Master Nginx: From Basics to Load Balancing, Reverse Proxy, and High Availability

Nginx Overview

Nginx is a high‑performance HTTP server and reverse proxy. It uses little memory and can handle tens of thousands of concurrent connections (reports of up to 50,000).

Proxy Types

Forward Proxy

Clients inside a LAN that cannot reach the Internet directly send their requests to a forward‑proxy server, which then forwards the traffic to the external destination.

Reverse Proxy

Clients are unaware of the proxy. They send requests to the reverse‑proxy server, which selects a backend server, forwards the request, and returns the response, thereby hiding the real server IP.

Load Balancing

When a single server cannot satisfy traffic demand, additional servers are added and requests are distributed among them. For example, 15 incoming requests can be evenly split across three backend servers, each handling five requests.

Static‑Dynamic Separation

Separating static assets (images, CSS, JS) from dynamic content (generated by application servers) reduces load on backend servers and speeds up page rendering. Nginx serves static files directly, while dynamic requests are proxied to application servers such as Tomcat.

Installing Nginx on Linux

Download the source package or use the system package manager (e.g., yum install nginx -y on CentOS, apt-get install nginx on Debian/Ubuntu). After installation, the main configuration file is typically located at /etc/nginx/nginx.conf.

Common Nginx Commands

# Show version
./nginx -v

# Start Nginx
./nginx

# Stop or gracefully quit
./nginx -s stop
./nginx -s quit

# Reload configuration without dropping connections
./nginx -s reload

Nginx Configuration Structure

Global Block

Settings that affect the whole Nginx process, such as worker_processes (usually set to the number of CPU cores) and error_log.

Events Block

Controls low‑level network handling, e.g., worker_connections (maximum simultaneous connections per worker) and multi_accept.

HTTP Block

Contains server definitions, reverse‑proxy rules, load‑balancing groups, and location directives.

Location Directive Syntax

location [ = | ~ | ~* | ^~ ] url { ... }

= – exact match, stops further searching.

~ – case‑sensitive regular expression.

~* – case‑insensitive regular expression.

^~ – prefix match with highest priority, no regex processing.

Reverse Proxy Practical Example

Goal

Map the domain www.123.com (or a custom IP address) to two Tomcat instances running on ports 8080 and 8081.

Steps

Deploy two Tomcat instances listening on 8080 and 8081.

Create an Nginx server block that listens on port 9001 and proxies: /edu/ →

http://127.0.0.1:8080

/vod/

→

http://127.0.0.1:8081

After reloading Nginx ( ./nginx -s reload), requests to http://192.168.25.132:9001/edu/ are served by Tomcat 8080, while /vod/ goes to Tomcat 8081.

Load Balancing Practical Example

Define an upstream group and apply a load‑balancing method.

upstream backend {
    # round‑robin (default)
    server 192.168.25.132:8080;
    server 192.168.25.132:8081;
    # optional: weight 2;
    # optional: least_conn;
    # optional: ip_hash;
}

server {
    listen 80;
    location / {
        proxy_pass http://backend;
    }
}

Supported methods:

Round‑robin (default)

Weight – servers with higher weight receive more requests.

Least‑conn – prefers the server with the fewest active connections.

IP‑hash – hashes client IP to a specific backend, useful for session persistence.

Static‑Dynamic Separation Practical Example

Configure Nginx to serve static assets directly and proxy dynamic requests to Tomcat.

server {
    listen 80;
    root /var/www/html;   # directory with static files

    location /static/ {
        # static files served by Nginx
    }

    location / {
        proxy_pass http://127.0.0.1:8080;   # Tomcat handles dynamic content
    }
}

High Availability with keepalived

Deploy two Nginx instances and use keepalived to provide a virtual IP (VIP). If the primary Nginx fails, the backup takes over automatically.

Installation

# yum install keepalived -y
# rpm -q keepalived   # verify installation

Configuration ( /etc/keepalived/keepalived.conf )

global_defs {
    notification_email {
        [email protected]
        [email protected]
        [email protected]
    }
    notification_email_from [email protected]
    smtp_server 192.168.25.147
    smtp_connect_timeout 30
    router_id LVS_DEVEL
}

vrrp_script chk_nginx {
    script "/usr/local/src/nginx_check.sh"
    interval 2
    weight 2
}

vrrp_instance VI_1 {
    state BACKUP          # set MASTER on the primary node
    interface ens33
    virtual_router_id 51
    priority 90           # higher priority wins
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass 1111
    }
    virtual_ipaddress {
        192.168.25.50
    }
}

Start the service: # systemctl start keepalived.service Clients connect to 192.168.25.50. If the primary Nginx node goes down, the backup node assumes the VIP and continues serving traffic.

Underlying Architecture

Nginx runs a master process that spawns multiple worker processes. Each worker handles connections independently. For optimal performance, set worker_processes to the number of CPU cores.

Key Takeaways

Configure Nginx using global, events, and http blocks; adjust worker_processes and worker_connections for concurrency.

Use location modifiers (=, ~, ~*, ^~) to control URL matching and routing.

Implement reverse proxy, load balancing, and static‑dynamic separation to improve scalability and performance.

Achieve high availability with keepalived and a virtual IP, ensuring seamless failover.

Match the number of worker processes to CPU cores; the master‑worker model enables hot reloads and isolates failures.