Making NGINX Reverse Proxy and TURN Highly Available

Here we advertise a virtual IP to web users (more likely a DNS record resolving to it). Installing keepalived on the RPs allows for one RP to be configured as a master while a second RP is waiting to step up in the event that the master fails. When the master comes back to life again, it will resume it’s role as the master.

Start by installing our Pexip RP OVA. In this example I have installed it twice, once as the master and then as the backup. Topology above.
Install the RPs as you normally would. Configure them identically ( accept for the IP address obviously). The following steps must be carried out on both RPs.
Update the package versions:
sudo apt-get update


Add rules in iptables to allow the virtual router redundancy protocol (


sudo iptables -I INPUT -d -j ACCEPT
sudo iptables -I INPUT -p vrrp -j ACCEPT


Now save and activate the new rules:
sudo service iptables-persistent save


Tell the OS that it can bind the virtual IP:
sudo nano /etc/sysctl.conf


Add the following line to the bottom of the file then save:
net.ipv4.ip_nonlocal_bind = 1


Activate the change:
sudo sysctl -p


Install the keepalived daemon:
sudo apt-get install keepalived


Create a new file called /etc/keepalived/keepalived.conf:
sudo nano /etc/keepalived/keepalived.conf
Add the following and save the file:
vrrp_script chk_nginx {
        script "killall -0 nginx"
        interval 2
        weight 2

vrrp_instance VI_1 {
        interface eth0
        state MASTER
        virtual_router_id 1
        priority 100                    # 101 on master, 100 on backup
        virtual_ipaddress {
             # this is the shared virtual IP address


Start keepalived:
sudo service keepalived start


For TURN, configure the /etc/turnserver.conf file the same way for both the master and the slave. Example for a TURN server has an internal ip and a NATed public IP:


Internal IP:

# Config generated by Pexip RP
You’re done. Note that is the active TURN server goes down while it is relaying media, the users will get a frozen image and audio will stop. When they dial back in, their media will be handled by the active TURN server.



Check to see that on the master RP you have the virtual IP hosted. Type: ip addr sh eth0 | grep ‘inet ‘
The output should show the local IP and the virtual one.


inet brd scope global eth0
inet scope global eth0


Do the same on the backup:

ip addr sh eth0 | grep 'inet'

The output should only show the local IP.
inet brd scope global eth0


Manual failover:
Stop nginx on the master. Type:

sudo service nginx stop

Now verify that the virtual IP is active on the backup. Type:

ip addr sh eth0 | grep 'inet'

Now you should see that the virtual IP has moved from the master RP to the backup:

inet brd scope global eth0
inet scope global eth0

If you start the nginx service back up on the master, then virtual IP will be moved back to the master. Type:

sudo service nginx start


One thought on “Making NGINX Reverse Proxy and TURN Highly Available

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s