Nginx Load Balancer Config Generator

Generate an nginx upstream + load balancer config with round-robin, least_conn, ip_hash, weights, health checks, and keepalive

Load Balancer modepreset

Define an upstream pool with the load-balancing method that fits your traffic.

Switch mode:

Server

server_name

HTTP portEnable HTTPS listen

Upstream pool

upstream nameMethod

Servers

Add /health endpointProxy front (proxy_pass)

Common

Gzip compressionSecurity headers (X-Content-Type, Frame-Options, Referrer-Policy)

access_logerror_log

Custom add_header lines

nginx.conf preview

Drop into /etc/nginx/conf.d/ or/etc/nginx/sites-available/.

upstream backend {
  least-conn;
  server app1.internal:3000;
  server app2.internal:3000;
  server app3.internal:3000;
}

server {
  listen 80;
  listen [::]:80;
  server_name example.com;

  # Recommended security headers
  add_header X-Content-Type-Options nosniff always;
  add_header X-Frame-Options SAMEORIGIN always;
  add_header Referrer-Policy strict-origin-when-cross-origin always;

  # Compression
  gzip            on;
  gzip_vary       on;
  gzip_min_length 1024;
  gzip_proxied    any;
  gzip_comp_level 5;
  gzip_types      text/plain text/css application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;

  access_log /var/log/nginx/access.log;
  error_log  /var/log/nginx/error.log warn;

  location / {
    proxy_pass http://backend;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP        $remote_addr;
    proxy_set_header X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Host $host;
    proxy_connect_timeout 60s;
    proxy_send_timeout    60s;
    proxy_read_timeout    60s;
  }
}

Validate before reloading

sudo nginx -t && sudo systemctl reload nginx

Heads up

Replace `example.com` with your real hostname before deploying.

Loading tool...

What is Nginx Load Balancer Config Generator

Written by Giorgos Kostas. Last reviewed: April 18, 2026

Nginx Load Balancer Config Generator emits an `upstream` block listing your backend servers, plus a server block that proxies to it with the load-balancing method that fits your traffic.

It supports the four built-in OSS Nginx methods: round-robin (default), `least_conn`, `ip_hash` (sticky by client IP), and consistent `hash $remote_addr`.

Why use it

Drop in dozens of upstream entries from a labelled list instead of hand-editing brace-matched blocks.
Switch load-balancing methods from a dropdown — IP hash for sticky sessions, least_conn for long-lived connections, hash for cache-friendly distribution.
Add an explicit `/health` endpoint that checks any one upstream from the same listener.
Combines cleanly with the Nginx SSL generator for HTTPS-fronted load balancing.

Features

Add / remove upstream servers in a labelled list
Method selector: round-robin, least_conn, ip_hash, hash
Optional `/health` endpoint
Combines with proxy headers, gzip, security headers

How to use Nginx Load Balancer Config Generator

Name the upstream. Give it a short identifier (e.g. `backend`).
Add server entries. host:port for each upstream — IPs or DNS names.
Pick a method. Least connections is a strong default for most APIs.
Deploy. Copy + drop into Nginx, `nginx -t`, reload.

Example (before/after)

Form input

upstream name = backend
servers       = app1:3000, app2:3000, app3:3000
method        = least_conn
proxy_pass    = http://backend

Generated config

upstream backend {
  least_conn;
  server app1:3000;
  server app2:3000;
  server app3:3000;
}
server {
  listen 80;
  server_name api.example.com;
  location / {
    proxy_pass http://backend;
    ...
  }
}

Common errors

Sessions reset after every refresh

Round-robin sends each request to a different upstream that doesn't share session state.

Fix: Switch to `ip_hash` or move sessions to a shared store (Redis) and stay on round-robin.

One upstream eats all traffic

DNS round-robin or a stuck `keepalive` pool can pin Nginx to one server.

Fix: Set `keepalive 32;` inside the upstream block and verify each server name resolves correctly.

Active health checks not happening

Built-in OSS Nginx only does passive checks (mark dead on failure).

Fix: Use NGINX Plus or the `nginx_upstream_check_module` patch for active checks; the `/health` endpoint here probes once per request.

FAQ

Which load-balancing method is the right default?

Least connections (`least_conn`) for long-lived requests (websockets, slow APIs). Round robin for short stateless requests. IP hash if you can't move session state out of the upstream. Consistent hash for cache-friendly partitioning.

How does this differ from the reverse-proxy generator?

The reverse-proxy generator targets a single upstream URL. The load balancer generator emits an `upstream { ... }` block with multiple `server` lines and a method, then proxies to the named upstream.

Can I add weights or backup servers?

Append `weight=N` or `backup` to a server line after copying, e.g. `server app1:3000 weight=3;`. The form intentionally keeps inputs simple.

Does Nginx do active health checks?

OSS Nginx only does passive checks (a server is marked unavailable for `fail_timeout` after `max_fails`). Active checks need NGINX Plus or a third-party module.

What's the difference between ip_hash and the hash directive?

`ip_hash` always uses the client IP. `hash $remote_addr consistent` uses a configurable key with consistent hashing — better for cache partitioning when servers are added or removed.

Where do I add SSL termination?

Use the Nginx SSL Config Generator for the front server, then paste the upstream block from this tool. Or extend the output with the `listen 443 ssl;` directives.

Related tools

Round out the load-balanced stack. You can also browse the full DevOps & Infra category for more options.

Nginx Reverse Proxy Generator

Generate a production-ready nginx.conf for reverse proxying with proxy_pass, headers, timeouts, and gzip from a focused form

Nginx SSL Config Generator

Generate an HTTPS-ready nginx.conf with SSL certificate paths, modern protocols, ciphers, HSTS, and HTTP-to-HTTPS redirect

Nginx WebSocket Proxy Generator

Generate an nginx config for proxying WebSocket connections with Upgrade and Connection headers and long read timeouts

Docker Compose Validator

Validate docker-compose.yml against the Compose Spec schema with hand-written lints (port collisions, undefined networks, depends_on cycles)

Kubernetes YAML Explorer

Explore multi-document Kubernetes manifests grouped by kind with a cross-reference graph (Service to Deployment, ConfigMap mounts, Ingress backends)

Nginx Static Site Config Generator

Generate an nginx.conf for serving a static site with try_files, SPA fallback, gzip, brotli, and aggressive cache headers

ENV File Editor

Edit .env files in a key/value table with type detection, masked secrets, duplicate-key warnings, and export to JSON, YAML, shell, or docker-compose