Mastering Nginx: From Basics to Advanced Load Balancing and Rate Limiting
This article explains what Nginx is, why it’s chosen for high‑performance reverse proxy and load balancing, walks through its event‑driven architecture, core configuration directives, virtual host setups, location regex rules, static‑dynamic separation, rate‑limiting techniques, load‑balancing algorithms, high‑availability settings and practical code examples.
Nginx is a lightweight, high‑performance reverse‑proxy web server that can handle tens of thousands of concurrent connections, with low memory consumption and efficient static file serving.
Why Use Nginx?
It is cross‑platform, easy to configure, supports reverse proxy, load balancing, health checks, GZIP compression, and can serve static resources with minimal memory usage.
How Nginx Processes Requests
When a request arrives, Nginx matches the listen and server_name directives to select a server block, then matches the request URI against location blocks to determine the handling logic.
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
}Forward Proxy vs. Reverse Proxy
Forward proxy: client sends request directly to the target server.
Reverse proxy: Nginx receives the request and forwards it to backend servers according to defined rules.
Advantages of Reverse Proxy
It hides the origin servers, adds a security layer, and can balance traffic across multiple backends.
Nginx Pros and Cons
Pros: low memory, high concurrency, simple configuration, can hide real IP, supports virtual hosts, load balancing.
Cons: static file handling is strong, but dynamic content processing is limited; usually used as a front‑end proxy for dynamic services.
Typical Application Scenarios
HTTP server for static sites.
Virtual hosting multiple domains on one machine.
Reverse proxy and load balancing for high‑traffic sites.
API gateway and security management.
Directory Structure
# tree /usr/local/nginx
/usr/local/nginx
├── client_body_temp
├── conf
│ ├── fastcgi.conf
│ ├── fastcgi_params
│ ├── mime.types
│ └── nginx.conf
├── html
│ ├── 50x.html
│ └── index.html
├── logs
│ ├── access.log
│ └── error.log
├── sbin
│ └── nginx
└── ...Key Directives in nginx.conf
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}Static Resource Handling
Static files are placed under the html directory and served directly by Nginx.
Cross‑Domain Solution
Configure Nginx to forward cross‑origin API requests to the actual backend, effectively turning them into same‑origin requests.
Virtual Host Configuration
Three common types:
Domain‑based virtual host: separate sites by server_name.
Port‑based virtual host: differentiate services by listening ports.
IP‑based virtual host: use distinct IP addresses.
# Domain‑based example
server {
listen 80;
server_name www.example.com;
location / {
root /data/www;
index index.html index.htm;
}
}
# Port‑based example
server {
listen 8080;
server_name 8080.example.com;
location / {
root /data/www;
}
}Location Directive
The location block matches request URIs and can use exact, prefix, or regex patterns with different priorities.
# Exact match
location = / {
return 400;
}
# Prefix match (case‑sensitive)
location ^~ /av {
root /data/av/;
}
# Regex match (case‑sensitive)
location ~ /media {
alias /data/static/;
}
# Regex match (case‑insensitive for static files)
location ~* \.(jpg|gif|png|js|css)$ {
root /data/av/;
}Rate Limiting
Nginx provides three rate‑limiting strategies: normal request rate limiting, burst traffic handling, and concurrent connection limiting, all based on the leaky‑bucket algorithm.
Normal Request Rate Limiting
# Define a zone limiting one request per minute per IP
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/m;
server {
location /seckill.html {
limit_req zone=one;
proxy_pass http://backend;
}
}Burst Traffic Handling
# Allow a burst of 5 requests to be processed immediately
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/m;
server {
location /seckill.html {
limit_req zone=one burst=5 nodelay;
proxy_pass http://backend;
}
}Concurrent Connection Limiting
http {
limit_conn_zone $binary_remote_addr zone=myip:10m;
limit_conn_zone $server_name zone=myServerName:10m;
}
server {
location / {
limit_conn myip 10;
limit_conn myServerName 100;
}
}Leaky Bucket vs. Token Bucket
The leaky‑bucket algorithm smooths burst traffic by processing requests at a fixed rate, discarding excess. The token‑bucket algorithm adds tokens at a constant rate, allowing bursts up to the bucket size.
Static‑Dynamic Separation
Static resources (images, CSS, JS) are served directly by Nginx, while dynamic requests (e.g., servlets, JSP) are proxied to an application server such as Tomcat.
Configuring Static‑Dynamic Separation
location /image/ {
root /usr/local/static/;
autoindex on;
}Load Balancing Algorithms
Nginx supports several upstream load‑balancing methods:
Round‑robin (default)
Weight‑based
IP‑hash
Fair (third‑party module)
URL‑hash (third‑party module)
# Round‑robin
upstream backserver {
server 192.168.0.12;
server 192.168.0.13;
}
# Weight‑based
upstream backserver {
server 192.168.0.12 weight=2;
server 192.168.0.13 weight=8;
}
# IP‑hash
upstream backserver {
ip_hash;
server 192.168.0.12:88;
server 192.168.0.13:80;
}
# Fair (requires upstream_fair module)
upstream backserver {
server server1;
server server2;
fair;
}
# URL‑hash (requires hash module)
upstream backserver {
server squid1:3128;
server squid2:3128;
hash $request_uri;
hash_method crc32;
}High Availability Configuration
Configure upstream servers with appropriate timeouts so that if a backend fails, Nginx quickly retries another server.
server {
listen 80;
server_name www.example.com;
location / {
proxy_pass http://backServer;
proxy_connect_timeout 1s;
proxy_send_timeout 1s;
proxy_read_timeout 1s;
index index.html index.htm;
}
}IP Blocking and Browser Restrictions
# Block a specific IP
if ($remote_addr = 192.168.9.115) {
return 403;
}
# Deny Chrome browsers
if ($http_user_agent ~ Chrome) {
return 500;
}Rewrite Variables
Rewrite directives can use built‑in variables such as $uri, $args, and custom variables to manipulate request URLs.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
IT Architects Alliance
Discussion and exchange on system, internet, large‑scale distributed, high‑availability, and high‑performance architectures, as well as big data, machine learning, AI, and architecture adjustments with internet technologies. Includes real‑world large‑scale architecture case studies. Open to architects who have ideas and enjoy sharing.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.