Skip to main content
Skip to main content

L7 Balancer Configuration & Advanced Routing

This guide provides comprehensive documentation for Zerops L7 HTTP balancer configuration and advanced routing features. For basic setup instructions, see the Domain & Access Configuration guide.

The L7 HTTP Balancer handles all HTTP/HTTPS traffic and provides advanced application-layer capabilities:

Functions:

  • SSL/TLS termination with automatic certificate management
  • Domain routing and virtual host management
  • Load balancing across multiple service instances
  • Advanced routing features (redirects, access policies, rate limiting)
  • Performance optimization through caching and compression

Architecture:

  • Deployed in two containers for high availability
  • Scales automatically based on traffic patterns
  • Integrated with Let's Encrypt for SSL certificates
  • Configurable through advanced balancer settings

L7 HTTP Balancer Configuration

Access the advanced balancer configuration through your project's HTTP Balancer section → Advanced balancer configuration.

Connection Handling

Configure how the balancer manages client connections:

SettingDefaultRangeParameter
Maximum simultaneous connections per worker40001024-65535worker_connections
Accept multiple connections at onceonon/offmulti_accept
How long to keep idle connections open30s1s-300skeepalive_timeout
Maximum number of requests per connection1000001-1000000keepalive_requests
Recommendations
  • High-traffic websites: Increase worker_connections to 8000 or higher
  • API services: Adjust keepalive_timeout to 60 for longer connections
  • WebSocket applications: Increase keepalive_timeout for persistent connections

Client Request Settings

Control how the balancer handles incoming requests:

SettingDefaultRangeParameter
Timeout for receiving client request header10s1s-300sclient_header_timeout
Timeout for receiving client request body10s1s-300sclient_body_timeout
Maximum allowed size of client request body512m1k-2048mclient_max_body_size
Reset connections that have timed outonon/offreset_timedout_connection
Timeout for transmitting response to client2s1s-300ssend_timeout
Recommendations
  • File upload services: Increase client_body_timeout and client_max_body_size to accommodate large files
  • Slow clients: Increase header and body timeouts
  • API endpoints: Set client_max_body_size according to your API payload requirements

Buffer Settings

Optimize memory usage for request and response handling:

SettingDefaultRangeParameter
Size of buffer for client request header1k1k-64kclient_header_buffer_size
Number of buffers for large client headers41-16large_client_header_buffers_number
Size of buffers for large client headers8k1k-64klarge_client_header_buffers_size
Size of buffer for client request body16k1k-1mclient_body_buffer_size
Recommendations
  • Large headers: Increase header buffer sizes for applications with extensive headers
  • File uploads: Optimize client_body_buffer_size based on typical upload sizes
  • Memory optimization: Tune based on available memory and connection patterns

Proxy Settings

Configure how the balancer communicates with backend services:

SettingParameterDefaultRangeDescription
Enable buffering of client request bodyproxy_request_bufferingoffon/offBuffer client request bodies before forwarding
Enable buffering of responses from proxied serverproxy_bufferingonon/offBuffer responses from backend services
Size of the buffer used for reading the first part of the responseproxy_buffer_size32k1k-256kBuffer size for first part of backend response
Number of buffers used for reading a response from the proxied serverproxy_buffers_number41-16Number of buffers for reading backend responses
Size of buffers for reading a response from the proxied serverproxy_buffers_size256k1k-1mSize of buffers for reading backend responses
Size of buffers that can be busy sending response to the clientproxy_busy_buffers_size256k1k-1mSize of buffers for sending response to client
Recommendations
  • Real-time APIs: Set proxy_buffering to off for lower latency
  • Large responses: Increase proxy_buffer_size for handling larger API responses
  • Multimedia streaming: Increase proxy_buffers_size and proxy_buffers_number for larger content

Performance Optimization

Enable various performance enhancements:

SettingDefaultRangeParameter
Use sendfile() for file transfersonon/offsendfile
Enable TCP_NOPUSH socket optiononon/offtcp_nopush
Enable TCP_NODELAY socket optiononon/offtcp_nodelay
Enable gzip compressiononon/offgzip
Rate limit for response transmission (0 = no limit)00-1000mlimit_rate
Recommendations
  • File serving: Ensure sendfile and tcp_nopush are enabled for static content
  • Real-time applications: Verify tcp_nodelay is enabled
  • Bandwidth control: Use limit_rate for traffic shaping
  • Multimedia streaming: Enable sendfile and tcp_nopush for optimal streaming performance

File Cache Settings

Optimize file system operations:

SettingDefaultRangeParameter
Cache open file descriptorsonon/offopen_file_cache
Maximum number of elements in file cache2000001000-1000000open_file_cache_max
Time after which unused cache elements are removed20s1s-300sopen_file_cache_inactive
Time interval for checking cached elements validity30s1s-300sopen_file_cache_valid
Minimum file uses to remain in cache21-100open_file_cache_min_uses
Cache file lookup errorsonon/offopen_file_cache_errors
Recommendations
  • Static file serving: Increase cache size and adjust timeouts
  • Development: Reduce validation timeout for faster file updates
  • High I/O applications: Optimize based on file access patterns

Security Settings

Configure security-related options:

SettingDefaultParameter
Emit nginx version in error messages and headersoffserver_tokens

Best Practice: Keep server_tokens disabled to avoid revealing server information.

Advanced Routing Features

The L7 HTTP Balancer supports sophisticated routing beyond basic domain mapping.

Access the advanced location configuration through your project's HTTP Balancer section → click the gear/settings icon next to any domain location to open the Advanced Location Configuration dialog.

Redirect Configuration

Redirect requests to different URLs with full control:

Configuration Options:

  • Redirect URL: Destination for redirected requests
  • Redirect Code: HTTP status code for redirection (e.g., 301, 302, 307, 308)
  • Preserve Path: Keep original path in redirect URL
  • Preserve Query: Keep original query parameters in redirect URL

Redirect Configuration

Access Policy Configuration

Implement IP-based access control. If the request fails the check, a 403 Forbidden error is returned:

Policy Types:

  • Default Policy: allow or deny
  • CIDR Blocks: List of IP addresses/ranges that will have the opposite policy than the default

Supported Formats:

  • IPv4 address: 192.168.1.1
  • IPv4 range: 192.168.1.0/24
  • IPv6 address: 2001:db8::1
  • IPv6 range: 2001:db8::/32

Access Policy Configuration

Rate Limiting Configuration

Protect against abuse and ensure fair resource usage. When the rate limit is exceeded, requests are delayed (burst). If they cannot be processed in time, a 503 Service Temporarily Unavailable error is returned:

Configuration Parameters:

  • Rate Limit Key: binary_remote_addr (per IP) or server_name (per domain)
  • Rate: Requests per second to allow
  • Burst: Number of requests to queue when rate exceeded
  • Zone Name: Memory zone for storing rate limiting state
  • Zone Size: Memory allocated for rate limiting data (in MB)

Rate Limiting Configuration

Basic Authentication

Add HTTP Basic Authentication to protected resources:

Configuration:

  • Realm: Authentication realm name
  • Users: Username and password combinations

Basic Auth Configuration

Custom Content Responses

Return custom content for specific conditions:

Configuration:

  • HTTP Status Code: Any valid status code (200, 404, 503, etc.)
  • Content: Response body content
  • Content Type: MIME type (default: text/plain)

Custom Content Configuration

Need help? Join our Discord community.