NGINX

1 Introduction

NGINX is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX is known for its high performance, stability, rich feature set, simple configuration, and low resource consumption.

NGINX is one of a handful of servers written to address the C10K problem. Unlike traditional servers, NGINX does not rely on threads to handle requests. Instead it uses a much more scalable event-driven (asynchronous) architecture. This architecture uses small, but more importantly, predictable amounts of memory under load. Even if you do not expect to handle thousands of simultaneous requests, you can still benefit from NGINX’s high-performance and small memory footprint. NGINX scales in all directions: from the smallest Virtual Private Server (VPS) all the way up to large clusters of servers.

Basic generic network diagram_v2.png

The LoadMaster offers advanced Layer 4 and Layer 7 server load balancing, SSL Acceleration and a multitude of other advanced Application Delivery and Optimization (ADC) features. The KEMP LoadMaster can load balance the NGINX workload. The LoadMaster intelligently and efficiently distributes user traffic among the servers so that users get the best experience possible.

This document provides guidance and recommended settings on how to load balance NGINX with a KEMP LoadMaster. The KEMP Support Team is available to provide solutions for scenarios not explicitly defined.

The KEMP support site can be found at: https://support.kemptechnologies.com.

2 Configure the LoadMaster

Follow the steps in the sections below to configure the LoadMaster with the recommended settings to load balance the NGINX workload.

2.1 Enable Subnet Originating Requests Globally

It is best practice to enable the Subnet Originating Requests option globally.

In a one-armed setup (where the Virtual Service and Real Servers are on the same network/subnet) Subnet Originating Requests is usually not needed. However, enabling Subnet Originating Requests should not affect the routing in a one-armed setup.

In a two-armed setup where the Virtual Service is on network/subnet A, for example, and the Real Servers are on network B - Subnet Originating Requests should be enabled on LoadMasters with firmware version 7.1-16 and above.

When Subnet Originating Requests is enabled, the LoadMaster will route traffic so that the Real Server will see traffic arriving from the LoadMaster interface that is in that network/subnet not the Virtual Service address.

When Subnet Originating Requests is enabled globally, it is automatically enabled on all Virtual Services. If the Subnet Originating Requests option is disabled globally, you can choose whether or not to enable Subnet Originating Requests on a per-Virtual Service basis.

To enable Subnet Originating Requests globally, follow the steps below:

1. In the main menu of the LoadMaster WUI, go to System Configuration > Miscellaneous Options > Network Options.

SCMONO002.png

2. Tick the Subnet Originating Requests check box.

2.2 Configure the LoadMaster

Follow the steps in the sections below to configure the LoadMaster with the recommended settings to load balance the NGINX workload.

2.2.1 Create the HTTP/HTTPS Virtual Services

Refer to the sections below for recommended settings for the HTTP/HTTPS Virtual Services.

2.2.1.1 Create the NGINX HTTP Virtual Service

Follow the steps below to create and configure the recommended settings for the NGINX HTTP Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

VSAN002.png

2. Type a valid IP address in the Virtual Address text box.

3. Type 80 in the Port text box.

4. Enter a recognizable Service Name, for example Nginx HTTP.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Persistence Mode

Active Cookie

  Cookie name JSESSIONID

 

Timeout

1 Hour

 

Scheduling Method

least connection

  Idle Connection Timeout 900

Real Servers

URL

/

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 80 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.2.1.2 Create the NGINX HTTPS Virtual Service

Follow the steps below to create and configure the recommended settings for the NGINX HTTPS Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

VSAN004.png

2. Type a valid IP address in the Virtual Address text box.

3. Type 443 in the Port text box.

4. Enter a recognizable Service Name, for example Nginx HTTPS.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comments

Standard Options

Persistence Mode

Source IP Address

 

 

Timeout

1 Hour

 

 

Scheduling Method

least connection

 
  Idle Connection Timeout 900  

Advanced Properties

Add a Port 80 Redirector VS

https://%h%s

Click Add HTTP Redirector. This automatically creates a redirect on port 80.

Note: This field disappears after it is clicked.

Real Servers

URL

/

 

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 443 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.2.1.2.1 Configure the NGINX HTTPS HTTP Redirect Virtual Service

Clicking the Add HTTP Redirector button automatically creates a port 80 redirect Virtual Service. This is optional, but the purpose of this Virtual Service is to redirect any clients who have connected using HTTP to the HTTPS Virtual Service. KEMP also recommends changing the Real Server Check Method and Persistence Mode to None.

2.2.1.3 Create the NGINX HTTPS Offloaded Virtual Service

Follow the steps below to create and configure the recommended settings for the NGINX HTTPS Offloaded Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

VSAN005.png

2. Type a valid IP address in the Virtual Address text box.

3. Type 443 in the Port text box.

4. Enter a recognizable Service Name, for example Nginx HTTPS Offloaded.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

 

Standard Options

Persistence Mode

Active Cookie

You need to enable SSL Acceleration before you can select Active Cookie as the Persistence Mode.

 

Timeout

1 Hour

 
  Cookie name JSESSIONID  

 

Scheduling Method

least connection

 
  Idle Connection Timeout 900  
SSL Properties SSL Acceleration Enabled  
  Supported Protocols TLS1.0, TLS1.1, TLS1.2  
  Cipher Set BestPractices  

Advanced Properties

Add a Port 80 Redirector VS

https://%h%s

Click Add HTTP Redirector. This automatically creates a redirect on port 80.

Note: This field disappears after it is clicked.

Real Servers

URL

/

 

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 443 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.2.1.3.1 Configure the NGINX HTTPS Offloaded HTTP Redirect Virtual Service

Clicking the Add HTTP Redirector button automatically creates a port 80 redirect Virtual Service. This is optional, but the purpose of this Virtual Service is to redirect any clients who have connected using HTTP to the HTTPS Virtual Service. KEMP also recommends changing the Real Server Check Method and Persistence Mode to None.

2.2.1.4 Create the NGINX HTTPS Re-encrypt Virtual Service

Follow the steps below to create and configure the recommended settings for the NGINX HTTPS Re-encrypt Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

VSAN006.png

2. Type a valid IP address in the Virtual Address text box.

3. Type 443 in the Port text box.

4. Enter a recognizable Service Name, for example Nginx HTTPS Re-encrypt.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Comments

Standard Options

Persistence Mode

Active Cookie

You need to enable SSL Acceleration before you can select Active Cookie as the Persistence Mode.

 

Timeout

1 Hour

 
  Cookie name JSESSIONID  

 

Scheduling Method

least connection

 
  Idle Connection Timeout 900  
SSL Properties SSL Acceleration Enabled  
  Reencrypt Enabled  
  Supported Protocols TLS1.0, TLS1.1, TLS1.2  
  Cipher Set BestPractices  

Advanced Properties

Add a Port 80 Redirector VS

https://%h%s

Click Add HTTP Redirector. This automatically creates a redirect on port 80.

Note: This field disappears after it is clicked.

Real Servers

URL

/

 

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 443 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.2.1.4.1 Configure the NGINX HTTPS Re-encrypt HTTP Redirect Virtual Service

Clicking the Add HTTP Redirector button automatically creates a port 80 redirect Virtual Service. This is optional, but the purpose of this Virtual Service is to redirect any clients who have connected using HTTP to the HTTPS Virtual Service. KEMP also recommends changing the Real Server Check Method and Persistence Mode to None.

2.3 Create the Mail Virtual Services

Refer to the sections below for recommended settings for the mail Virtual Services.

2.3.1 Create the NGINX IMAP Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

VSAN007.png

2. Type a valid IP address in the Virtual Address text box.

3. Type 143 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Idle Connection Timeout 3600

Real Servers

Checked Port

143

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 143 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.2 Create the NGINX IMAP with STARTTLS Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

VSAN008.png

2. Type a valid IP address in the Virtual Address text box.

3. Type 143 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Basic Properties Service Type STARTTLS protocols

Standard Options

Idle Connection Timeout 3600
SSL Properties Supported Protocols TLS1.0, TLS1.1, TLS1.2
  Cipher Set BestPractices

Real Servers

Checked Port

143

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 143 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.3 Create the NGINX IMAPS Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

VSAN009.png

2. Type a valid IP address in the Virtual Address text box.

a) Type 993 as the Port.

3. Enter a recognizable Service Name.

4. Ensure tcp is selected as the Protocol.

5. Click Add this Virtual Service.

6. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Server Initiating Protocol IMAP4
  Idle Connection Timeout 3600

Real Servers

Checked Port

993

7. Add the Real Servers:

b) Expand the Real Servers section.

c) Click Add New.

d) Type the address of the Real Server.

e) Type 993 as the Port.

f) Click Add This Real Server.

g) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.4 Create the NGINX IMAPS Offloaded Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster WUI, go to Virtual Services > Add New.

VSAN010.png

2. Type a valid IP address in the Virtual Address text box.

3. Type 993 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Server Initiating Protocol IMAP4
  Idle Connection Timeout 3600
SSL Properties SSL Acceleration Enabled
  Supported Protocols TLS1.0, TLS1.1, TLS1.2
  Cipher Set BestPractices

Real Servers

Checked Port

143

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 993 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.5 Create the NGINX POP Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

2. Type a valid IP address in the Virtual Address text box.

3. Type 110 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Idle Connection Timeout 3600

Real Servers

Checked Port 110

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 110 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.6 Create the NGINX POP with STARTTLS Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

2. Type a valid IP address in the Virtual Address text box.

3. Type 110 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Basic Properties Service Type STARTTLS protocols

Standard Options

Idle Connection Timeout 3600
SSL Properties Supported Protocols TLS1.0, TLS1.1, TLS1.2

 

Cipher Cet BestPractices

Real Servers

Checked Port 110

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 110 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.7 Create the NGINX POPS Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

2. Type a valid IP address in the Virtual Address text box.

3. Type 995 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Server Initiating Protocols POP3
  Idle Connection Timeout 3600

Real Servers

Checked Port 995

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 995 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.8 Create the NGINX POPS Offloaded Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

2. Type a valid IP address in the Virtual Address text box.

3. Type 995 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Server Initiating Protocols POP3
  Idle Connection Timeout 3600

SSL Properties

SSL Acceleration Enabled

 

Supported Protocols TLS1.0, TLS1.1, TLS1.2
  Cipher Set BestPractices

Real Servers

Real Server Check Method Mailbox (POP3) Protocol
  Checked Port 110

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 995 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.9 Create the NGINX SMTP Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

2. Type a valid IP address in the Virtual Address text box.

3. Type 587 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Server Initiating Protocols SMTP
  Persistence Mode Source IP Address

 

Persistence Timeout 1 Hour

 

Idle Connection Timeout 120

Real Servers

Checked Port 587

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 587 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.10 Create the NGINX SMTP with STARTTLS Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

2. Type a valid IP address in the Virtual Address text box.

3. Type 25 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Basic Properties Service Type STARTTLS protocols

Standard Options

Persistence Mode Source IP Address
  Persistence Timeout 1 Hour

 

Idle Connection Timeout 120

SSL Properties

Supported Protocols TLS1.0, TLS 1.1, TLS1.2
  Cipher Set BestPractices

Real Servers

Checked Port 25

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 25 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.11 Create the NGINX SMTPS Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

2. Type a valid IP address in the Virtual Address text box.

3. Type 587 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Server Initiating Protocols SMTP
  Persistence Mode Source IP Address

 

Persistence Timeout 1 Hour

 

Idle Connection Timeout 120

Real Servers

TCP Connection Only 587

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 587 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

2.3.12 Create the NGINX SMTPS Offloaded Virtual Service

Follow the steps below to create and configure the recommended settings for the Virtual Service:

1. In the main menu of the LoadMaster Web User Interface (WUI), go to Virtual Services > Add New.

2. Type a valid IP address in the Virtual Address text box.

3. Type 587 in the Port text box.

4. Enter a recognizable Service Name.

5. Ensure tcp is selected as the Protocol.

6. Click Add this Virtual Service.

7. Configure the settings as shown in the following table:

Section

Option

Value

Standard Options

Server Initiating Protocols SMTP
  Persistence Mode Source IP Address

 

Persistence Timeout 1 Hour

 

Idle Connection Timeout 120
SSL Properties SSL Acceleration Enabled
  Supported Protocols TLS1.0, TLS1.1, TLS1.2
  Cipher Set BestPractices

Real Servers

Real Server Check Method Mail (SMTP) Protocol
  Checked Port 25

8. Add the Real Servers:

a) Expand the Real Servers section.

b) Click Add New.

c) Type the address of the Real Server.

d) Type 587 as the Port.

e) Click Add This Real Server.

f) Repeat the steps above to add more Real Servers as needed, based on the environment.

Document History

Date

Change

Reason for Change

Version

Resp.

Apr 2017

Initial Draft

First draft of document

1.0

LB

Was this article helpful?

0 out of 0 found this helpful

Comments