In the fifth installment of the Nginx Advanced series, the focus shifts beyond HTTP to the Stream module, which enables Nginx to handle TCP and UDP traffic with powerful load balancing capabilities.
Beyond HTTP
While Nginx is renowned for its HTTP serving capabilities, its Stream module extends functionality to other protocols. This module operates at the transport layer, allowing Nginx to manage TCP and UDP connections efficiently.
The stream {} Block
The core of this functionality is the stream {} configuration block. Similar to the http {} block, it provides directives for handling non-HTTP traffic. Within this block, administrators can define upstream groups and configure load balancing strategies for TCP and UDP services.
TCP Load Balancing Example
A practical example involves distributing TCP connections across multiple backend servers. By defining an upstream group with multiple servers and using standard load-balancing methods (e.g., round-robin, least connections), Nginx can balance traffic for services like SSH, database connections, or custom applications.
UDP for DNS
Nginx also supports UDP load balancing, which is particularly useful for DNS servers. Using the stream {} block with the udp directive, Nginx can distribute DNS queries across multiple resolvers, improving reliability and performance.
mTLS at Stream Layer
For enhanced security, Nginx can terminate or forward mutual TLS (mTLS) connections at the stream layer. This allows encrypted traffic to be inspected or routed without decryption, preserving end-to-end security while enabling intelligent load balancing.
Production Patterns
The video concludes with production-ready patterns, including health checks, session persistence, and logging strategies. These ensure that the load-balancing setup is robust and maintainable in real-world deployments.
This lesson builds on earlier performance-tuning concepts, emphasizing that Nginx is more than a web server—it's a versatile proxy and load balancer for any TCP/UDP traffic.