Upstream#

Provides context for describing groups of servers that can be used in the proxy_pass directive.

Configuration Example#

upstream backend {
    hash $remote_addr consistent;
    zone backend 1m;

    server backend1.example.com:1935  weight=5;
    server unix:/tmp/backend3;
    server backend3.example.com       service=_example._tcp resolve;

    server backup1.example.com:1935   backup;
    server backup2.example.com:1935   backup;
}

resolver 127.0.0.53 status_zone=resolver;

server {
    listen 1936;
    proxy_pass backend;
}

Directives#

upstream#

Syntax

upstream name { ... }

Default

Context

stream

Describes a group of servers. Servers can listen on different ports. In addition, servers listening on TCP and UNIX domain sockets can be mixed.

Example:

upstream backend {
    server backend1.example.com:1935 weight=5;
    server 127.0.0.1:1935            max_fails=3 fail_timeout=30s;
    server unix:/tmp/backend2;
    server backend3.example.com:1935 resolve;

    server backup1.example.com:1935  backup;
}

By default, connections are distributed between the servers using a weighted round-robin balancing method. In the above example, each 7 connections will be distributed as follows: 5 connections go to backend1.example.com:1935 and one connection to each of the second and third servers.

If an error occurs during communication with a server, the connection will be passed to the next server, and so on until all of the functioning servers will be tried. If communication with all servers fails, the connection will be closed.

server#

Syntax

server address [parameters];

Default

Context

upstream

Defines the address and other parameters of a server. The address can be specified as a domain name or IP address with an obligatory port, or as a UNIX domain socket path specified after the unix: prefix. A domain name that resolves to several IP addresses defines multiple servers at once.

The following parameters can be defined:

weight=number

Sets the weight of the server; by default, 1.

max_conns=number

Limits the maximum number of simultaneous active connections to the proxied server. Default value is 0, meaning there is no limit. If the server group does not reside in the shared memory, the limitation works per each worker process.

max_fails=number — sets the number of unsuccessful attempts to communicate with the server that should happen in the duration set by fail_timeout to consider the server unavailable; it is then retried after the same duration.

Here, an unsuccessful attempt is an error or timeout while establishing a connection with the server.

Note

If a server directive in a group resolves into multiple servers, its max_fails setting applies to each server individually.

If an upstream contains only one server after all its server directives are resolved, the max_fails setting has no effect and will be ignored.

max_fails=1

The default number of attempts.

max_fails=0

Disables the accounting of attempts.

fail_timeout=time — sets the period of time during which a specified number of unsuccessful attempts to communicate with the server (max_fails) should happen to consider the server unavailable. The server then remains unavailable for the same amount of time before it is retried.

By default, this is set to 10 seconds.

Note

If a server directive in a group resolves into multiple servers, its fail_timeout setting applies to each server individually.

If an upstream contains only one server after all its server directives are resolved, the fail_timeout setting has no effect and will be ignored.

backup

Marks the server as a backup server. It will be passed requests when the primary servers are unavailable.

down

Marks the server as permanently unavailable.

drain (PRO)

Marks the server as draining; this means it receives only requests from the sessions that were bound earlier with sticky. Otherwise it behaves similarly to down.

Caution

The backup parameter cannot be used along with the hash and random load balancing methods.

The down and drain parameters are mutually exclusive.

Added in version 1.3.0.

resolve

Enables monitoring changes to the list of IP addresses that corresponds to a domain name, updating it without a configuration reload. The group must reside in a shared memory zone; also, a resolver must be defined.

service=name

Enables resolving DNS SRV records and sets the service name. For this parameter to work, the resolve parameter must also be specified, without specifying the server port in the hostname.

If there are no dots in the service name, the name is formed according to the RFC standard: the service name is prefixed with _, then _tcp is added after a dot. Thus, the service name http will result in _http._tcp.

Angie resolves the SRV records by combining the normalized service name and the hostname and obtaining the list of servers for the combination via DNS, along with their priorities and weights.

  • Top-priority SRV records (ones that share the minimum priority value) resolve into primary servers, and other records become backup servers. If backup is set with server, top-priority SRV records resolve into backup servers, and other records are ignored.

  • Weight is similar to the weight parameter of the server directive. If weight is set by both the directive and the SRV record, the weight set by the directive is used.

This example will look up the _http._tcp.backend.example.com record:

server backend.example.com service=http resolve;

Added in version 1.2.0: Angie

Added in version 1.1.0-P1: Angie PRO

sid=id

Sets the server ID in the group. If the parameter is not specified, the ID is set as a hexadecimal MD5 hash of the IP address and port or UNIX domain socket path.

Added in version 1.4.0.

slow_start=time

Sets the time for a server to recover its weight when returning to service with round-robin or least_conn load balancing methods.

If the parameter is set and a server is again considered healthy after a failure according to max_fails and upstream_probe (PRO), the server gradually recovers its designated weight over the specified time period.

If the parameter is not set, in a similar situation the server immediately starts working with its designated weight.

Note

If only one server is specified in the upstream, slow_start has no effect and will be ignored.

state (PRO)#

Added in version 1.4.0: PRO

Syntax

state file;

Default

Context

upstream

Specifies the file where the upstream server list is persistently stored. When installing from our packages, a dedicated directory /var/lib/angie/state/ (/var/db/angie/state/ on FreeBSD) is created with appropriate permissions for storing such files, so you only need to add the filename in the configuration:

upstream backend {

    zone backend 1m;
    state /var/lib/angie/state/<FILE NAME>;
}

The server list format here is similar to s_server. The file contents change whenever servers are modified in the /config/stream/upstreams/ section via the configuration API. The file is read at Angie startup or configuration reload.

Caution

To use the state directive in an upstream block, there should be no server directives in it, but a shared memory zone (zone) is required.

zone#

Syntax

zone name [size];

Default

Context

upstream

Defines the name and size of the shared memory zone that stores the group's configuration and runtime state, shared between worker processes. Multiple groups can use the same zone. In this case, it is sufficient to specify the size only once.

backup_switch (PRO)#

Added in version 1.10.0: PRO

Syntax

backup_switch permanent[=time];

Default

Context

upstream

The directive enables the ability to start server selection not from the primary group, but from the active group, i.e., the one where a server was successfully found previously. If a server cannot be found in the active group for the next request, and the search moves to the backup group, this backup group becomes active, and subsequent requests are first directed to servers in this group.

If the permanent parameter is defined without a time value, the group remains active after selection, and automatic re-checking of groups with lower priority levels does not occur. If time is specified, the active status of the group expires after the specified interval, and the load balancer again checks groups with lower priority levels, returning to them if the servers are working normally.

Example:

upstream media_backend {
    server primary1.example.com:1935;
    server primary2.example.com:1935;

    server reserve1.example.com:1935 backup;
    server reserve2.example.com:1935 backup;

    backup_switch permanent=2m;
}

If the load balancer switches from primary servers to the backup group, all subsequent requests are handled by this backup group for 2 minutes. After 2 minutes expire, the load balancer re-checks the primary servers and makes them active again if they are working normally.

feedback (PRO)#

Added in version 1.7.0: PRO

Syntax

feedback variable [inverse] [factor=number] [account=condition_variable];

Default

Context

upstream

Enables a feedback-based load balancing mechanism for the upstream. It dynamically adjusts load balancing decisions by multiplying each proxied server's weight by the average feedback value, which changes over time based on the variable value and is subject to an optional condition.

The following parameters can be specified:

variable

The variable from which the feedback value is taken. It should represent a performance or health metric; it is assumed to be provided by the server.

The value is evaluated with each response from the server and factored into the moving average according to inverse and factor settings.

inverse

If the parameter is set, the feedback value is interpreted inversely: lower values indicate better performance.

factor

The factor by which the feedback value is weighted when calculating the average. Valid values are integers from 0 to 99. Default is 90.

The average is calculated using the exponential smoothing formula.

The larger the factor, the less new values affect the average; if 90 is specified, 90% of the previous value will be taken and only 10% of the new value.

account

Specifies a condition variable that controls how connections are accounted for in the calculation. The average value is updated with the feedback value only if the condition variable is not equal to "" or "0".

Note

By default, traffic from probes is not included in the calculation; combining the $upstream_probe variable with account allows including them or even excluding everything else.

Example:

upstream backend {

    zone backend 1m;

    feedback $feedback_value factor=80 account=$condition_value;

    server backend1.example.com:1935  weight=1;
    server backend2.example.com:1935  weight=2;
}

map $protocol $feedback_value {
    "TCP"                      100;
    "UDP"                      75;
    default                    10;
}

map $upstream_probe $condition_value {
    "high_priority" "1";
    "low_priority"  "0";
    default         "1";
}

This configuration categorizes servers by feedback levels based on protocols used in individual sessions, and also adds a condition on $upstream_probe to account only for high_priority probes or regular client sessions.

hash#

Syntax

hash key [consistent];

Default

Context

upstream

Specifies a load balancing method for the group where client-server mapping is determined using a hashed key value. The key can contain text, variables, and their combinations. Usage example:

hash $remote_addr;

The method is compatible with the Perl Cache::Memcached library.

If the consistent parameter is specified, the ketama consistent hashing method will be used instead of the above method. The method ensures that when a server is added to or removed from the group, only a minimal number of keys will be remapped to other servers. Using the method for caching servers provides a higher cache hit ratio. The method is compatible with the Perl Cache::Memcached::Fast library with the ketama_points parameter set to 160.

least_conn#

Syntax

least_conn;

Default

Context

upstream

Specifies a load balancing method for the group where a connection is passed to the server with the least number of active connections, taking into account server weights. If several servers are suitable, they are selected cyclically (round-robin) with their weights taken into account.

least_time (PRO)#

Syntax

least_time connect | first_byte | last_byte [factor=number] [account=condition_variable];

Default

Context

upstream

Specifies a load balancing method for the group where the probability of passing a connection to an active server is inversely proportional to its average response time; the smaller it is, the more connections the server will receive.

connect

The directive accounts for the average connection establishment time.

first_byte

The directive uses the average time to receive the first byte of the response.

last_byte

The directive uses the average time to receive the complete response.

Added in version 1.7.0: PRO

factor

Serves the same function as response_time_factor (PRO) and overrides it if the parameter is set.

account

Specifies a condition variable that controls which connections are accounted for in the calculation. The average value is updated only if the connection's condition variable is not equal to "" or "0".

Note

By default, probes are not included in the calculation; combining the $upstream_probe variable with account allows including them or even excluding everything else.

The current values are presented as connect_time, first_byte_time, and last_byte_time in the server's health object among the upstream metrics in the API.

random#

Syntax

random [two];

Default

Context

upstream

Specifies a load balancing method for the group where a connection is passed to a randomly selected server, taking into account server weights.

If the optional two parameter is specified, Angie randomly selects two servers and then chooses a server using the specified method. The default method is least_conn, which passes a connection to the server with the least number of active connections.

response_time_factor (PRO)#

Syntax

response_time_factor number;

Default

response_time_factor 90;

Context

upstream

Sets the smoothing factor for the least_time (PRO) load balancing method, using the previous value when calculating the average response time according to the exponential weighted moving average formula.

The larger the specified number, the less new values influence the average; if 90 is specified, 90% of the previous value will be taken, and only 10% of the new value. Valid values range from 0 to 99 inclusive.

The respective moving averages are presented as connect_time (connection establishment time), first_byte_time (time to receive the first byte of the response), and last_byte_time (time to receive the complete response) in the server's health object among the stream upstream metrics in the API.

Note

Only successful responses are considered in the calculation; what constitutes an unsuccessful response is determined by the proxy_next_upstream directives.

sticky#

Added in version 1.6.0: Angie

Added in version 1.6.0: Angie PRO

Syntax

sticky route $variable...;

sticky learn zone=zone create=$create_var1... lookup=$lookup_var1... [connect] [norefresh] [timeout=time];

sticky learn lookup=$lookup_var1... remote_action=uri remote_result=$remote_var;

Default

Context

upstream

Configures the binding of client sessions to proxied servers in the mode specified by the first parameter; to drain requests from servers that have the sticky directive configured, use the drain option (PRO) in the server block.

Attention

The sticky directive must be used after all directives that set the load balancing method; otherwise, it won't work.

This mode uses predefined route identifiers that can be embedded in connection properties accessible to Angie. It is less flexible because it relies on predefined values but is better suited if such identifiers are already in use.

Here, when establishing a connection, the proxied server can assign a route to the client and return its identifier in a manner known to both. The value of the sid parameter of the server directive must be used as the route identifier. Note that the parameter is additionally hashed if the sticky_secret directive is set.

Subsequent connections from clients wishing to use this route must contain the server-issued identifier in a way that ensures it ends up in Angie variables.

The directive parameters specify variables for routing. To select the server where the incoming connection is routed, the first non-empty variable is used; it is then compared with the sid parameter of the server directive. If selecting a server fails or the chosen server cannot accept the connection, another server is selected according to the configured balancing method.

Here, Angie looks for the route identifier in the $route variable, which gets its value based on $ssl_preread_server_name (note that ssl_preread must be enabled):

stream {

    map $ssl_preread_server_name $route {

        a.example.com            a;
        b.example.com            b;
        default                  "";
    }

    upstream backend {

        server 127.0.0.1:8081 sid=a;
        server 127.0.0.1:8082 sid=b;

        sticky route $route;
    }

    server {

        listen 127.0.0.1:8080;

        ssl_preread on;

        proxy_pass backend;
    }
}

sticky_strict#

Added in version 1.6.0: Angie

Added in version 1.6.0: Angie PRO

Syntax

sticky_strict on | off;

Default

sticky_strict off;

Context

upstream

When enabled, causes Angie to return a connection error to the client if the desired server is unavailable, instead of using any other available server as it would when no servers in the group are available.

sticky_secret#

Added in version 1.6.0: Angie

Added in version 1.6.0: Angie PRO

Syntax

sticky_secret string;

Default

Context

upstream

Adds the string as salt to the MD5 hashing function for the sticky directive in route mode. The string may contain variables, for example, $remote_addr:

upstream backend {
    server 127.0.0.1:8081 sid=a;
    server 127.0.0.1:8082 sid=b;

    sticky route $route;
    sticky_secret my_secret.$remote_addr;
}

Salt is appended after the hashed value; to independently verify the hashing mechanism:

$ echo -n "<VALUE><SALT>" | md5sum

Built-in Variables#

The stream_upstream module supports the following built-in variables:

$sticky_sessid#

Used with remote_action in sticky; stores the initial session identifier taken from lookup.

$sticky_sid#

Used with remote_action in sticky; stores the server identifier previously associated with the session.

sticky_sid contains the value of the sid= parameter from the server directive in the upstream block, if specified, or the MD5 hash of the server name.

$upstream_addr#

stores the IP address and port, or the path to the UNIX domain socket of the upstream server. If several servers were contacted during request processing, their addresses are separated by commas, e.g.:

192.168.1.1:1935, 192.168.1.2:1935, unix:/tmp/sock

If a server cannot be selected, the variable keeps the name of the server group.

$upstream_bytes_received#

number of bytes received from an upstream server. Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable.

$upstream_bytes_sent#

number of bytes sent to an upstream server. Values from several connections are separated by commas and colons like addresses in the $upstream_addr variable.

$upstream_connect_time#

time to connect to the upstream server; the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas and colons like addresses in the $upstream_addr variable.

$upstream_first_byte_time#

time to receive the first byte of data; the time is kept in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the $upstream_addr variable.

$upstream_session_time#

session duration in seconds with millisecond resolution. Times of several connections are separated by commas like addresses in the $upstream_addr variable.

$upstream_sticky_status#

Status of sticky connections.

""

Connection routed to upstream without sticky enabled.

NEW

Connection without sticky information.

HIT

Connection with sticky information routed to the desired backend.

MISS

Connection with sticky information routed to the backend selected by the load balancing algorithm.

Values from multiple connections are separated by commas and colons, similar to addresses in the $upstream_addr variable.