Nginx - TCP balancer

Ezra Zygmuntowicz ezmobius at
Thu Jun 12 00:00:00 MSD 2008

On Jun 11, 2008, at 12:09 PM, Kamil Gorlo wrote:

> Hi all,
> I have question about Nginx "features". Is it possible to run Nginx as
> a transparent load balancer (which works on TCP layer, not HTTP)??
> My case is that I have 5 of backends (strong, 4 core machines) which
> communicates with users over HTTPS (it's some kind of authentication
> service - user sends short https requests, get response, and does not
> keep connection any more; so user spends only few seconds on this
> service, but there are many users). Till today I was using simple dns
> balancing between those machines, but now I need something more
> powerful.
> So, I have another 2 machines (this time, they have only single core)
> which I want to be load balancers. But they cannot work on HTTP layer,
> as a standard load balancer, because of SSL - they simply does not
> have resources to do this SSL stuff. My idea is to use some kind of
> transparent load balancer on those machines - they should only forward
> requests to backends and all resource consuming work should be done on
> backends (SSL handshake, etc.).
> Can Nginx do that? If not, do you know any tools which can work as TCP
> balancers (I found HAProxy, but haven't tested it)?
> Do you have any experience in similar situations?
> Best regards,
> Kamil

	We run a setup similar to this where we have hundreds of VM's running  
nginx and doing ssl and we run a pair of boxes in front of these with  
LVS(linux virtual server) and heartbeat/keepalived to do the raw tcp  
load balancing. This scales very well, in each cluster we have 500 or  
so VM's running nginx fronted by a pair of LVS machines balancing all  
traffic to all the slices.

	Haproxy is good for this as well and may be a bit simpler to setup,  
but LVS outperforms haproxy in this situation and scales *very* well.


- Ezra Zygmuntowicz
-- Founder & Software Architect
-- ezra at

More information about the nginx mailing list