How to Configure nginx for Dynamic IPs
Takahiro Iwasa
2 min read
ELB
When using AWS Elastic Load Balancer (ELB) or similar services that resolve to dynamic IP addresses, it’s crucial to properly configure nginx to manage DNS cache. Failing to address this can lead to issues as nginx may continue using outdated IPs.
Why DNS Cache Matters
Elastic Load Balancers often return different IP addresses for the same DNS name, making DNS caching problematic. By default, nginx caches DNS resolutions indefinitely, which can cause it to direct traffic to stale IPs.
The following nginx.conf demonstrates a standard setup that does not account for DNS caching. This configuration will fail when the ELB changes its IP addresses.
location / { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://internal-xxx-alb-1234567890.ap-northeast-1.elb.amazonaws.com;}Adjusting nginx Configuration to Shorten DNS Cache TTL
To address this, you can explicitly define a DNS resolver with a shortened cache TTL.
location / { # Added to shorten cache TTL resolver 192.168.0.2 valid=60s; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://internal-xxx-alb-1234567890.ap-northeast-1.elb.amazonaws.com;}resolver:- Specifies the DNS server.
- The IP address of the DNS server for each VPC is the base of the VPC network range plus two (e.g.,
192.168.0.2). - Please refer to the official documentation.
valid=60s:- Limits the TTL of cached DNS responses to 60 seconds, ensuring nginx frequently resolves fresh IPs.
