Set up Nginx to function as a load balancer, distributing traffic among multiple web servers.
The load balancing setup involves the following server configuration:
www.emc.world (IP: 10.0.0.30)node01.emc.world (IP: 10.0.0.51)node02.emc.world (IP: 10.0.0.52)node03.emc.world (IP: 10.0.0.53) - Configured as a backup serverBefore configuring SSL/TLS for Nginx, obtain the necessary SSL certificates. Refer to the relevant SSL certificate generation documentation.
Create the upstream block and server blocks for HTTP and HTTPS:
Edit the main Nginx configuration:
[root@www ~]# vi /etc/nginx/nginx.conf
# Add the following in the http section:
http {
upstream backends {
server node01.emc.world:80 weight=2;
server node02.emc.world:80;
server node03.emc.world:80 backup;
}
...
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.emc.world;
location / {
proxy_pass http://backends;
}
}
}
Create a new configuration file for HTTPS:
[root@www ~]# vi /etc/nginx/conf.d/lb-ssl.conf
# Add the following configuration:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name www.emc.world;
ssl_certificate "/etc/letsencrypt/live/www.emc.world/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/www.emc.world/privkey.pem";
location / {
proxy_pass http://backends;
}
}
Reload Nginx to apply the changes:
[root@www ~]# systemctl reload nginx
Modify the SELinux boolean setting if SELinux is enabled:
[root@www ~]# setsebool -P httpd_can_network_connect on
Configure each backend server to log the X-Forwarded-For header:
[root@node01 ~]# vi /etc/nginx/nginx.conf
# Ensure the log_format directive includes http_x_forwarded_for:
http {
...
server {
...
set_real_ip_from 10.0.0.0/24;
real_ip_header X-Forwarded-For;
}
}
[root@node01 ~]# systemctl reload nginx
Test the setup by accessing the frontend Nginx server from a client computer. The requests should be evenly distributed among the backend servers.