Here is an example nginx.conf for Loadbalancing on Nginx:
user www-data;
worker_processes auto;#Relevant to handle as many connections as the server config could, is correlated to number of cores in the CPU
#https://nginx.org/en/docs/ngx_core_module.html#worker_processes
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;#Relevant to handle as many connections as the server config could
#clients = worker_processes * worker_connections
} #https://nginx.org/en/docs/ngx_core_module.html#worker_connections
http {
large_client_header_buffers 4 128k;
server_names_hash_bucket_size 128;
map $request_uri $short_uri {
"~^(.{0,50})" $1;
default $request_uri;
}
map $remote_addr $anonymized_addr {
~(?P<ip>\d+\.\d+)\.\d+\. $ip.0.0;
~(?P<ip>[^:]+:[^:]+): $ip::;
# IP addresses to not anonymize (such as your server)
127.0.0.1 $remote_addr;
::1 $remote_addr;
#w.x.y.z $remote_addr;
#a::c:d::e:f $remote_addr;
default 0.0.0.0;
}
log_format combined_log '$anonymized_addr - $remote_user [$time_local] '
'"$short_uri" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent"';
access_log /var/log/nginx/access.log combined_log;
limit_req_zone $binary_remote_addr zone=mylimit:1M rate=70r/s;
limit_req zone=mylimit burst=9000 nodelay;
#WSS compatibility config
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
#Upstream group
upstream rpc_stream {
least_conn; #Redirect requests to the server with least number of active connections
server XXX.XXX.XXX.XXX:26657 max_fails=1000 fail_timeout=30s;
server XXX.XXX.XXX.XXX:26657 max_fails=1000 fail_timeout=30s;
server XXX.XXX.XXX.XXX:26657 max_fails=1000 fail_timeout=30s;
}
upstream grpc_stream {
least_conn; #Redirect requests to the server with least number of active connections
server XXX.XXX.XXX.XXX:9091 max_fails=1000 fail_timeout=30s;
server XXX.XXX.XXX.XXX:9091 max_fails=1000 fail_timeout=30s;
server XXX.XXX.XXX.XXX:9091 max_fails=1000 fail_timeout=30s;
}
upstream lcd_stream {
least_conn; #Redirect requests to the server with least number of active connections
server XXX.XXX.XXX.XXX:1317 max_fails=1000 fail_timeout=30s;
server XXX.XXX.XXX.XXX:1317 max_fails=1000 fail_timeout=30s;
server XXX.XXX.XXX.XXX:1317 max_fails=1000 fail_timeout=30s;
}
server {
listen 80;
server_name rpc.YOUR_URL;
location / {
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Credentials';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header 'Access-Control-Allow-Methods';
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' * always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
proxy_pass http://rpc_stream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; #WSS compatibility config
proxy_set_header Connection $connection_upgrade; #WSS compatibility config
}
}
server {
listen 26657;
server_name rpc.YOUR_URL;
location / {
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Credentials';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header 'Access-Control-Allow-Methods';
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' * always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
proxy_pass http://rpc_stream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; #WSS compatibility config
proxy_set_header Connection $connection_upgrade; #WSS compatibility config
}
}
server {
listen 80;
server_name grpc.YOUR_URL;
location / {
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Credentials';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header 'Access-Control-Allow-Methods';
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' * always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
proxy_pass http://grpc_stream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; #WSS compatibility config
proxy_set_header Connection $connection_upgrade; #WSS compatibility config
}
}
server {
listen 9091;
server_name grpc.YOUR_URL;
location / {
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Credentials';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header 'Access-Control-Allow-Methods';
add_header 'Access-Control-Allow-Origin' "$http_origin" always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' * always;
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
proxy_pass http://grpc_stream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; #WSS compatibility config
proxy_set_header Connection $connection_upgrade; #WSS compatibility config
}
}
server {
listen 1317;
server_name lcd.YOUR_URL;
location / {
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Credentials';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header 'Access-Control-Allow-Methods';
add_header 'Access-Control-Allow-Origin' * always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' * always;
add_header 'Access-Control-Allow-Methods' * always;
proxy_pass http://lcd_stream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; #WSS compatibility config
proxy_set_header Connection $connection_upgrade; #WSS compatibility config
}
}
server {
listen 80;
server_name lcd.YOUR_URL;
location / {
if ($request_method = 'OPTIONS') {
return 204;
}
proxy_hide_header 'Access-Control-Allow-Origin';
proxy_hide_header 'Access-Control-Allow-Credentials';
proxy_hide_header 'Access-Control-Allow-Headers';
proxy_hide_header 'Access-Control-Allow-Methods';
add_header 'Access-Control-Allow-Origin' * always;
add_header 'Access-Control-Allow-Credentials' 'true' always;
add_header 'Access-Control-Allow-Headers' * always;
add_header 'Access-Control-Allow-Methods' * always;
proxy_pass http://lcd_stream;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade; #WSS compatibility config
proxy_set_header Connection $connection_upgrade; #WSS compatibility config
}
}
server {
listen 127.0.0.1:80;
server_name 127.0.0.1;
location /nginx_status {
stub_status on;
allow 127.0.0.1;
deny all;
}
}
}SSH into Your Machine: Use an SSH client to log into your server.
ssh your_user@your_server_ipFrist, ensure that all packages are up to date. This can prevent security vulnerabilities.
sudo apt update && sudo apt upgrade && sudo apt autoremoveInstall Glances: An advanced system monitor for Linux.
sudo apt install glancesInstall Nginx: A high-performance web server and a reverse proxy, often used for load balancing.
sudo apt install nginxConfigure UFW Firewall for Nginx: Make sure Nginx can receive HTTP and HTTPS traffic.
sudo ufw allow 'Nginx HTTP'
sudo ufw allow 'Nginx HTTPS'Remove Existing Nginx Configuration:
sudo rm -rf /etc/nginx/nginx.confEdit New Configuration: Use a text editor like nano to create a new configuration file.
sudo nano /etc/nginx/nginx.confReplace the contents with your load balancer configuration. You can use the Example Nginx config as a starting point.
Modify RPC/LCD/gRPC server entries and domain names as required.
Save and exit the editor (CTRL + X, then Y to confirm, and Enter to save).
Test Nginx Configuration: Ensures your syntax is correct.
sudo nginx -tEnable and Start Nginx: This will make sure Nginx starts on boot and starts running immediately.
sudo systemctl enable nginx
sudo systemctl start nginxInstall Certbot: This tool automates obtaining free SSL/TLS certificates from Let's Encrypt.
sudo apt-get install certbot python3-certbot-nginxObtain the SSL Certificate for your domain:
sudo certbot --nginx -d your_domain.comFinally, you can add a cronjob to crontab to enable auto-newing of the certificates:
crontab -e
0 12 * * * /usr/bin/certbot renew --quietTo provide endpoints to users, you can use Nginx. It is a powerful tool for providing a loadbalanced endpoint that distributes the load across multiple nodes.