Web Server Load Balancing with NGINX Plus

Today we issued the third release in the 1.9 mainline series of NGINX. This brings with it a few new features as well as bug fixes. The main focus of this release was improving the Stream module, initially added in NGINX 1.9.0 for generic TCP proxying and load balancing. Most notably:

  • Bug fix for SO_REUSEPORT socket option with TCP – The reuseport parameter to the listen directive now works correctly for TCP connections.
  • Configurable queue length for pending TCP and mail connections – The backlog parameter to the listen directive is now available in the stream and mail modules.
  • Access control based on IP address for TCP connections – With the new Stream Access module, you can restrict access to a TCP stream to specified IP addresses or address ranges.

    The module goes through the list of IP addresses and ranges until a match is found and acts on it. For example, the following snippet allows TCP connection from any IP address in the 192.168.1.x range except, and blocks connections from any other IP address range:

    stream {
        server {
            # ...
            deny all;

In addition to those changes, the following new features have been added:

  • PROXY protocol support for TCP – The new proxy_protocol directive enables a header to be sent to the upstream server with details about the client connection.
  • Specify source IP address for connections to proxied servers – The new proxy_bind directive for TCP works like the existing HTTP directive: it makes connections to a proxied server originate from a specified local IP address.
  • REQUEST_SCHEME parameter – Support for the REQUEST_SCHEME parameter is added to the (HTTP) fastcgi_param directive and fastcgi.conf.
  • Configuration dumping – The new -T argument to the nginx command not only tests the configuration but gives much more verbose output including an entire dump of every configuration file parsed.
  • Bug fix for OCSP Stapling – Expired cached SSL handshake responses are no longer sent when the ssl_stapling on directive is configured. Thanks to Andrew Ayer for contributing a fix for this.

TCP load balancing is also available in NGINX Plus R6 with even more great features.

Updating NGINX

You can check your current NGINX version using nginx -v:

# nginx -v
nginx version: nginx/1.9.1

Updates for NGINX 1.9.x are available from (sources and prebuilt binary packages). If you’ve subscribed to NGINX through another channel (such as your operating system distributor), you can expect it to sync with the 1.9.2 update shortly.

[Editor – The features described in this post are also available in NGINX Plus Release 7 and later.

Hero image
免费 O'Reilly 电子书:
《NGINX 完全指南》

更新于 2022 年,一本书了解关于 NGINX 的一切


Andrew Hutchings

Senior Software Engineer

Andrew is a Developer Advocate and Systems Software Engineer specializing in open source Linux-based software. He’s worked on many popular open source projects in various roles, including OpenStack, Drizzle, and MySQL. He’s known to many as LinuxJedi.


F5, Inc. 是备受欢迎的开源软件 NGINX 背后的商业公司。我们为现代应用的开发和交付提供一整套技术。我们的联合解决方案弥合了 NetOps 和 DevOps 之间的横沟,提供从代码到用户的多云应用服务。访问 了解更多相关信息。