Upstream#
Provides context for describing groups of servers that can be used in the proxy_pass directive. Describes a group of servers. Servers can listen on different ports. In addition, servers listening on TCP and UNIX domain sockets can be mixed. Example: By default, connections are distributed between the servers using a weighted round-robin balancing method. In the above example, each 7 connections will be distributed as follows: 5 connections go to backend1.example.com:1935 and one connection to each of the second and third servers. If an error occurs during communication with a server, the connection will be passed to the next server, and so on until all of the functioning servers will be tried. If communication with all servers fails, the connection will be closed. Defines the address and other parameters of a server. The address can be specified as a domain name or IP address with an obligatory port, or as a UNIX domain socket path specified after the The following parameters can be defined: Sets the weight of the server; by default, 1. Limits the maximum number of simultaneous active connections to the proxied server. Default value is Here, an unsuccessful attempt is an error or timeout while establishing a
connection with the server. Note If a If an upstream contains only one server
after all its The default number of attempts. Disables the accounting of attempts. By default, this is set to 10 seconds. Note If a If an upstream contains only one server
after all its Marks the server as a backup server. It will be passed requests when the primary servers are unavailable. Marks the server as permanently unavailable. Marks the server as draining; this means
it receives only requests from the sessions
that were bound earlier with sticky.
Otherwise it behaves similarly to Warning The The Added in version 1.3.0. Enables monitoring changes to the list of IP addresses that
corresponds to a domain name, updating it without a configuration reload.
The group must reside in a
shared memory zone;
also, a resolver must be defined. Enables resolving DNS SRV records and sets the service name.
For this parameter to work, the resolve parameter must also be specified,
without specifying the server port in the hostname. If there are no dots in the service name,
the name is formed according to the RFC standard:
the service name is prefixed with Angie resolves the SRV records
by combining the normalized service name and the hostname
and obtaining the list of servers for the combination via DNS,
along with their priorities and weights. Top-priority SRV records
(ones that share the minimum priority value)
resolve into primary servers,
and other records become backup servers.
If Weight is similar to the This example will look up the Added in version 1.2.0: Angie Added in version 1.1.0-P1: Angie PRO Sets the server ID in the group. If the parameter is not specified,
the ID is set as a hexadecimal MD5 hash
of the IP address and port or UNIX domain socket path. Added in version 1.4.0. Sets the time for a server to recover its weight
when returning to service
with round-robin or least_conn
load balancing methods. If the parameter is set
and a server is again considered healthy
after a failure according to max_fails and upstream_probe (PRO),
the server gradually recovers its designated weight
over the specified time period. If the parameter is not set,
in a similar situation
the server immediately starts working with its designated weight. Note If only one Added in version 1.4.0: PRO Specifies the file where the upstream server list is persistently stored.
When installing from
our packages,
a dedicated directory
The server list format here is similar to Warning To use the Defines the name and size of the shared memory zone that stores the group's configuration and runtime state, shared between worker processes. Multiple groups can use the same zone. In this case, it is sufficient to specify the size only once. Added in version 1.10.0: PRO The directive enables the ability to start server selection not from the primary group,
but from the active group, i.e., the one where a server was successfully found previously.
If a server cannot be found in the active group for the next request,
and the search moves to the backup group,
this backup group becomes active,
and subsequent requests are first directed to servers in this group. If the Example: If the load balancer switches from primary servers to the backup group,
all subsequent requests are handled by this backup group for 2 minutes.
After 2 minutes expire, the load balancer re-checks the primary servers
and makes them active again if they are working normally. Added in version 1.7.0: PRO Default — upstream Enables a feedback-based load balancing mechanism for the The following parameters can be specified: The variable from which the feedback value is taken.
It should represent a performance or health metric;
it is assumed to be provided by the server. The value is evaluated with each response from the server
and factored into the moving average
according to If the parameter is set, the feedback value is interpreted inversely:
lower values indicate better performance. The factor by which the feedback value is weighted
when calculating the average.
Valid values are integers from 0 to 99.
Default is The average is calculated using the exponential smoothing formula. The larger the factor, the less new values affect the average;
if Specifies a condition variable
that controls how connections are accounted for in the calculation.
The average value is updated with the feedback value
only if the condition variable
is not equal to Note By default, traffic from probes
is not included in the calculation;
combining the $upstream_probe variable
with Example: This configuration categorizes servers by feedback levels
based on protocols used in individual sessions,
and also adds a condition on $upstream_probe
to account only for Specifies a load balancing method for the group where client-server mapping is determined using a hashed key value. The key can contain text, variables, and their combinations. Usage example: The method is compatible with the Perl Cache::Memcached library. If the Specifies a load balancing method for the group where a connection is passed to the server with the least number of active connections, taking into account server weights. If several servers are suitable, they are selected cyclically (round-robin) with their weights taken into account. Default — upstream Specifies a load balancing method for the group where the probability of passing
a connection to an active server is inversely proportional to its average
response time; the lower the time, the more connections the server will receive. The directive considers the average time to establish a connection. The directive uses the average time to receive the first byte of the response. The directive uses the average time to receive the full response. Added in version 1.7.0: PRO Serves the same function as response_time_factor (PRO)
and overrides it if the parameter is set. Specifies a condition variable
that controls which connections are accounted for in the calculation.
The average value is updated
only if the connection's condition variable
is not equal to Note By default, probes
are not included in the calculation;
combining the $upstream_probe variable
with The current values are presented as Specifies a load balancing method for the group where a connection is passed to a randomly selected server, taking into account server weights. If the optional Sets the smoothing factor for the least_time (PRO) load balancing method,
using the previous value when calculating the average response time
according to the exponential weighted moving average formula. The larger the specified number, the less new values influence the average;
if The current calculation results are presented as Note Only successful responses are considered in the calculation;
what constitutes an unsuccessful response
is determined by the proxy_next_upstream directives. Added in version 1.6.0: Angie Added in version 1.6.0: Angie PRO Default — upstream Configures sticky sessions between clients and upstream servers,
depending on the mode specified in the first parameter.
To gradually take servers with Warning The This mode uses predefined route identifiers that may be derived from connection metadata.
It's less flexible because it depends on known identifiers,
but is useful when such values are already available. When a connection is established, the backend server can assign a route ID
and return it using a method both sides understand.
This route ID must match the sid parameter
from the server directive.
If sticky_secret is configured,
the ID is hashed. Future connections that include this ID will be routed back to the same server,
assuming Angie can retrieve the ID from a specified variable. The directive takes a list of variables to extract the route ID.
The first non-empty value is compared to each server’s sid.
If a match is found, the connection is routed accordingly.
Otherwise, the default load balancing method is used. Example using This mode assigns clients to backend servers dynamically
using session IDs derived from connection metadata.
Sessions are stored in shared memory and can be reused for future connections. Use The first non-empty Sessions are stored in a shared memory zone specified by By default, the session's expiration is extended on each use.
Use Incoming connections that include a matching session ID
(via Use Example using This mode allows sessions to be dynamically created and retrieved
from an external session store using Unlike General workflow: Extract session ID from the first non-empty Send a synchronous HTTP subrequest to the remote store
(defined by The session ID (variable $sticky_sessid) The chosen server's ID — from the These variables are exposed to the HTTP context as
The remote store responds: 200/201/204: confirms the selected server May also return an alternate server ID via header (handled by Any other status or missing ID: fallback to original server Server ID from the response is extracted using Example configuration: Example remote store response: Angie exposes: Since The Servers marked Servers exceeding Servers with If a previously unavailable server recovers, You can further adjust sticky behavior using
sticky_secret and sticky_strict.
If no matching server is found or it's unavailable: With With Each Added in version 1.6.0: Angie Added in version 1.6.0: Angie PRO Adds the string as salt to the MD5 hashing function
for the sticky directive in The salt is appended after the hashed value;
to independently verify the hashing mechanism: Added in version 1.6.0: Angie Added in version 1.6.0: Angie PRO When enabled, Angie will return a connection error to the client
if the target server is unavailable,
instead of falling back to another available server,
which is the default behavior when no matching server is found. The Used with Used with stores the IP address and port, or the path to the UNIX domain socket of the upstream server. If several servers were contacted during proxying, their addresses are separated by commas, e.g.: 192.168.1.1:1935, 192.168.1.2:1935, unix:/tmp/sock If a server cannot be selected, the variable keeps the name of the server group. number of bytes received from an upstream server. Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable. number of bytes sent to an upstream server. Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable. time to connect to the upstream server; the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas and colons like addresses in the $upstream_addr variable. time to receive the first byte of data; the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the $upstream_addr variable. session duration in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the $upstream_addr variable. Status of sticky connections. Connection routed to upstream without sticky enabled. Connection without sticky information. Connection with sticky information routed to the desired backend. Connection with sticky information routed to the backend
selected by the load balancing algorithm. Values from multiple connections are separated by commas and colons,
similar to addresses in the $upstream_addr variable.Configuration Example#
upstream backend {
hash $remote_addr consistent;
zone backend 1m;
server backend1.example.com:1935 weight=5;
server unix:/tmp/backend3;
server backend3.example.com service=_example._tcp resolve;
server backup1.example.com:1935 backup;
server backup2.example.com:1935 backup;
}
resolver 127.0.0.53 status_zone=resolver;
server {
listen 1936;
proxy_pass backend;
}
Directives#
upstream#
upstream backend {
server backend1.example.com:1935 weight=5;
server 127.0.0.1:1935 max_fails=3 fail_timeout=30s;
server unix:/tmp/backend2;
server backend3.example.com:1935 resolve;
server backup1.example.com:1935 backup;
}
server#
unix:
prefix. A domain name that resolves to several IP addresses defines multiple servers at once.weight=
numbermax_conns=
number0
, meaning there is no limit. If the server group does not reside in the shared memory, the limitation works per each worker process.max_fails=
number — sets the number of unsuccessful attempts
to communicate with the server
that should happen in the duration set by fail_timeout
to consider the server unavailable;
it is then retried after the same duration.server
directive in a group resolves into multiple servers,
its max_fails
setting applies to each server individually.server
directives are resolved,
the max_fails
setting has no effect and will be ignored.max_fails=1
max_fails=0
fail_timeout=
time — sets the period of time during which a specified number of
unsuccessful attempts to communicate with the server (max_fails) should happen to consider the server unavailable.
The server then remains unavailable for the same amount of time
before it is retried.server
directive in a group resolves into multiple servers,
its fail_timeout
setting applies to each server individually.server
directives are resolved,
the fail_timeout
setting has no effect and will be ignored.backup
down
drain
(PRO)down
.backup
parameter cannot be used along with the hash and random load balancing methods.down
and drain
parameters are mutually exclusive.resolve
service=
name_
,
then _tcp
is added after a dot.
Thus, the service name http
will result in _http._tcp
.backup
is set with server
,
top-priority SRV records resolve into backup servers,
and other records are ignored.weight
parameter of the server
directive.
If weight is set by both the directive and the SRV record,
the weight set by the directive is used._http._tcp.backend.example.com
record:server backend.example.com service=http resolve;
sid=
idslow_start=
timeserver
is specified in the upstream,
slow_start
has no effect and will be ignored.state (PRO)#
/var/lib/angie/state/
(/var/db/angie/state/
on FreeBSD)
is created with appropriate permissions for storing such files,
so you only need to add the filename in the configuration:upstream backend {
zone backend 1m;
state /var/lib/angie/state/<FILE NAME>;
}
s_server
.
The file contents change whenever servers are modified in the
/config/stream/upstreams/ section
via the configuration API.
The file is read at Angie startup or configuration reload.state
directive in an upstream
block,
there should be no server
directives in it,
but a shared memory zone (zone) is required.zone#
backup_switch (PRO)#
permanent
parameter is defined without a time value,
the group remains active after selection,
and automatic re-checking of groups with lower priority levels does not occur.
If time is specified,
the active status of the group expires after the specified interval,
and the load balancer again checks groups with lower priority levels,
returning to them if the servers are working normally.upstream media_backend {
server primary1.example.com:1935;
server primary2.example.com:1935;
server reserve1.example.com:1935 backup;
server reserve2.example.com:1935 backup;
backup_switch permanent=2m;
}
feedback (PRO)#
feedback
variable [inverse
] [factor=
number] [account=
condition_variable];upstream
.
It dynamically adjusts load balancing decisions
by multiplying each proxied server's weight by the average feedback value,
which changes over time based on the variable value
and is subject to an optional condition.variable
inverse
and factor
settings.inverse
factor
90
.90
is specified, 90% of the previous value will be taken
and only 10% of the new value.account
""
or "0"
.account
allows including them
or even excluding everything else.upstream backend {
zone backend 1m;
feedback $feedback_value factor=80 account=$condition_value;
server backend1.example.com:1935 weight=1;
server backend2.example.com:1935 weight=2;
}
map $protocol $feedback_value {
"TCP" 100;
"UDP" 75;
default 10;
}
map $upstream_probe $condition_value {
"high_priority" "1";
"low_priority" "0";
default "1";
}
high_priority
probes
or regular client sessions.hash#
hash $remote_addr;
consistent
parameter is specified, the ketama consistent hashing method will be used instead of the above method. The method ensures that when a server is added to or removed from the group, only a minimal number of keys will be remapped to other servers. Using the method for caching servers provides a higher cache hit ratio. The method is compatible with the Perl Cache::Memcached::Fast library with the ketama_points parameter set to 160.least_conn#
least_time (PRO)#
least_time
connect
| first_byte
| last_byte
[factor=
number] [account=
condition_variable];connect
first_byte
last_byte
factor
account
""
or "0"
.account
allows including them
or even excluding everything else.connect_time
, first_byte_time
,
and last_byte_time
in the server's health
object
among the upstream metrics in the API.random#
two
parameter is specified, Angie randomly selects two servers and then chooses a server using the specified method. The default method is least_conn, which passes a connection to the server with the least number of active connections.response_time_factor (PRO)#
90
is specified, 90% of the previous value will be taken,
and only 10% of the new value. Valid values range from 0 to 99 inclusive.connect_time
(connection
establishment time), first_byte_time
(time to receive the first
byte of the response), and last_byte_time
(time to receive the complete
response) in the server's health
object among the upstream
metrics in the API.sticky#
sticky route
$variable...;sticky learn
zone=
zone create=
$create_var1... lookup=
$lookup_var1... [connect] [norefresh
] [timeout=
time];sticky learn
lookup=
$lookup_var1... remote_action=
uri remote_result=
$remote_var [remote_uri=
uri];sticky
out of rotation,
you can use the drain
option (PRO) in the server block.sticky
directive must appear after all load balancing method directives,
otherwise it won’t work.$route
, mapped from $ssl_preread_server_name:stream {
map $ssl_preread_server_name $route {
a.example.com a;
b.example.com b;
default "";
}
upstream backend {
server 127.0.0.1:8081 sid=a;
server 127.0.0.1:8082 sid=b;
sticky route $route;
}
server {
listen 127.0.0.1:8080;
ssl_preread on;
proxy_pass backend;
}
}
create
to define how new session IDs are generated,
and lookup
to define how they are retrieved.
Multiple variables can be specified for each.create
variable defines the session ID,
e.g., the backend server name.zone
.
If a session isn't accessed for timeout
(default: 1 hour),
it is removed.norefresh
to disable this behavior.lookup
) are routed to the corresponding server.
If no match is found or the server is unavailable,
the normal balancing method is used.connect
to create the session as soon as the upstream connection is established.
Without it, session creation is deferred until after processing completes.
(For UDP, sessions are created immediately after server selection.)$rdp_cookie
for both lookup and create:stream {
upstream backend {
server 127.0.0.1:3390 sid=a;
server 127.0.0.1:3391 sid=b;
sticky learn lookup=$rdp_cookie create=$rdp_cookie zone=sessions:1m;
}
server {
listen 127.0.0.1:3389;
ssl_preread on;
proxy_pass backend;
}
}
remote_action
and remote_result
.learn
with zone
,
this mode doesn't cache sessions locally
and makes a request to the remote store for every connection.remote_action
must refer to a location
inside the client block.
remote_uri
defines the request URI (defaults to /
)
and may include variables.lookup
variable.
If none is found, normal balancing is used.remote_action
) including:sid=
parameter
or a hashed server name (variable $sticky_sid)$stream_sticky_sessid
and $stream_sticky_sid
,
allowing direct use in headers via proxy_set_header.remote_result
)remote_result
,
referencing upstream_http_*
variables created by Angie
from HTTP headers.http {
client {
location @sticky_client1 {
proxy_set_header X-Sticky-Sessid $stream_sticky_sessid;
proxy_set_header X-Sticky-Sid $stream_sticky_sid;
proxy_set_header X-Sticky-Last $msec;
proxy_pass http://127.0.0.1:8080;
proxy_cache remote;
proxy_cache_valid 200 1d;
proxy_cache_key $scheme$proxy_host$request_uri$stream_sticky_sessid;
}
}
}
stream {
upstream u {
server 127.0.0.1:8081 sid=backend-01;
server 127.0.0.1:8082 sid=backend-02;
sticky learn lookup=$remote_addr
remote_action=@sticky_client1
remote_result=$upstream_http_x_sticky_sid
remote_uri=/foo;
}
server {
listen 127.0.0.1:8080;
proxy_pass u;
}
}
HTTP/1.1 200 OK
...
X-Sticky-Sid: backend-01
X-Session-Info: active
$upstream_http_x_sticky_sid
= backend-01
$upstream_http_x_session_info
= active
$upstream_http_x_sticky_sid
is specified in remote_result
,
it is used to select the corresponding sid
.sticky
directive considers upstream server state:down
or temporarily unavailable are skipped.max_conns
are temporarily skipped.drain
(PRO) may still be selected if their sid matches.sticky
will resume using it.sticky_strict
disabled: fallback to default balancing.sticky_strict on;
: request is rejected.zone
used in sticky
must be exclusive to a single upstream
.
Zones cannot be shared across multiple upstream
blocks.sticky_secret#
route
mode.
The string may contain variables, for example, $remote_addr
:upstream backend {
server 127.0.0.1:8081 sid=a;
server 127.0.0.1:8082 sid=b;
sticky route $route;
sticky_secret my_secret.$remote_addr;
}
$ echo -n "<VALUE><SALT>" | md5sum
sticky_strict#
Built-in Variables#
stream_upstream
module supports the following built-in variables:$sticky_sessid
#remote_action
in sticky;
stores the initial session identifier taken from lookup
.$sticky_sid
#remote_action
in sticky;
stores the server identifier previously associated with the session.sticky_sid
contains the value of the sid=
parameter
from the server
directive in the upstream block, if specified,
or the MD5 hash of the server name.$upstream_addr
#$upstream_bytes_received
#$upstream_bytes_sent
#$upstream_connect_time
#$upstream_first_byte_time
#$upstream_session_time
#$upstream_sticky_status
#""
NEW
HIT
MISS