DEV Community

zxfcn
zxfcn

Posted on

Windows Server Operations in Practice (Part 1): Nginx Load Balancing Configuration & Tuning

#devops #microsoft #networking #tutorial

A complete guide to configuring Nginx load balancing for multiple Tomcat instances on Windows Server. Based on real-world experience with Nginx 1.6.1 + Tomcat 6.0.37.

Scenario

A Windows Server 2012 machine runs 3 Tomcat instances listening on ports 8801, 8802, and 8803. Nginx is used to distribute external requests across these instances.

Basic Configuration

Define Upstream

Define the backend server group in the http block of nginx.conf:

upstream koaweb {
    server 127.0.0.1:8801 weight=3 max_fails=2 fail_timeout=20s;
    server 127.0.0.1:8802 weight=3 max_fails=2 fail_timeout=20s;
    server 127.0.0.1:8803 weight=3 max_fails=2 fail_timeout=20s;
}
Enter fullscreen mode Exit fullscreen mode

Configure Reverse Proxy

Configure the reverse proxy in the server block:

server {
    listen      80;
    server_name  koa.*******.com;

    location / {
        proxy_pass http://koaweb;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout   3;
        proxy_send_timeout      120;
        proxy_read_timeout      120;
    }
}
Enter fullscreen mode Exit fullscreen mode

Load Balancing Strategies

Nginx provides multiple distribution strategies for different scenarios:

1. Round Robin — Default 

upstream koaweb {
    server 127.0.0.1:8801;
    server 127.0.0.1:8802;
    server 127.0.0.1:8803;
}
Enter fullscreen mode Exit fullscreen mode

Requests are distributed sequentially to each server in rotation. This is the default strategy and requires no additional configuration.

2. Weighted Round Robin 

upstream koaweb {
    server 127.0.0.1:8801 weight=5;
    server 127.0.0.1:8802 weight=3;
    server 127.0.0.1:8803 weight=2;
}
Enter fullscreen mode Exit fullscreen mode

A higher weight value means a larger proportion of requests. Useful when servers have different hardware specs.

3. IP Hash (ip_hash) 

upstream koaweb {
    ip_hash;
    server 127.0.0.1:8801;
    server 127.0.0.1:8802;
    server 127.0.0.1:8803;
}
Enter fullscreen mode Exit fullscreen mode

Hashes the client IP to always route the same IP to the same backend server. Note: This does not truly solve session problems, since a machine's IP may change with multi-NIC setups or route switching. True session sharing requires solutions like Memcached or Redis.

4. Least Connections (least_conn) 

upstream koaweb {
    least_conn;
    server 127.0.0.1:8801;
    server 127.0.0.1:8802;
    server 127.0.0.1:8803;
}
Enter fullscreen mode Exit fullscreen mode

Routes requests to the server with the fewest active connections. Ideal when request processing times vary significantly.

Health Check Parameters 

upstream koaweb {
    server 127.0.0.1:8801 weight=3 max_fails=2 fail_timeout=20s;
    server 127.0.0.1:8802 weight=3 max_fails=2 fail_timeout=20s;
    server 127.0.0.1:8803 weight=3 max_fails=2 fail_timeout=20s;
}
Enter fullscreen mode Exit fullscreen mode
Parameter Description
max_fails Maximum number of failed requests within fail_timeout before marking as unavailable
fail_timeout Duration to consider the server unavailable after being marked down

Timeout Configuration 

proxy_connect_timeout   3;    # Timeout for establishing connection with backend
proxy_send_timeout      120;  # Timeout for sending request to backend
proxy_read_timeout      120;  # Timeout for waiting for backend response
Enter fullscreen mode Exit fullscreen mode

If the backend has long-running operations (e.g., report generation), increase proxy_read_timeout accordingly. Otherwise, Nginx returns 504 Gateway Timeout.

Lesson Learned: Initial proxy_read_timeout was set to 30 seconds, but a backend AI API call took ~60 seconds, causing frequent 504 errors. Resolved by increasing to 120 seconds.

HTTPS Configuration

To serve HTTPS traffic externally, add a server block for port 443:

server {
    listen       443 ssl;
    server_name  koa.*******.com;

    ssl_certificate      koa.******.com_bundle.crt;
    ssl_certificate_key  koa.*******.com.key;

    ssl_session_timeout  5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://koaweb;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_connect_timeout   3;
        proxy_send_timeout      120;
        proxy_read_timeout      120;
    }
}
Enter fullscreen mode Exit fullscreen mode

Verifying Load Balancing

After configuration, reload Nginx:

nginx -s reload
Enter fullscreen mode Exit fullscreen mode

Access a test page (e.g., test.jsp) multiple times and refresh to verify that requests are distributed across different Tomcat instances.

Common Issues

Dubbo Port Conflicts

When running multiple Tomcat instances with Dubbo, ensure each instance uses a different Dubbo port:

  • ins01: Dubbo port 20881
  • ins02: Dubbo port 20880
  • ins03: Dubbo port 20879

Modify in Spring configuration applicationContext.xml:

<dubbo:protocol name="dubbo" port="20880" />
Enter fullscreen mode Exit fullscreen mode

Hosts File Mapping Does Not Affect Nginx

Domain mappings in the Windows hosts file do not interfere with Nginx's server_name matching or upstream distribution. They work independently.

Next: Windows Server Operations in Practice (Part 2): Nginx Security & Auto-Banning

Top comments (0)