L7 Balancer Configuration & Advanced Routing
This guide provides comprehensive documentation for Zerops L7 HTTP balancer configuration and advanced routing features. For basic setup instructions, see the Domain & Access Configuration guide.
The L7 HTTP Balancer handles all HTTP/HTTPS traffic and provides advanced application-layer capabilities:
Functions:
- SSL/TLS termination with automatic certificate management
- Domain routing and virtual host management
- Load balancing across multiple service instances
- Advanced routing features (redirects, access policies, rate limiting)
- Performance optimization through caching and compression
Architecture:
- Deployed in two containers for high availability
- Scales automatically based on traffic patterns
- Integrated with Let's Encrypt for SSL certificates
- Configurable through advanced balancer settings
L7 HTTP Balancer Configuration
Access the advanced balancer configuration through your project's HTTP Balancer section → Advanced balancer configuration.
Connection Handling
Configure how the balancer manages client connections:
Setting | Default | Range | Parameter |
---|---|---|---|
Maximum simultaneous connections per worker | 4000 | 1024-65535 | worker_connections |
Accept multiple connections at once | on | on/off | multi_accept |
How long to keep idle connections open | 30s | 1s-300s | keepalive_timeout |
Maximum number of requests per connection | 100000 | 1-1000000 | keepalive_requests |
- High-traffic websites: Increase
worker_connections
to 8000 or higher - API services: Adjust
keepalive_timeout
to 60 for longer connections - WebSocket applications: Increase
keepalive_timeout
for persistent connections
Client Request Settings
Control how the balancer handles incoming requests:
Setting | Default | Range | Parameter |
---|---|---|---|
Timeout for receiving client request header | 10s | 1s-300s | client_header_timeout |
Timeout for receiving client request body | 10s | 1s-300s | client_body_timeout |
Maximum allowed size of client request body | 512m | 1k-2048m | client_max_body_size |
Reset connections that have timed out | on | on/off | reset_timedout_connection |
Timeout for transmitting response to client | 2s | 1s-300s | send_timeout |
- File upload services: Increase
client_body_timeout
andclient_max_body_size
to accommodate large files - Slow clients: Increase header and body timeouts
- API endpoints: Set
client_max_body_size
according to your API payload requirements
Buffer Settings
Optimize memory usage for request and response handling:
Setting | Default | Range | Parameter |
---|---|---|---|
Size of buffer for client request header | 1k | 1k-64k | client_header_buffer_size |
Number of buffers for large client headers | 4 | 1-16 | large_client_header_buffers_number |
Size of buffers for large client headers | 8k | 1k-64k | large_client_header_buffers_size |
Size of buffer for client request body | 16k | 1k-1m | client_body_buffer_size |
- Large headers: Increase header buffer sizes for applications with extensive headers
- File uploads: Optimize
client_body_buffer_size
based on typical upload sizes - Memory optimization: Tune based on available memory and connection patterns
Proxy Settings
Configure how the balancer communicates with backend services:
Setting | Parameter | Default | Range | Description |
---|---|---|---|---|
Enable buffering of client request body | proxy_request_buffering | off | on/off | Buffer client request bodies before forwarding |
Enable buffering of responses from proxied server | proxy_buffering | on | on/off | Buffer responses from backend services |
Size of the buffer used for reading the first part of the response | proxy_buffer_size | 32k | 1k-256k | Buffer size for first part of backend response |
Number of buffers used for reading a response from the proxied server | proxy_buffers_number | 4 | 1-16 | Number of buffers for reading backend responses |
Size of buffers for reading a response from the proxied server | proxy_buffers_size | 256k | 1k-1m | Size of buffers for reading backend responses |
Size of buffers that can be busy sending response to the client | proxy_busy_buffers_size | 256k | 1k-1m | Size of buffers for sending response to client |
- Real-time APIs: Set
proxy_buffering
to off for lower latency - Large responses: Increase
proxy_buffer_size
for handling larger API responses - Multimedia streaming: Increase
proxy_buffers_size
andproxy_buffers_number
for larger content
Performance Optimization
Enable various performance enhancements:
Setting | Default | Range | Parameter |
---|---|---|---|
Use sendfile() for file transfers | on | on/off | sendfile |
Enable TCP_NOPUSH socket option | on | on/off | tcp_nopush |
Enable TCP_NODELAY socket option | on | on/off | tcp_nodelay |
Enable gzip compression | on | on/off | gzip |
Rate limit for response transmission (0 = no limit) | 0 | 0-1000m | limit_rate |
- File serving: Ensure
sendfile
andtcp_nopush
are enabled for static content - Real-time applications: Verify
tcp_nodelay
is enabled - Bandwidth control: Use
limit_rate
for traffic shaping - Multimedia streaming: Enable
sendfile
andtcp_nopush
for optimal streaming performance
File Cache Settings
Optimize file system operations:
Setting | Default | Range | Parameter |
---|---|---|---|
Cache open file descriptors | on | on/off | open_file_cache |
Maximum number of elements in file cache | 200000 | 1000-1000000 | open_file_cache_max |
Time after which unused cache elements are removed | 20s | 1s-300s | open_file_cache_inactive |
Time interval for checking cached elements validity | 30s | 1s-300s | open_file_cache_valid |
Minimum file uses to remain in cache | 2 | 1-100 | open_file_cache_min_uses |
Cache file lookup errors | on | on/off | open_file_cache_errors |
- Static file serving: Increase cache size and adjust timeouts
- Development: Reduce validation timeout for faster file updates
- High I/O applications: Optimize based on file access patterns
Security Settings
Configure security-related options:
Setting | Default | Parameter |
---|---|---|
Emit nginx version in error messages and headers | off | server_tokens |
Best Practice: Keep server_tokens
disabled to avoid revealing server information.
Advanced Routing Features
The L7 HTTP Balancer supports sophisticated routing beyond basic domain mapping.
Access the advanced location configuration through your project's HTTP Balancer section → click the gear/settings icon next to any domain location to open the Advanced Location Configuration dialog.
Redirect Configuration
Redirect requests to different URLs with full control:
Configuration Options:
- Redirect URL: Destination for redirected requests
- Redirect Code: HTTP status code for redirection (e.g., 301, 302, 307, 308)
- Preserve Path: Keep original path in redirect URL
- Preserve Query: Keep original query parameters in redirect URL
Access Policy Configuration
Implement IP-based access control. If the request fails the check, a 403 Forbidden error is returned:
Policy Types:
- Default Policy:
allow
ordeny
- CIDR Blocks: List of IP addresses/ranges that will have the opposite policy than the default
Supported Formats:
- IPv4 address:
192.168.1.1
- IPv4 range:
192.168.1.0/24
- IPv6 address:
2001:db8::1
- IPv6 range:
2001:db8::/32
Rate Limiting Configuration
Protect against abuse and ensure fair resource usage. When the rate limit is exceeded, requests are delayed (burst). If they cannot be processed in time, a 503 Service Temporarily Unavailable error is returned:
Configuration Parameters:
- Rate Limit Key:
binary_remote_addr
(per IP) orserver_name
(per domain) - Rate: Requests per second to allow
- Burst: Number of requests to queue when rate exceeded
- Zone Name: Memory zone for storing rate limiting state
- Zone Size: Memory allocated for rate limiting data (in MB)
Basic Authentication
Add HTTP Basic Authentication to protected resources:
Configuration:
- Realm: Authentication realm name
- Users: Username and password combinations
Custom Content Responses
Return custom content for specific conditions:
Configuration:
- HTTP Status Code: Any valid status code (200, 404, 503, etc.)
- Content: Response body content
- Content Type: MIME type (default: text/plain)
Need help? Join our Discord community.