load-balancer
Configure and optimize load balancers and reverse proxies using Nginx, HAProxy, and cloud ALBs. Use when someone asks to "set up load balancing", "configure Nginx reverse proxy", "set up HAProxy", "add SSL termination", "configure health checks", "proxy WebSocket connections", "rate limit traffic", or "set up failover". Covers L4/L7 balancing, SSL, rate limiting, caching, WebSocket proxying, and health checks.
Best use case
load-balancer is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Configure and optimize load balancers and reverse proxies using Nginx, HAProxy, and cloud ALBs. Use when someone asks to "set up load balancing", "configure Nginx reverse proxy", "set up HAProxy", "add SSL termination", "configure health checks", "proxy WebSocket connections", "rate limit traffic", or "set up failover". Covers L4/L7 balancing, SSL, rate limiting, caching, WebSocket proxying, and health checks.
Teams using load-balancer should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/load-balancer/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How load-balancer Compares
| Feature / Agent | load-balancer | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Configure and optimize load balancers and reverse proxies using Nginx, HAProxy, and cloud ALBs. Use when someone asks to "set up load balancing", "configure Nginx reverse proxy", "set up HAProxy", "add SSL termination", "configure health checks", "proxy WebSocket connections", "rate limit traffic", or "set up failover". Covers L4/L7 balancing, SSL, rate limiting, caching, WebSocket proxying, and health checks.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Load Balancer
## Overview
This skill helps AI agents configure production-grade load balancers and reverse proxies. It covers Nginx and HAProxy setup, SSL termination, rate limiting, WebSocket proxying, health checks, and traffic routing strategies for web applications and APIs.
## Instructions
### Step 1: Choose Architecture
Determine the right setup based on requirements:
- **Single service, HTTPS needed** → Nginx reverse proxy with SSL
- **Multiple backends, different routing rules** → Nginx with upstream groups or HAProxy with ACLs
- **TCP/UDP traffic (databases, Redis)** → Nginx stream module or HAProxy TCP mode
- **Need advanced health checks, circuit breaking** → HAProxy (more powerful health check DSL)
- **Kubernetes** → Ingress controller (nginx-ingress or Traefik)
### Step 2: Configure Nginx Reverse Proxy
Basic reverse proxy with load balancing:
```nginx
# /etc/nginx/nginx.conf
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
events {
worker_connections 4096;
multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
server_tokens off;
# Logging with upstream timing
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" $request_time $upstream_response_time';
# Gzip compression
gzip on;
gzip_vary on;
gzip_min_length 1024;
gzip_types text/plain text/css application/json application/javascript
text/xml application/xml image/svg+xml;
# Rate limiting zones
limit_req_zone $binary_remote_addr zone=api:10m rate=30r/s;
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
# Upstream backends
upstream app_servers {
least_conn;
keepalive 32;
server app1:8080 weight=3 max_fails=3 fail_timeout=30s;
server app2:8080 weight=3 max_fails=3 fail_timeout=30s;
server app3:8080 backup;
}
upstream websocket_servers {
ip_hash;
server ws1:8080;
server ws2:8080;
}
# Cache for static assets
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=static_cache:10m
max_size=1g inactive=60m use_temp_path=off;
include /etc/nginx/conf.d/*.conf;
}
```
### Step 3: Configure HTTPS and Security
```nginx
# /etc/nginx/conf.d/app.conf
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
# Security headers
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains" always;
add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
# Static files with caching
location /static/ {
alias /var/www/static/;
expires 1y;
add_header Cache-Control "public, immutable";
proxy_cache static_cache;
}
# API with rate limiting
location /api/ {
limit_req zone=api burst=20 nodelay;
proxy_pass http://app_servers;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Connection "";
proxy_connect_timeout 5s;
proxy_read_timeout 30s;
proxy_next_upstream error timeout http_502 http_503;
proxy_next_upstream_tries 2;
}
# Auth — strict rate limit
location /api/auth/login {
limit_req zone=login burst=3 nodelay;
proxy_pass http://app_servers;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
# WebSocket
location /ws/ {
proxy_pass http://websocket_servers;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_read_timeout 3600s;
}
# Default
location / {
proxy_pass http://app_servers;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# Block attack paths
location ~ /\.(git|env|htaccess) {
deny all;
return 404;
}
}
```
### Step 4: Configure HAProxy (Alternative)
Use HAProxy when you need advanced health checks, stick tables for rate limiting, or a stats dashboard:
```haproxy
# /etc/haproxy/haproxy.cfg
global
maxconn 50000
log stdout format raw local0
stats socket /var/run/haproxy.sock mode 660 level admin
ssl-default-bind-options ssl-min-ver TLSv1.2
defaults
mode http
log global
option httplog
option dontlognull
option forwardfor
timeout connect 5s
timeout client 30s
timeout server 30s
timeout http-request 10s
frontend stats
bind *:8404
stats enable
stats uri /stats
stats refresh 10s
frontend https_front
bind *:443 ssl crt /etc/haproxy/certs/example.com.pem alpn h2,http/1.1
http-request set-header X-Forwarded-Proto https
# ACL-based routing
acl is_api path_beg /api/
acl is_websocket hdr(Upgrade) -i websocket
acl is_static path_beg /static/ /assets/
# Rate limiting with stick tables
stick-table type ip size 100k expire 30s store http_req_rate(10s)
http-request track-sc0 src
http-request deny deny_status 429 if { sc_http_req_rate(0) gt 100 }
use_backend ws_servers if is_websocket
use_backend api_servers if is_api
default_backend app_servers
backend app_servers
balance leastconn
option httpchk GET /health
http-check expect status 200
cookie SERVERID insert indirect nocache
server app1 app1:8080 check inter 5s fall 3 rise 2 cookie app1
server app2 app2:8080 check inter 5s fall 3 rise 2 cookie app2
server app3 app3:8080 check inter 5s fall 3 rise 2 backup
backend api_servers
balance leastconn
option httpchk GET /api/health
default-server inter 3s fall 3 rise 2 slowstart 60s
retry-on conn-failure empty-response response-timeout
retries 2
server api1 api1:3000 check
server api2 api2:3000 check
backend ws_servers
balance source
timeout tunnel 3600s
server ws1 ws1:8080 check
server ws2 ws2:8080 check
```
### Step 5: Set Up SSL with Let's Encrypt
Install certbot (`apt install certbot python3-certbot-nginx`), run `certbot --nginx -d example.com`, and add a cron for auto-renewal: `0 3 * * * certbot renew --quiet --post-hook 'nginx -s reload'`.
### Step 6: TCP/UDP Load Balancing and Algorithms
For databases or Redis, use the Nginx `stream` block (outside `http`) with `proxy_pass` to upstream groups. Choose algorithms based on workload:
- **round-robin** (default) — Equal distribution for stateless servers
- **least_conn** — Fewest active connections, best for variable request durations
- **ip_hash** — Sticky sessions by client IP for in-memory sessions
- **hash $key consistent** — Minimizes redistribution when servers change (good for caches)
Health checks: Nginx uses passive checks (`max_fails=3 fail_timeout=30s`), while HAProxy uses active probes (`option httpchk GET /health` with `inter 5s fall 3 rise 2`).
## Examples
### Example 1: Set up Nginx reverse proxy with SSL for a Node.js app
**User prompt:** "Configure Nginx as a reverse proxy for my Node.js API running on ports 3000 and 3001 on two servers. Add SSL with Let's Encrypt for api.shopwise.io, rate limit the /api/auth endpoints to 5 requests per minute, and proxy WebSocket connections on /ws/."
The agent will create an Nginx config with an `upstream api_backends` block using `least_conn` balancing across both servers. It will set up a server block listening on 443 with SSL certificates from Let's Encrypt, configure `proxy_pass` to the upstream with proper `X-Real-IP` and `X-Forwarded-For` headers, add a `limit_req_zone` for auth endpoints at 5r/m with burst of 3, and configure the `/ws/` location with `proxy_set_header Upgrade` and `Connection "upgrade"` for WebSocket support. It will also add an HTTP-to-HTTPS redirect on port 80 and install a certbot renewal cron job.
### Example 2: Configure HAProxy with health checks and a stats dashboard
**User prompt:** "Set up HAProxy to load balance three backend servers for our e-commerce site at store.greenleaf.com. I need active health checks hitting /health every 5 seconds, sticky sessions for the cart, and access to the HAProxy stats page on port 8404."
The agent will write an HAProxy config with a `frontend https_front` bound to port 443 with SSL, routing to a `backend app_servers` using `leastconn` balancing. It will add `option httpchk GET /health` with `http-check expect status 200` and configure each server with `check inter 5s fall 3 rise 2`. For sticky sessions, it will add `cookie SERVERID insert indirect nocache` and assign cookie values to each server. The stats frontend will bind to port 8404 with `stats enable`, `stats uri /stats`, and `stats refresh 10s`.
## Guidelines
- Terminate SSL at the load balancer — simpler cert management, offloads crypto from backends
- Always set `X-Real-IP` and `X-Forwarded-For` headers — backends need real client IPs
- Use `least_conn` for APIs with variable response times
- Configure `proxy_next_upstream` for transparent failover on 502/503
- Use keepalive connections to backends (`keepalive 32`) to reduce TCP overhead
- Rate limit auth endpoints much more aggressively than general API endpoints
- Log `$upstream_response_time` separately from `$request_time` to isolate backend vs network latency
- Health check endpoints should test real dependencies (DB, cache), not just return 200Related Skills
uploadthing
Handle file uploads in TypeScript apps with UploadThing. Use when a user asks to implement file uploads, handle image uploads in Next.js, add drag and drop file upload, or integrate S3-backed file storage without managing infrastructure.
payload-cms
Assists with building content management systems using Payload CMS with a code-first approach. Use when defining collections in TypeScript, configuring access control, customizing the admin panel, or integrating with Next.js. Trigger words: payload, payload cms, headless cms, collections, admin panel, content management, payload fields.
opendataloader-pdf
Parse PDFs into AI-ready structured data — extract text, tables, images, and metadata with high accuracy. Use when: processing PDF documents for RAG, extracting data from invoices/contracts, building document processing pipelines.
file-upload-processor
When the user needs to build file upload functionality for a web application. Use when the user mentions "file upload," "image upload," "upload endpoint," "multipart upload," "presigned URL," "S3 upload," "file validation," "upload to cloud storage," or "accept user files." Handles upload endpoints, file validation (type, size, magic bytes), cloud storage integration, and upload status tracking. For image/video processing after upload, see media-transcoder.
api-load-tester
Generates and executes load test scripts for APIs using k6, wrk, or autocannon. Creates realistic test scenarios from OpenAPI specs, route files, or endpoint descriptions. Use when someone needs to load test, stress test, benchmark, or find the breaking point of their API. Trigger words: load test, stress test, benchmark, RPS, concurrent users, breaking point, performance test, k6, wrk.
zustand
You are an expert in Zustand, the small, fast, and scalable state management library for React. You help developers manage global state without boilerplate using Zustand's hook-based stores, selectors for performance, middleware (persist, devtools, immer), computed values, and async actions — replacing Redux complexity with a simple, un-opinionated API in under 1KB.
zoho
Integrate and automate Zoho products. Use when a user asks to work with Zoho CRM, Zoho Books, Zoho Desk, Zoho Projects, Zoho Mail, or Zoho Creator, build custom integrations via Zoho APIs, automate workflows with Deluge scripting, sync data between Zoho apps and external systems, manage leads and deals, automate invoicing, build custom Zoho Creator apps, set up webhooks, or manage Zoho organization settings. Covers Zoho CRM, Books, Desk, Projects, Creator, and cross-product integrations.
zod
You are an expert in Zod, the TypeScript-first schema declaration and validation library. You help developers define schemas that validate data at runtime AND infer TypeScript types at compile time — eliminating the need to write types and validators separately. Used for API input validation, form validation, environment variables, config files, and any data boundary.
zipkin
Deploy and configure Zipkin for distributed tracing and request flow visualization. Use when a user needs to set up trace collection, instrument Java/Spring or other services with Zipkin, analyze service dependencies, or configure storage backends for trace data.
zig
Expert guidance for Zig, the systems programming language focused on performance, safety, and readability. Helps developers write high-performance code with compile-time evaluation, seamless C interop, no hidden control flow, and no garbage collector. Zig is used for game engines, operating systems, networking, and as a C/C++ replacement.
zed
Expert guidance for Zed, the high-performance code editor built in Rust with native collaboration, AI integration, and GPU-accelerated rendering. Helps developers configure Zed, create custom extensions, set up collaborative editing sessions, and integrate AI assistants for productive coding.
zeabur
Expert guidance for Zeabur, the cloud deployment platform that auto-detects frameworks, builds and deploys applications with zero configuration, and provides managed services like databases and message queues. Helps developers deploy full-stack applications with automatic scaling and one-click marketplace services.