@netblues Hi, following up on this, below is a small and crude (sorry...) script for setting up a basic UDP LB with Nginx on-board pfSense. This script assumes that the directory /root/NGINX exists, and you have your custom nginx.conf file in it.
#!/bin/sh
if [ -f /usr/local/etc/rc.d/nginx ]
then
echo "Backup and rename nginx service"
cp /usr/local/etc/rc.d/nginx /root/NGINX/nginx-dist
mv /usr/local/etc/rc.d/nginx /usr/local/etc/rc.d/nginx.sh
cp /usr/local/etc/nginx/nginx.conf-dist /root/NGINX/nginx.conf-dist
echo 'nginx_enable="YES"' >> /etc/rc.conf.local
fi
echo "Update nginx config"
cp /root/NGINX/nginx.conf /usr/local/etc/nginx/nginx.conf
echo "Restart nginx"
service nginx.sh restart
...and this is the diff between the default nginx.conf and my custom one, which balances two AWS instances (addresses intentionally changed):
[2.4.4-RELEASE][ec2-user@MY-pfSense.localdomain]/home/ec2-user: diff /usr/local/etc/nginx/nginx.conf-dist /usr/local/etc/nginx/nginx.conf
0a1
> load_module /usr/local/libexec/nginx/ngx_stream_module.so;
15a17
> user root wheel;
122a125,142
>
> stream {
>
> upstream lb_instances {
> server 1.1.1.17:1234;
> server 1.1.1.147:1234;
> server 1.1.1.140:1234;
> }
>
> server {
> listen 2.2.2.1:5678 udp;
> proxy_pass lb_instances;
> proxy_bind $remote_addr:$remote_port transparent;
> proxy_responses 0;
> }
> }
>
It seems that the failover feature is an Nginx+ feature, which requires a paid subscription.
Thanks a lot for your help!
Erez