Nginx Load Balancer
Nginx started out as an open source web server designed for maximum performance and stability. Today, however, it also serves as a reverse proxy, HTTP load balancer, and email proxy for IMAP, POP3, and SMTP.
- Four servers with Ubuntu 18.04 and Ant Media Enterprise installed
- One server with Ubuntu 18.04 installed for Nginx Load Balancer
- One server with Ubuntu 18.04 installed for MongoDB Server (Optional)
This document compatible all Debian based os (Debian, Ubuntu, etc.)
We prefer to install latest Nginx version
Install the prerequisites
sudo apt install curl ca-certificates lsb-release -y
To set up the apt repository for stable nginx packages, run the following command:
echo "deb http://nginx.org/packages/`lsb_release -d | awk '{print $2}' | tr '[:upper:]' '[:lower:]'` `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
import an official nginx signing key
curl -fsSL https://nginx.org/keys/nginx_signing.key | sudo apt-key add -
run the following commands to install nginx
apt update
apt install nginx -y
run the following commands to install certbot
apt install certbot python-certbot-nginx
run the following commands to create certificate
certbot --nginx -d yourdomain.com -d www.yourdomain.com
crontab -e
0 0 */80 * * root certbot -q renew --nginx
mv /etc/nginx/nginx.conf{,_bck}
create new a nginx.conf file with your favorite editor
vim /etc/nginx/nginx.conf
In that file, copy the following contents
# RTMP stream configuration
stream {
upstream stream_backend {
hash least_conn;
server AMS_ORIGIN1_IP:1935;
server AMS_ORIGIN2_IP:1935;
}
server {
listen 1935;
proxy_pass stream_backend;
proxy_timeout 3s;
proxy_connect_timeout 1s;
}
}
user nginx;
worker_processes auto;
pid /var/run/nginx.pid;
worker_rlimit_nofile 1048576;
events {
worker_connections 1048576;
multi_accept on;
use epoll;
}
http {
#Ant Media Origin
upstream antmedia_origin {
ip_hash;
server AMS_ORIGIN1_IP:5080;
server AMS_ORIGIN2_IP:5080;
}
#Ant Media Edge
upstream antmedia_edge {
ip_hash;
server AMS_EDGE1_IP:5080;
server AMS_EDGE2_IP:5080;
}
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
keepalive_timeout 300s;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# ssl settings
ssl_protocols TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# logs settings
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"'
'"$hostname" "upstream: $upstream_addr"';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# gzip
gzip on;
gzip_disable "msie6";
gzip_http_version 1.1;
gzip_comp_level 6;
gzip_types text/plain text/css application/json application/javascript text/javascript application/x-javascript text/xml application/xml application/xml+rss application/vnd.ms-fontobject application/x-font-ttf font/opentype font/x-woff image/svg+xml image/x-icon;
# proxy settings
proxy_redirect off;
proxy_http_version 1.1;
proxy_read_timeout 10s;
proxy_send_timeout 10s;
proxy_connect_timeout 10s;
#redirect all http requests to https
server {
listen 80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
#Origin Configuration
server {
listen 5443 ssl;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
server_name yourdomain.com;
location / {
proxy_pass http://antmedia_origin;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
#Edge Configuration
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
server_name yourdomain;
location / {
proxy_pass http://antmedia_edge;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
}
}
Save and close that file.
On our server, we have to remove the symbolic link to default, in the /etc/nginx/sites-enabled folder.
sudo rm /etc/nginx/sites-enabled/default
nginx -t
systemctl enable nginx
systemctl restart nginx
You can install MongoDB to an instance or even you can make cluster installation for MongoDB
If you wish, you can install MongoDB on another server. Here we chose to install on Load Balancer.
Follow 1. step in the reference link
Reference Link: https://github.com/ant-media/Ant-Media-Server/wiki/Scaling-and-Load-Balancing#1-installing-databasemongodb
Reference Link : https://github.com/ant-media/Ant-Media-Server/wiki/Scaling-and-Load-Balancing#2-installing-origin-group-and-edge-group