I created an Elasticsearch Cluster with 3 Elasticsearch nodes. All nodes are of type master.
They are configured to maintain high availability, one node receives data and replicates it to the other two.
For load balancing I use NGINX, with the configuration below:
## Custom certificate
ssl_certificate /etc/ssl/myapp/nginx-elk.crt;
ssl_certificate_key /etc/ssl/myapp/nginx-elk.key;
upstream elk {
server 192.168.0.33:9200;
server 192.168.0.34:9200;
server 192.168.0.35:9200;
}
server {
listen 443 ssl;
server_name 192.165.1.1; //Public Internet IP
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
location / {
proxy_pass https://elk;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/elk.myapp.com-access.log proxylog;
}
My NGINX server has this Keep Alive setting in nginx.conf
events {
worker_connections 50000;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
client_max_body_size 100M;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
Do I have to do some other configuration to guarantee performance on access?
I use the VMs local IP to query the ELK and not the public IP. I only use the public IP via the internet in some cases.