If one of the servers needs to be temporarily removed from the load‑balancing rotation, it can be marked with the down server backend3.example.com down; With this configuration of weights, out of every 6 requests, 5 are sent to backend1.example.com and 1 to backend2.example.com. server backend1.example.com weight=5; server backend2.example.com; location /resources { secure_link_secret mySecret; if ($secure_link = "") { return 403; } rewrite ^ /secured/$secure_link; } location /secured/ { internal; add_header Strict-Transport-Security max-age=31536000; Satisfying Any Number of Security Methods location / { satisfy any; allow 192.168.1.0/24; deny all; auth_basic "closed site"; auth_basic_user_file conf/htpasswd; } http { log_format geoproxy '[$time_local] $remote_addr ' '$realip_remote_addr $remote_user ' '$request_method $server_protocol ' '$scheme $server_name $uri $status ' '$request_time $body_bytes_sent ' '$geoip_city_country_code3 $geoip_region ' '"$geoip_city" $http_x_forwarded_for ' '$upstream_status $upstream_response_time ' '"$http_referer" "$http_user_agent"'; ... } error_log syslog:server=10.0.1.42 debug; access_log syslog:server=10.0.1.42,tag=nginx,severity=info geoproxy; http { keepalive_requests 320; keepalive_timeout 300s; ... } keepalive server { proxy_buffering on; proxy_buffer_size 8k; proxy_buffers 8 32k; proxy_busy_buffer_size 64k; ... } http { access_log /var/log/nginx/access.log main buffer=32k flush=1m; } Check the kernel setting for net.core.somaxconn, which is the maxi‐ mum number of connections that can be queued by the kernel for NGINX to process. If you set this number over 512, you’ll need to set the backlog parameter of the listen directive in your NGINX configuration to match ---------------------------------------------------------------------- ---------------------------------------------------------------------- ---------------------------------------------------------------------- PLUS least_time=header (NGINX Plus) – The least average time to receive the response header from the server ($upstream_header_time) least_time=last_byte (NGINX Plus) – The least average time to receive the full response from the server ($upstream_response_time) server backend1.example.com slow_start=30s; three session persistence methods. The methods are set with the sticky directive. (For session persistence with NGINX Open Source, use the hash or ip_hash directive as described above.) Sticky cookie – NGINX Plus adds a session cookie to the first response Sticky route – NGINX Plus assigns a “route” to the client when it receives the first request Sticky learn method – NGINX Plus first finds session identifiers by inspecting requests and responses If a request contains a session identifier already “learned”, NGINX Plus forwards the request to the corresponding server: Limiting the Number of Connections server backend1.example.com max_conns=3; queue 100 timeout=70; sticky_route drain nginx-sync ---------------------------------------------------------------------- ---------------------------------------------------------------------- ---------------------------------------------------------------------- upstream my_app { ip_hash; server 111.11.11.11:3001 weight=100 max_fails=5 fail_timeout=300; server 222.22.22.22:3002 weight=100 max_fails=5 fail_timeout=300; keepalive 8; } server { server_name my-app.com; location / { proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Real_IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-NginX-Proxy true; # This is necessary to pass the correct IP to be hashed real_ip_header X-Real-IP; proxy_pass http://my_app/; proxy_redirect off; } }