Skip to content

NGINX upstream proxy configuration

The NGINX upstream proxy configuration defines a group of backend servers to which NGINX will proxy requests.^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md] This configuration is essential for load balancing and providing high availability for services hosted behind the proxy.

Configuration Structure

The upstream block is defined within the NGINX configuration file (typically located at /etc/nginx/conf.d/) using the upstream directive followed by a name, for example, upstream default_backend_nginx.^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]

Server Entries

Inside the upstream block, individual backend servers are listed using the server directive. Each entry typically specifies the server's IP address and the listening port.^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]

upstream default_backend_nginx {
    server 10.4.7.21:30035;
    server 10.4.7.22:30035;
}

Passive Health Checks

The configuration allows for parameters to determine server availability, such as max_fails and fail_timeout.^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md] For instance, setting max_fails=3 and fail_timeout=10s instructs NGINX to mark the server as unavailable for 10 seconds if 3 unsuccessful attempts are made within that duration.

Server Block Integration

To utilize the defined upstream group, the server block must include a location directive that proxies requests to the upstream name using proxy_pass.^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]

Header Configuration

It is standard practice to modify the request headers forwarded to the backend servers to ensure the backend receives the correct original host information and client IP addresses.^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md] This is achieved using directives such as proxy_set_header.

  • proxy_set_header Host $http_host;: Passes the original "Host" header from the client request.
  • proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;: Appends the client IP to the X-Forwarded-For header.

Example Configuration

The following example demonstrates a complete configuration for routing traffic for *.od.com to a Kubernetes Ingress Controller backend listening on nodes 10.4.7.21 and 10.4.7.22:^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]

upstream default_backend_nginx {
    server 10.4.7.21:30035    max_fails=3 fail_timeout=10s;
    server 10.4.7.22:30035    max_fails=3 fail_timeout=10s;
}

server {
    server_name *.od.com;

    location / {
        proxy_pass http://default_backend_nginx;
        proxy_set_header Host  $http_host;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
    }
}

Sources

^[400-devops__06-Kubernetes__k8s-learning__linux__02-ingress__README.md]