Configuring Load Balancers

Overview

Configure load balancers across AWS (ALB, NLB), GCP (HTTP(S) LB, TCP/UDP LB), Nginx, and HAProxy. Generate production-ready configurations with health checks, SSL/TLS termination, path-based and host-based routing, sticky sessions, rate limiting, and traffic distribution rules for high-availability deployments.

Prerequisites

Backend servers identified with IPs, DNS names, and ports
Load balancer type determined: L4 (NLB, HAProxy TCP) or L7 (ALB, Nginx, HAProxy HTTP)
SSL/TLS certificates available (ACM, Let's Encrypt, or self-signed) if using HTTPS
Health check endpoints defined on backend services (e.g., /health returning 200)
Cloud provider CLI installed for managed load balancers (aws, gcloud)

Instructions

Select load balancer type based on requirements: ALB for HTTP/HTTPS with path routing, NLB for TCP/UDP with static IPs, Nginx for on-prem reverse proxy, HAProxy for high-performance TCP/HTTP
Define the backend pool: list all backend server addresses, ports, and weights for weighted distribution
Configure health checks with appropriate interval (10-30s), timeout (5s), healthy threshold (3), and unhealthy threshold (2)
Set up SSL/TLS termination: configure certificates, redirect HTTP to HTTPS, set minimum TLS version to 1.2
Define routing rules: path-based routing (/api -> API pool, /static -> CDN), host-based routing (api.example.com -> API)
Enable session persistence (sticky sessions) using cookies or source IP affinity where needed for stateful applications
Add connection draining to gracefully handle backend removal during deployments
Configure logging and monitoring: access logs to S3/CloudWatch, request metrics, error rate dashboards
Test the configuration: validate syntax (nginx -t, HAProxy config check), verify traffic distribution, and confirm failover behavior

Output

Nginx configuration files (nginx.conf, site configs) with upstream blocks and server directives
HAProxy configuration (haproxy.cfg) with frontend/backend sections
Terraform HCL for AWS ALB/NLB with target groups, listeners, and rules
GCP load balancer Terraform with backend services, URL maps, and health checks
SSL certificate configuration and renewal automation

Error Handling

Error	Cause	Solution
`502 Bad Gateway`	Backend server unreachable or not responding	Verify backend IPs, ports, and firewall rules; check backend service health
`SSL certificate verify failed`	Certificate expired, wrong chain, or key mismatch	Verify certificate validity and chain with `openssl s_client`; regenerate if needed
`Target is unhealthy`	Health check endpoint returning non-200 or timing out	Verify health check path returns 200; increase timeout if backend is slow to respond
`nginx: configuration file test failed`	Syntax error in Nginx configuration	Run `nginx -t` to identify the specific error line; fix syntax and test again
`Session persistence not working`	Cookie-based stickiness misconfigured or client not sending cookies	Verify cookie name matches; use IP-based affinity as fallback for non-browser clients

Examples

"Configure an AWS ALB with HTTPS listener, path-based routing to two target groups (/api and /web), and health checks on /health."
"Generate an Nginx reverse proxy config with upstream servers, sticky sessions via cookie, and rate limiting at 100 req/s per IP."
"Create a HAProxy configuration for TCP load balancing across 4 database read replicas with health checks and connection draining."

Resources

Nginx load balancing: https://nginx.org/en/docs/http/load_balancing.html
HAProxy configuration: https://www.haproxy.org/download/2.8/doc/configuration.txt
AWS ALB: https://docs.aws.amazon.com/elasticloadbalancing/latest/application/
GCP Load Balancing: https://cloud.google.com/load-balancing/docs
See ${CLAUDE_SKILL_DIR}/references/errors.md for additional error handling patterns

configuring-load-balancers