Load Balancing DNS Traffic with NGINX and NGINX Plus

NGINX Plus R9 introduces the ability to reverse proxy and load balance UDP traffic, a significant enhancement to NGINX Plus’ Layer 4 load-balancing capabilities.

This blog post looks at the challenges of running a DNS server in a modern application infrastructure to illustrate how the open source NGINX software and NGINX Plus can effectively and efficiently load balance both UDP and TCP traffic (for brevity, we’ll refer to NGINX Plus for the rest of the post).

Load Balancing DNS Traffic with NGINX and NGINX Plus

Reliable High-Performance HTTP Infrastructure with nginx and Lua

We recently replaced a proprietary API management solution with an in-house implementation built with nginx and Lua that is more robust, higher performance, and has greater visibility. Learn about our development process and the overall architecture that allowed us to write high-level code while enjoying native code performance, and how we leveraged other open source tools like Vagrant, Ansible, and OpenStack to build an automation-rich delivery pipeline. We will also take an in-depth look at our capacity management approach that differs from the rate limiting concept prevalent in the API community.

A transparent HTTPS proxy with automatic certificate renewal using https://letsencrypt.org/

httpsify is a https reverse proxy … [https request] –> httpsify –> [apache/nginx/nodejs/… etc] but this isn’t the point because there are many https offloaders, but httpsify uses letsencrypt (https://letsencrypt.org/) for automatically generating free and valid ssl certificates, as well as auto renewal of certs, this web server by default uses HTTP/2 . you can say that httpsify is just a http/2 & letsencrypt wrapper for any http web server with no hassle, it just works .


Let’s Encrypt & Nginx

What you will do

Here are the steps you will go through:

  • Spawn a cloud instance which will host our demo website.
  • Do some basic hardening of our server and set up Nginx.
  • Install a brand new Let’s encrypt certificate and set up its automatic renewal
  • Harden the Nginx configuration
  • Harden the Security Headers
  • Get that shiny A+ security rating you are looking for

This tutorial will use Exoscale as cloud provider since they offer integrated firewall and DNS management. On top of that Exoscale has a strong focus on data safety / privacy and security. Of course you can follow along using any other cloud or traditional hosting service.


Using Free SSL/TLS Certificates from Let’s Encrypt for NGINX

Let’s Encrypt is a new certificate authority (CA) offering free and automated SSL/TLS certificates. Certificates issued by Let’s Encrypt are trusted by most browsers in production today, including Internet Explorer on Windows Vista. Simply download and run the Let’s Encrypt client to generate a certificate (there are a few more steps than that, of course, though not many).

Before issuing a certificate, Let’s Encrypt validates ownership of your domain. First, The Let’s Encrypt client running on your host creates a temporary file (a token) with the required information in it. The Let’s Encrypt validation server makes an HTTP request to retrieve the file and validates the token, which serves to verify that the DNS record for your domain resolves to the server running the Let’s Encrypt client.

The Let’s Encrypt client does not yet officially support NGINX and NGINX Plus (support is in beta), but you can still get started right away using Let’s Encrypt with NGINX and NGINX Plus. (This blog applies to both NGINX and NGINX Plus, but for ease of reading we’ll refer only to NGINX Plus from now on.) All you need is the webroot plug-in from Let’s Encrypt, and a few small changes to your NGINX Plus configuration…”


Nginx: a caching, thumbnailing, reverse proxying image server?

“A month or two ago, I decided to remove Varnish from my site and replace it with Nginx’s built-in caching system. I was already using Nginx to proxy to my Python sites, so getting rid of Varnish meant one less thing to fiddle with. I spent a few days reading up on how to configure Nginx’s cache and overhauling the various config files for my Python sites (yes, irony). In the course of my reading I bookmarked a number of interesting Nginx modules to return to, among them the Image Filter module.

I thought it would be neat to combine Nginx’s reverse proxying, caching, and image filtering to create a thumbnailing server for my images hosted on S3. If you look closely at the <img> tag below (and throughout this site), you can see Nginx in action…”


Installing NGINX and NGINX Plus With Ansible

“In this tutorial I will walk you through the steps for using Ansible to install and deploy the open source NGINX software and NGINX Plus, our commercial product. I’m showing deployment onto a CentOS server, but I have included details about deploying on Ubuntu servers in Creating an Ansible Playbook for Installing NGINX and NGINX Plus on Ubuntu below…”

Installing NGINX and NGINX Plus With Ansible

nginx-upsync-module – Nginx C module, syncing upstreams from consul or others, dynamically adjusting backend servers weight

“It may not always be convenient to modify configuration files and restart NGINX. For example, if you are experiencing large amounts of traffic and high load, restarting NGINX and reloading the configuration at that point further increases load on the system and can temporarily degrade performance.

The module can be more smoothly expansion and constriction, and will not influence the performance…”