oib/aitbc
1
0
Fork 0
Code Issues Pull Requests Actions 7 Packages Projects Releases Wiki Activity
Files
main
aitbc/infra/nginx/nginx-geo-lb.conf
AITBC System b033923756 chore: normalize file permissions across repository 
- Remove executable permissions from configuration files (.editorconfig, .env.example, .gitignore)
- Remove executable permissions from documentation files (README.md, LICENSE, SECURITY.md)
- Remove executable permissions from web assets (HTML, CSS, JS files)
- Remove executable permissions from data files (JSON, SQL, YAML, requirements.txt)
- Remove executable permissions from source code files across all apps
- Add executable permissions to Python
2026-03-08 11:26:18 +01:00

86 lines
2.6 KiB
Plaintext
Raw Permalink Blame History

# Geographic Load Balancing Nginx Configuration
# Distributes traffic to the closest regional endpoint based on the client's IP
# Ensure Nginx is compiled with the GeoIP module:
# nginx -V 2>&1 | grep -- --with-http_geoip_module
# Define the GeoIP database location
geoip_country /usr/share/GeoIP/GeoIP.dat;
geoip_city /usr/share/GeoIP/GeoIPCity.dat;
# Map the continent code to an upstream backend
map $geoip_city_continent_code $closest_region {
default us_east_backend; # Default fallback
# North America
NA us_east_backend;
# Europe
EU eu_central_backend;
# Asia
AS ap_northeast_backend;
# Oceania, Africa, South America could map to the nearest available
OC ap_northeast_backend;
AF eu_central_backend;
SA us_east_backend;
}
# Define the upstream backends for each region
upstream us_east_backend {
# US East instances
server 10.1.0.100:8000 max_fails=3 fail_timeout=30s;
server 10.1.0.101:8000 max_fails=3 fail_timeout=30s backup;
keepalive 32;
}
upstream eu_central_backend {
# EU Central instances
server 10.2.0.100:8000 max_fails=3 fail_timeout=30s;
server 10.2.0.101:8000 max_fails=3 fail_timeout=30s backup;
keepalive 32;
}
upstream ap_northeast_backend {
# AP Northeast instances
server 10.3.0.100:8000 max_fails=3 fail_timeout=30s;
server 10.3.0.101:8000 max_fails=3 fail_timeout=30s backup;
keepalive 32;
}
server {
listen 80;
listen 443 ssl http2;
server_name api.aitbc.dev;
# SSL configuration (omitted for brevity, assume Let's Encrypt managed)
# ssl_certificate /etc/letsencrypt/live/api.aitbc.dev/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/api.aitbc.dev/privkey.pem;
# Add headers to indicate routing decisions for debugging
add_header X-Region-Routed $closest_region always;
add_header X-Client-Continent $geoip_city_continent_code always;
location / {
# Proxy traffic to the mapped upstream region
proxy_pass http://$closest_region;
# Standard proxy headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Enable keepalive
proxy_http_version 1.1;
proxy_set_header Connection "";
}
# Health check endpoint for external load balancers/monitors
location /health {
access_log off;
return 200 "OK\n";
}
}
Reference in New Issue View Git Blame Copy Permalink