# L7 Balancer Configuration & Advanced Routing


This guide provides comprehensive documentation for Zerops L7 HTTP balancer configuration and advanced routing features. For basic setup instructions, see the [Domain & Access Configuration](/features/access) guide.

The L7 HTTP Balancer handles all HTTP/HTTPS traffic and provides advanced application-layer capabilities:

**Functions:**
- SSL/TLS termination with automatic certificate management
- Domain routing and virtual host management
- Load balancing across multiple service instances
- Advanced routing features (redirects, access policies, rate limiting)
- Performance optimization through caching and compression

**Architecture:**
- Deployed in two containers for high availability
- Scales automatically based on traffic patterns
- Integrated with Let's Encrypt for SSL certificates
- Configurable through advanced balancer settings

## L7 HTTP Balancer Configuration

Access the advanced balancer configuration through your project's HTTP Balancer section → **Advanced balancer configuration**.

### Connection Handling

Configure how the balancer manages client connections:

| Setting | Default | Range | Parameter |
| --- | --- | --- | --- |
| Maximum simultaneous connections per worker | 4000 | 1024-65535 | worker_connections |
| Accept multiple connections at once | on | on/off | multi_accept |
| How long to keep idle connections open | 30s | 1s-300s | keepalive_timeout |
| Maximum number of requests per connection | 100000 | 1-1000000 | keepalive_requests |

:::tip Recommendations
- **High-traffic websites**: Increase `worker_connections` to 8000 or higher
- **API services**: Adjust `keepalive_timeout` to 60 for longer connections
- **WebSocket applications**: Increase `keepalive_timeout` for persistent connections
:::

### Client Request Settings

Control how the balancer handles incoming requests:

| Setting | Default | Range | Parameter |
| --- | --- | --- | --- |
| Timeout for receiving client request header | 10s | 1s-300s | client_header_timeout |
| Timeout for receiving client request body | 10s | 1s-300s | client_body_timeout |
| Maximum allowed size of client request body | 512m | 1k-2048m | client_max_body_size |
| Reset connections that have timed out | on | on/off | reset_timedout_connection |
| Timeout for transmitting response to client | 2s | 1s-300s | send_timeout |

:::tip Recommendations
- **File upload services**: Increase `client_body_timeout` and `client_max_body_size` to accommodate large files
- **Slow clients**: Increase header and body timeouts
- **API endpoints**: Set `client_max_body_size` according to your API payload requirements
:::

### Buffer Settings

Optimize memory usage for request and response handling:

| Setting | Default | Range | Parameter |
| --- | --- | --- | --- |
| Size of buffer for client request header | 1k | 1k-64k | client_header_buffer_size |
| Number of buffers for large client headers | 4 | 1-16 | large_client_header_buffers_number |
| Size of buffers for large client headers | 8k | 1k-64k | large_client_header_buffers_size |
| Size of buffer for client request body | 16k | 1k-1m | client_body_buffer_size |

:::tip Recommendations
- **Large headers**: Increase header buffer sizes for applications with extensive headers
- **File uploads**: Optimize `client_body_buffer_size` based on typical upload sizes
- **Memory optimization**: Tune based on available memory and connection patterns
:::

### Proxy Settings

Configure how the balancer communicates with backend services:

| Setting | Parameter | Default | Range |
| --- | --- | --- | --- |
| Enable buffering of client request body | proxy_request_buffering | off | on/off |
| Enable buffering of responses from proxied server | proxy_buffering | on | on/off |
| Size of the buffer used for reading the first part of the response | proxy_buffer_size | 32k | 1k-256k |
| Number of buffers used for reading a response from the proxied server | proxy_buffers_number | 4 | 1-16 |
| Size of buffers for reading a response from the proxied server | proxy_buffers_size | 256k | 1k-1m |
| Size of buffers that can be busy sending response to the client | proxy_busy_buffers_size | 256k | 1k-1m |

:::tip Recommendations
- **Real-time APIs**: Set `proxy_buffering` to off for lower latency
- **Large responses**: Increase `proxy_buffer_size` for handling larger API responses
- **Multimedia streaming**: Increase `proxy_buffers_size` and `proxy_buffers_number` for larger content
:::

### Performance Optimization

Enable various performance enhancements:

| Setting | Default | Range | Parameter |
| --- | --- | --- | --- |
| Use sendfile() for file transfers | on | on/off | sendfile |
| Enable TCP_NOPUSH socket option | on | on/off | tcp_nopush |
| Enable TCP_NODELAY socket option | on | on/off | tcp_nodelay |
| Enable gzip compression | on | on/off | gzip |
| Rate limit for response transmission (0 = no limit) | 0 | 0-1000m | limit_rate |

:::tip Recommendations
- **File serving**: Ensure `sendfile` and `tcp_nopush` are enabled for static content
- **Real-time applications**: Verify `tcp_nodelay` is enabled
- **Bandwidth control**: Use `limit_rate` for traffic shaping
- **Multimedia streaming**: Enable `sendfile` and `tcp_nopush` for optimal streaming performance
:::

### File Cache Settings

Optimize file system operations:

| Setting | Default | Range | Parameter |
| --- | --- | --- | --- |
| Cache open file descriptors | on | on/off | open_file_cache |
| Maximum number of elements in file cache | 200000 | 1000-1000000 | open_file_cache_max |
| Time after which unused cache elements are removed | 20s | 1s-300s | open_file_cache_inactive |
| Time interval for checking cached elements validity | 30s | 1s-300s | open_file_cache_valid |
| Minimum file uses to remain in cache | 2 | 1-100 | open_file_cache_min_uses |
| Cache file lookup errors | on | on/off | open_file_cache_errors |

:::tip Recommendations
- **Static file serving**: Increase cache size and adjust timeouts
- **Development**: Reduce validation timeout for faster file updates
- **High I/O applications**: Optimize based on file access patterns
:::

### Security Settings

Configure security-related options:

| Setting | Default | Parameter |
| --- | --- | --- |
| Emit nginx version in error messages and headers | off | server_tokens |

**Best Practice:** Keep `server_tokens` disabled to avoid revealing server information.

## Advanced Routing Features

The L7 HTTP Balancer supports sophisticated routing beyond basic domain mapping.

Access the advanced location configuration through your project's HTTP Balancer section → click the **gear/settings icon** next to any domain location to open the **Advanced Location Configuration** dialog.

### Redirect Configuration

Redirect requests to different URLs with full control:

**Configuration Options:**
- **Redirect URL**: Destination for redirected requests
- **Redirect Code**: HTTP status code for redirection (e.g., 301, 302, 307, 308)
- **Preserve Path**: Keep original path in redirect URL
- **Preserve Query**: Keep original query parameters in redirect URL

### Access Policy Configuration

Implement IP-based access control. If the request fails the check, a 403 Forbidden error is returned:

**Policy Types:**
- **Default Policy**: `allow` or `deny`
- **CIDR Blocks**: List of IP addresses/ranges that will have the opposite policy than the default

**Supported Formats:**
- IPv4 address: `192.168.1.1`
- IPv4 range: `192.168.1.0/24`
- IPv6 address: `2001:db8::1`
- IPv6 range: `2001:db8::/32`

### Rate Limiting Configuration

Protect against abuse and ensure fair resource usage. When the rate limit is exceeded, requests are delayed (burst). If they cannot be processed in time, a 503 Service Temporarily Unavailable error is returned:

**Configuration Parameters:**
- **Rate Limit Key**: `binary_remote_addr` (per IP) or `server_name` (per domain)
- **Rate**: Requests per second to allow
- **Burst**: Number of requests to queue when rate exceeded
- **Zone Name**: Memory zone for storing rate limiting state
- **Zone Size**: Memory allocated for rate limiting data (in MB)

### Basic Authentication

Add HTTP Basic Authentication to protected resources:

**Configuration:**
- **Realm**: Authentication realm name
- **Users**: Username and password combinations

### Custom Content Responses

Return custom content for specific conditions:

**Configuration:**
- **HTTP Status Code**: Any valid status code (200, 404, 503, etc.)
- **Content**: Response body content
- **Content Type**: MIME type (default: text/plain)

*Need help? Join our [Discord community](https://discord.gg/zeropsio).*