Master Nginx Reverse Proxy & Load Balancing: Complete Configuration and Performance Tuning Guide

Nginx is a high‑performance HTTP server, reverse proxy and load balancer widely used in modern micro‑service and container deployments. It provides event‑driven concurrency, low resource consumption and a flexible module system.

Key Features

Event‑driven architecture enables handling of thousands of simultaneous connections.

Lightweight memory and CPU footprint.

Multiple built‑in load‑balancing algorithms (round‑robin, weight, IP‑hash, least_conn).

Extensible via third‑party modules.

Reverse Proxy

Concept

A reverse proxy receives client requests, forwards them to one or more backend servers, and returns the backend response to the client. It hides backend IPs, provides a single entry point and can cache static assets.

Basic Configuration

server {
    listen 80;
    server_name www.example.com;

    location / {
        proxy_pass http://backend_servers;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

upstream backend_servers {
    server 192.168.1.10:8080;
    server 192.168.1.11:8080;
}

upstream backend_servers

defines a pool named backend_servers containing two backend nodes.

The default round‑robin algorithm distributes requests evenly. listen 80; makes Nginx listen on the standard HTTP port. server_name www.example.com; matches requests for this domain. location / matches the root path and all sub‑paths. proxy_pass http://backend_servers; forwards traffic to the upstream pool. proxy_set_header directives preserve the original Host header and forward client IP information.

Load‑Balancing Strategies

Round Robin – sequential distribution (default).

Weight – traffic proportionally allocated based on a weight value.

IP hash – same client IP is consistently routed to the same backend.

least_conn – request is sent to the server with the fewest active connections.

least_conn Example

upstream backend_servers {
    least_conn;
    server 192.168.1.10;
    server 192.168.1.11;
}

Weighted Round‑Robin Example

upstream backend_servers {
    server 192.168.1.10 weight=3;
    server 192.168.1.11 weight=1;
}

Performance Optimisation

1. Gzip Compression

gzip on;
gzip_min_length 1k;
gzip_comp_level 5;
gzip_types text/plain text/css application/json application/javascript text/xml;

gzip on;

enables compression. gzip_min_length 1k; compresses responses ≥1 KB. gzip_comp_level 5; balances compression ratio and CPU usage. gzip_types … lists MIME types to compress (HTML, CSS, JS, JSON, XML, etc.).

2. Connection Reuse & Timeouts

keepalive_timeout 65;
client_max_body_size 20M;
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;

keepalive_timeout 65;

closes idle client connections after 65 seconds. client_max_body_size 20M; limits upload size to 20 MB. proxy_connect_timeout 60s; aborts if Nginx cannot reach the backend within 60 seconds. proxy_send_timeout 60s; and proxy_read_timeout 60s; protect against slow uploads or slow backend responses.

3. Worker Process Settings

worker_processes auto;
worker_connections 10240;
use epoll;

worker_processes auto;

creates one worker per CPU core. worker_connections 10240; allows each worker to handle up to 10 240 simultaneous connections, giving a theoretical maximum of worker_processes × worker_connections (e.g., 4 × 10240 ≈ 40 960).

4. Static Resource Caching

location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ {
    expires 30d;
    access_log off;
}

Regular‑expression location matches common static file extensions. expires 30d; tells browsers to cache the file for 30 days. access_log off; disables logging for these requests to reduce I/O load.

5. Proxy Cache for Backend APIs

proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=cache_one:10m inactive=60m;

location /api/ {
    proxy_cache cache_one;
    proxy_pass http://backend_api;
}

proxy_cache_path

defines the cache directory, hierarchical layout, a 10 MB shared memory zone named cache_one, and an inactivity timeout of 60 minutes.

The /api/ location enables this cache for API responses, reducing backend load and improving latency.

Practical Deployment Recommendations

Monitor system metrics with tools such as top, netstat, htop and iotop.

Configure health checks using fail_timeout and max_fails in the upstream block.

Automate HTTPS certificate issuance with Let’s Encrypt / Certbot.

Rotate logs regularly (e.g., using logrotate) to avoid disk pressure.

Combine firewall rules and a Web Application Firewall (WAF) for additional security.

Conclusion

Properly configuring Nginx as a reverse proxy, selecting an appropriate load‑balancing algorithm and applying the optimisation directives above can dramatically improve throughput, stability and scalability of micro‑service architectures.