Skip to main content
Nginx is a popular choice for building custom reverse proxies on Aptible. When you deploy Nginx as an App on the platform, you are responsible for its configuration and maintenance. This guide helps you avoid a common pitfall when configuring your Nginx app to route requests to Aptible Endpoints using a proxy_pass directive.

The problem: DNS caching in Nginx

By default, Nginx caches the IP addresses of upstream servers indefinitely and ignores DNS TTLs. Aptible Endpoints use AWS load balancers, which periodically change IP addresses. This mismatch causes Nginx to eventually route traffic to stale IPs. Avoid this configuration pattern: 
location / {
    proxy_pass https://hostname-of-an-endpoint;
}

The solution: Configure the resolver directive

Configure the resolver directive to dynamically resolve upstream servers. Though any public DNS server could be used here (such as Google or Cloudflare), we recommend using the AWS VPC DNS Resolver 169.254.169.253 with a short TTL to ensure Nginx resolves DNS regularly (in the example below we use 60 seconds). 
resolver 169.254.169.253 valid=60s;
set $upstream_endpoint https://hostname-of-an-endpoint;

location / {
    proxy_pass $upstream_endpoint;
}
The AWS VPC DNS Resolver (169.254.169.253) has some reasonable capacity limits, metered in packets per second per network interface. In typical use, it is very unlikely for a typical deployment to reach this limit. In the rare case that you’re seeing persistent DNS resolution issues while using the AWS VPC DNS Resolver, please reach out to the Aptible Support team.