# L7 Balancer Configuration & Advanced Routing This guide provides comprehensive documentation for Zerops L7 HTTP balancer configuration and advanced routing features. For basic setup instructions, see the [Domain & Access Configuration](/features/access) guide. The L7 HTTP Balancer handles all HTTP/HTTPS traffic and provides advanced application-layer capabilities: **Functions:** - SSL/TLS termination with automatic certificate management - Domain routing and virtual host management - Load balancing across multiple service instances - Advanced routing features (redirects, access policies, rate limiting) - Performance optimization through caching and compression **Architecture:** - Deployed in two containers for high availability - Scales automatically based on traffic patterns - Integrated with Let's Encrypt for SSL certificates - Configurable through advanced balancer settings ## L7 HTTP Balancer Configuration Access the advanced balancer configuration through your project's HTTP Balancer section → **Advanced balancer configuration**. ### Connection Handling Configure how the balancer manages client connections:

Setting	Default	Range	Parameter
Maximum simultaneous connections per worker	4000	1024-65535	worker_connections
Accept multiple connections at once	on	on/off	multi_accept
How long to keep idle connections open	30s	1s-300s	keepalive_timeout
Maximum number of requests per connection	100000	1-1000000	keepalive_requests

:::tip Recommendations - **High-traffic websites**: Increase `worker_connections` to 8000 or higher - **API services**: Adjust `keepalive_timeout` to 60 for longer connections - **WebSocket applications**: Increase `keepalive_timeout` for persistent connections ::: ### Client Request Settings Control how the balancer handles incoming requests:

Setting	Default	Range	Parameter
Timeout for receiving client request header	10s	1s-300s	client_header_timeout
Timeout for receiving client request body	10s	1s-300s	client_body_timeout
Maximum allowed size of client request body	512m	1k-2048m	client_max_body_size
Reset connections that have timed out	on	on/off	reset_timedout_connection
Timeout for transmitting response to client	2s	1s-300s	send_timeout

:::tip Recommendations - **File upload services**: Increase `client_body_timeout` and `client_max_body_size` to accommodate large files - **Slow clients**: Increase header and body timeouts - **API endpoints**: Set `client_max_body_size` according to your API payload requirements ::: ### Buffer Settings Optimize memory usage for request and response handling:

Setting	Default	Range	Parameter
Size of buffer for client request header	1k	1k-64k	client_header_buffer_size
Number of buffers for large client headers	4	1-16	large_client_header_buffers_number
Size of buffers for large client headers	8k	1k-64k	large_client_header_buffers_size
Size of buffer for client request body	16k	1k-1m	client_body_buffer_size

:::tip Recommendations - **Large headers**: Increase header buffer sizes for applications with extensive headers - **File uploads**: Optimize `client_body_buffer_size` based on typical upload sizes - **Memory optimization**: Tune based on available memory and connection patterns ::: ### Proxy Settings Configure how the balancer communicates with backend services:

Setting	Parameter	Default	Range
Enable buffering of client request body	proxy_request_buffering	off	on/off
Enable buffering of responses from proxied server	proxy_buffering	on	on/off
Size of the buffer used for reading the first part of the response	proxy_buffer_size	32k	1k-256k
Number of buffers used for reading a response from the proxied server	proxy_buffers_number	4	1-16
Size of buffers for reading a response from the proxied server	proxy_buffers_size	256k	1k-1m
Size of buffers that can be busy sending response to the client	proxy_busy_buffers_size	256k	1k-1m

:::tip Recommendations - **Real-time APIs**: Set `proxy_buffering` to off for lower latency - **Large responses**: Increase `proxy_buffer_size` for handling larger API responses - **Multimedia streaming**: Increase `proxy_buffers_size` and `proxy_buffers_number` for larger content ::: ### Performance Optimization Enable various performance enhancements:

Setting	Default	Range	Parameter
Use sendfile() for file transfers	on	on/off	sendfile
Enable TCP_NOPUSH socket option	on	on/off	tcp_nopush
Enable TCP_NODELAY socket option	on	on/off	tcp_nodelay
Enable gzip compression	on	on/off	gzip
Rate limit for response transmission (0 = no limit)	0	0-1000m	limit_rate

:::tip Recommendations - **File serving**: Ensure `sendfile` and `tcp_nopush` are enabled for static content - **Real-time applications**: Verify `tcp_nodelay` is enabled - **Bandwidth control**: Use `limit_rate` for traffic shaping - **Multimedia streaming**: Enable `sendfile` and `tcp_nopush` for optimal streaming performance ::: ### File Cache Settings Optimize file system operations:

Setting	Default	Range	Parameter
Cache open file descriptors	on	on/off	open_file_cache
Maximum number of elements in file cache	200000	1000-1000000	open_file_cache_max
Time after which unused cache elements are removed	20s	1s-300s	open_file_cache_inactive
Time interval for checking cached elements validity	30s	1s-300s	open_file_cache_valid
Minimum file uses to remain in cache	2	1-100	open_file_cache_min_uses
Cache file lookup errors	on	on/off	open_file_cache_errors

:::tip Recommendations - **Static file serving**: Increase cache size and adjust timeouts - **Development**: Reduce validation timeout for faster file updates - **High I/O applications**: Optimize based on file access patterns ::: ### Security Settings Configure security-related options:

Setting	Default	Parameter
Emit nginx version in error messages and headers	off	server_tokens

**Best Practice:** Keep `server_tokens` disabled to avoid revealing server information. ## Advanced Routing Features The L7 HTTP Balancer supports sophisticated routing beyond basic domain mapping. Access the advanced location configuration through your project's HTTP Balancer section → click the **gear/settings icon** next to any domain location to open the **Advanced Location Configuration** dialog. ### Redirect Configuration Redirect requests to different URLs with full control: **Configuration Options:** - **Redirect URL**: Destination for redirected requests - **Redirect Code**: HTTP status code for redirection (e.g., 301, 302, 307, 308) - **Preserve Path**: Keep original path in redirect URL - **Preserve Query**: Keep original query parameters in redirect URL ### Access Policy Configuration Implement IP-based access control. If the request fails the check, a 403 Forbidden error is returned: **Policy Types:** - **Default Policy**: `allow` or `deny` - **CIDR Blocks**: List of IP addresses/ranges that will have the opposite policy than the default **Supported Formats:** - IPv4 address: `192.168.1.1` - IPv4 range: `192.168.1.0/24` - IPv6 address: `2001:db8::1` - IPv6 range: `2001:db8::/32` ### Rate Limiting Configuration Protect against abuse and ensure fair resource usage. When the rate limit is exceeded, requests are delayed (burst). If they cannot be processed in time, a 503 Service Temporarily Unavailable error is returned: **Configuration Parameters:** - **Rate Limit Key**: `binary_remote_addr` (per IP) or `server_name` (per domain) - **Rate**: Requests per second to allow - **Burst**: Number of requests to queue when rate exceeded - **Zone Name**: Memory zone for storing rate limiting state - **Zone Size**: Memory allocated for rate limiting data (in MB) ### Basic Authentication Add HTTP Basic Authentication to protected resources: **Configuration:** - **Realm**: Authentication realm name - **Users**: Username and password combinations ### Custom Content Responses Return custom content for specific conditions: **Configuration:** - **HTTP Status Code**: Any valid status code (200, 404, 503, etc.) - **Content**: Response body content - **Content Type**: MIME type (default: text/plain) *Need help? Join our [Discord community](https://discord.gg/zeropsio).*