L7 Balancer Configuration & Advanced Routing

This guide provides comprehensive documentation for Zerops L7 HTTP balancer configuration and advanced routing features. For basic setup instructions, see the Domain & Access Configuration guide.

The L7 HTTP Balancer handles all HTTP/HTTPS traffic and provides advanced application-layer capabilities:

Functions:

• SSL/TLS termination with automatic certificate management
• Domain routing and virtual host management
• Load balancing across multiple service instances
• Advanced routing features (redirects, access policies, rate limiting)
• Performance optimization through caching and compression

Architecture:

• Deployed in two containers for high availability
• Scales automatically based on traffic patterns
• Integrated with Let's Encrypt for SSL certificates
• Configurable through advanced balancer settings

L7 HTTP Balancer Configuration

Access the advanced balancer configuration through your project's HTTP Balancer section → Advanced balancer configuration.

Connection Handling

Configure how the balancer manages client connections:

Setting	Default	Range	Parameter
Maximum simultaneous connections per worker	4000	1024-65535	worker_connections
Accept multiple connections at once	on	on/off	multi_accept
How long to keep idle connections open	30s	1s-300s	keepalive_timeout
Maximum number of requests per connection	100000	1-1000000	keepalive_requests

Recommendations

• High-traffic websites: Increase worker_connections to 8000 or higher
• API services: Adjust keepalive_timeout to 60 for longer connections
• WebSocket applications: Increase keepalive_timeout for persistent connections

Client Request Settings

Control how the balancer handles incoming requests:

Setting	Default	Range	Parameter
Timeout for receiving client request header	10s	1s-300s	client_header_timeout
Timeout for receiving client request body	10s	1s-300s	client_body_timeout
Maximum allowed size of client request body	512m	1k-2048m	client_max_body_size
Reset connections that have timed out	on	on/off	reset_timedout_connection
Timeout for transmitting response to client	2s	1s-300s	send_timeout

Recommendations

• File upload services: Increase client_body_timeout and client_max_body_size to accommodate large files
• Slow clients: Increase header and body timeouts
• API endpoints: Set client_max_body_size according to your API payload requirements

Buffer Settings

Optimize memory usage for request and response handling:

Setting	Default	Range	Parameter
Size of buffer for client request header	1k	1k-64k	client_header_buffer_size
Number of buffers for large client headers	4	1-16	large_client_header_buffers_number
Size of buffers for large client headers	8k	1k-64k	large_client_header_buffers_size
Size of buffer for client request body	16k	1k-1m	client_body_buffer_size

Recommendations

• Large headers: Increase header buffer sizes for applications with extensive headers
• File uploads: Optimize client_body_buffer_size based on typical upload sizes
• Memory optimization: Tune based on available memory and connection patterns

Proxy Settings

Configure how the balancer communicates with backend services:

Setting	Parameter	Default	Range	Description
Enable buffering of client request body	proxy_request_buffering	off	on/off	Buffer client request bodies before forwarding
Enable buffering of responses from proxied server	proxy_buffering	on	on/off	Buffer responses from backend services
Size of the buffer used for reading the first part of the response	proxy_buffer_size	32k	1k-256k	Buffer size for first part of backend response
Number of buffers used for reading a response from the proxied server	proxy_buffers_number	4	1-16	Number of buffers for reading backend responses
Size of buffers for reading a response from the proxied server	proxy_buffers_size	256k	1k-1m	Size of buffers for reading backend responses
Size of buffers that can be busy sending response to the client	proxy_busy_buffers_size	256k	1k-1m	Size of buffers for sending response to client

Recommendations

• Real-time APIs: Set proxy_buffering to off for lower latency
• Large responses: Increase proxy_buffer_size for handling larger API responses
• Multimedia streaming: Increase proxy_buffers_size and proxy_buffers_number for larger content

Performance Optimization

Enable various performance enhancements:

Setting	Default	Range	Parameter
Use sendfile() for file transfers	on	on/off	sendfile
Enable TCP_NOPUSH socket option	on	on/off	tcp_nopush
Enable TCP_NODELAY socket option	on	on/off	tcp_nodelay
Enable gzip compression	on	on/off	gzip
Rate limit for response transmission (0 = no limit)	0	0-1000m	limit_rate

Recommendations

• File serving: Ensure sendfile and tcp_nopush are enabled for static content
• Real-time applications: Verify tcp_nodelay is enabled
• Bandwidth control: Use limit_rate for traffic shaping
• Multimedia streaming: Enable sendfile and tcp_nopush for optimal streaming performance

File Cache Settings

Optimize file system operations:

Setting	Default	Range	Parameter
Cache open file descriptors	on	on/off	open_file_cache
Maximum number of elements in file cache	200000	1000-1000000	open_file_cache_max
Time after which unused cache elements are removed	20s	1s-300s	open_file_cache_inactive
Time interval for checking cached elements validity	30s	1s-300s	open_file_cache_valid
Minimum file uses to remain in cache	2	1-100	open_file_cache_min_uses
Cache file lookup errors	on	on/off	open_file_cache_errors

Recommendations

• Static file serving: Increase cache size and adjust timeouts
• Development: Reduce validation timeout for faster file updates
• High I/O applications: Optimize based on file access patterns

Security Settings

Configure security-related options:

Setting	Default	Parameter
Emit nginx version in error messages and headers	off	server_tokens

Best Practice: Keep server_tokens disabled to avoid revealing server information.

Advanced Routing Features

The L7 HTTP Balancer supports sophisticated routing beyond basic domain mapping.

Access the advanced location configuration through your project's HTTP Balancer section → click the gear/settings icon next to any domain location to open the Advanced Location Configuration dialog.

Redirect Configuration

Redirect requests to different URLs with full control:

Configuration Options:

• Redirect URL: Destination for redirected requests
• Redirect Code: HTTP status code for redirection (e.g., 301, 302, 307, 308)
• Preserve Path: Keep original path in redirect URL
• Preserve Query: Keep original query parameters in redirect URL

Access Policy Configuration

Implement IP-based access control. If the request fails the check, a 403 Forbidden error is returned:

Policy Types:

• Default Policy: allow or deny
• CIDR Blocks: List of IP addresses/ranges that will have the opposite policy than the default

Supported Formats:

• IPv4 address: 192.168.1.1
• IPv4 range: 192.168.1.0/24
• IPv6 address: 2001:db8::1
• IPv6 range: 2001:db8::/32

Rate Limiting Configuration

Protect against abuse and ensure fair resource usage. When the rate limit is exceeded, requests are delayed (burst). If they cannot be processed in time, a 503 Service Temporarily Unavailable error is returned:

Configuration Parameters:

• Rate Limit Key: binary_remote_addr (per IP) or server_name (per domain)
• Rate: Requests per second to allow
• Burst: Number of requests to queue when rate exceeded
• Zone Name: Memory zone for storing rate limiting state
• Zone Size: Memory allocated for rate limiting data (in MB)

Basic Authentication

Add HTTP Basic Authentication to protected resources:

Configuration:

• Realm: Authentication realm name
• Users: Username and password combinations

Custom Content Responses

Return custom content for specific conditions:

Configuration:

• HTTP Status Code: Any valid status code (200, 404, 503, etc.)
• Content: Response body content
• Content Type: MIME type (default: text/plain)

Need help? Join our Discord community.