : gradually increase weight over seconds (not for hash or random).

down : mark server as unavailable.

backup : designate a backup server.

max_fails : number of failures before marking down (default 1).

fail_timeout : time window for failure counting (default 10 s).

5. SSL Configuration

Ensure the http_ssl_module is compiled (see the --with-http_ssl_module flag in the configure step). Copy *.crt and *.key files to /usr/local/nginx/conf and add a server block listening on 443:

server {
    listen 443;
    server_name www.imoocdsp.com;
    ssl on;
    ssl_certificate 1_www.imoocdsp.com_bundle.crt;
    ssl_certificate_key 2_www.imoocdsp.com.key;
    ssl_session_cache shared:SSL:1m;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;
    location / {
        proxy_pass http://tomcats/;
        index index.html index.htm;
    }
}

6. Keepalived Installation and Configuration

Download, extract, and compile Keepalived:

https://www.keepalived.org/download.html
 tar -zxvf keepalived-2.0.18.tar.gz
 ./configure --prefix=/usr/local/keepalived --sysconf=/etc
 make && make install

Create /etc/keepalived/keepalived.conf with a global_defs section, a vrrp_instance defining MASTER/BACKUP state, virtual IP, and authentication, then add a virtual_server block that points to the real Nginx servers.

Example Master configuration

global_defs {
    router_id keep_171
}

vrrp_instance VI_1 {
    state MASTER
    interface ens33
    virtual_router_id 51
    priority 100
    advert_int 2
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.1.161
    }
}

virtual_server 192.168.1.150 80 {
    delay_loop 6
    lb_algo rr
    lb_kind DR
    persistence_timeout 5
    protocol TCP
    real_server 192.168.1.171 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 2
            nb_get_retry 2
            delay_before_retry 3
        }
    }
    real_server 192.168.1.172 80 {
        weight 1
        TCP_CHECK {
            connect_port 80
            connect_timeout 2
            nb_get_retry 2
            delay_before_retry 3
        }
    }
}

Backup configuration is similar, with state BACKUP and a lower priority .

7. LVS (Linux Virtual Server) DR Mode

LVS provides high‑performance layer‑4 load balancing. Three modes exist: NAT, TUN, and DR. The guide focuses on DR (direct routing) because it avoids packet rewriting and offers higher throughput.

Key steps

Disable NetworkManager to avoid interface conflicts.

Create a virtual IP on the LVS node (e.g., 192.168.1.150 ) by copying ifcfg-ens33 to ifcfg-ens33:1 and setting IPADDR=192.168.1.150 .

Install ipvsadm and configure ARP settings in /etc/sysctl.conf : net.ipv4.conf.all.arp_ignore = 1 net.ipv4.conf.default.arp_ignore = 1 net.ipv4.conf.lo.arp_ignore = 1 net.ipv4.conf.all.arp_announce = 2 net.ipv4.conf.default.arp_announce = 2 net.ipv4.conf.lo.arp_announce = 2

Add a host route for the virtual IP on lo:1 and persist it in /etc/rc.local . route add -host 192.168.1.150 dev lo:1

Configure the LVS cluster with ipvsadm : # Create virtual service ipvsadm -A -t 192.168.1.150:80 -s rr -p 5 # Add real servers (DR mode) ipvsadm -a -t 192.168.1.150:80 -r 192.168.1.171:80 -g ipvsadm -a -t 192.168.1.150:80 -r 192.168.1.172:80 -g # Save rules ipvsadm -S

8. Combining Keepalived, LVS, and Nginx for a High‑Availability Cluster

Clear any existing ipvsadm configuration ( ipvsadm -C ), then use Keepalived on the LVS node to manage the virtual IP and health‑check the Nginx back‑ends as shown in the Master/Backup examples above. Restart Keepalived to apply the configuration.

After these steps, accessing the virtual IP (e.g., 192.168.1.150 ) will distribute traffic across the Nginx servers with failover handled automatically by Keepalived.

High AvailabilityLoad BalancingNginxReverse ProxySSLLVSKeepalived
IT Xianyu
Written by

IT Xianyu

We share common IT technologies (Java, Web, SQL, etc.) and practical applications of emerging software development techniques. New articles are posted daily. Follow IT Xianyu to stay ahead in tech. The IT Xianyu series is being regularly updated.

0 followers
Reader feedback

How this landed with the community

login Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment