What are the optimal settings that I can use for Apache or NGINX as a backend server for ELB?

4 minute read
1

I want to use an Amazon Elastic Compute Cloud (Amazon EC2) instance that runs Apache or NGINX as my server for Elastic Load Balancing (ELB). But, I don't know what settings to use for the best performance.

Resolution

The best settings for a load balancer depend on your use case. For the best performance, analyze the response times of your backend application and the requirements of your clients.

If the backend application runs Apache or NGINX, then take the following actions.

Client header timeout

To make sure that the load balancer closes down idle connections, set your application timeout to a value higher than the idle timeout value. For example, the backend server might terminate a connection without proper notification to the load balancer. When this happens, you receive HTTP 502 errors for Application Load Balancer and HTTP 504 errors for Classic Load Balancer. For more information on how to configure your application timeout in Apache, see TimeOut Directive on the Apache website. For more information on how to configure your application timeout in NGINX, see client_header_timeout on the NGINX website.

Keepalive

To reduce CPU utilization and improve response time, turn on keepalive. If keepalive is turned on, then the load balancer doesn't establish a new TCP connection for every HTTP request. For more information on how to turn on keepalive in Apache, see KeepAlive Directive on the Apache website. For more information on how to turn off keepalive in NGINX, see keepalive_disable on the NGINX website.

Keepalive timeout

When the keepalive option is turned on, make sure that you choose a longer keepalive timeout than the load balancer idle timeout.

For more information on how to configure keepalive timeout in Apache, see KeepAliveTimeout Directive on the Apache website. For more information on how to configure keepalive timeout in NGINX, see keepalive_timeout on the NGINX website.

Read timeouts

Set read timeouts that fit your application response times. Make sure that you configure your load balancer to keep the connection open long enough to receive both the header and body of the request. For more information on how to configure the request read timeout in Apache, see RequestReadTimeout Directive on the Apache website. For more information on how to configure the client header timeout in NGINX, see client_header_timeout on the NGINX website. For more information on how to configure the client body timeout in NGINX, see client_body_timeout on the NGINX website.

Warning: Make sure that the load balancer idle timeout value is lower than the backend timeout.

Maximum number of keepalive requests

When keepalive is on, this option sets the number of requests that a single TCP connection serves. For better resource usage, set the maximum number of keepalive requests to 100 or higher. For more information on how to set the max keep alive requests in Apache, see MaxKeepAliveRequests Directive in Apache. For more information on how to set the keepalive requests in NGINX, see keepalive_requests on the NGINX website.

AcceptFilter

By default, AcceptFilter is turned on. AcceptFilter tells Apache to use the TCP_DEFER_ACCEPT option for the connections. This setting can cause the TCP socket to be in a half-open state. In this state, the load balancer assumes that the connection is established, but the backend instance doesn't have the connection established. Half-open connections are more common in low-volume load balancers where connections have time to age before they're used. For more information on how to configure AcceptFilter in Apache, see AcceptFilter Directive on the Apache website. For more information on how to configure AcceptFilter in NGINX, see listen on the NGINX website.

Logging

To turn on the %{X-Forwarded-For}i option so that Apache displays the ELB x-forwarded-for header in its logs for each request, run the following command:

LogFormat "%{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %b %D \"%{Referer}i\" \"%{User-Agent}i\"" combined

In the preceding command, the ELB x-forwarded-for header contains the IP address of the original client. The %D option adds the time needed to complete each request to the access logs.

Apache

The Apache Marketplace Metering (MPM) event module can prematurely close connections from load balancers. Prematurely closed connections cause HTTP 502 errors for Application Load Balancer and HTTP 504 errors for Classic Load Balancer. It's a best practice to use the MPM worker module to decrease this behavior.

Note: After you update your configuration, restart Apache or NGINX.

Related information

Registered instances for your Classic Load Balancer

Configure your Classic Load Balancer

AWS OFFICIAL
AWS OFFICIALUpdated 3 months ago