radius_health
The `radius_health` directive configures health check requests to a RADIUS server in NGINX.
Description
The radius_health directive is used within the NGINX configuration context to define parameters for health check requests to a specified RADIUS server. By using this directive, administrators can specify credentials — username and password — to authenticate the health check against the RADIUS server, ensuring that the server is operational and able to process requests. This helps maintain high availability and reliability in environments relying on RADIUS for authentication.
In the implementation, the radius_health directive allows configuration through the syntax radius_health ["user"] ["passwd"];, where 'user' is the username and 'passwd' is the password used during the health check. It must be specified in the location context, and while it does not have a default value, it must be defined properly for effective health monitoring. The behavior of the health check is contingent on the settings of the associated radius_server directive, which controls timeout and retry policies as well.
By enabling health checks, if a RADIUS server fails to respond appropriately or is deemed unhealthy, NGINX can disconnect from it and redirect requests to other healthy RADIUS servers, helping to ensure continued availability of authentication services. This directive is particularly useful in environments with multiple RADIUS servers, where automatic health monitoring can significantly enhance resilience and performance.
Config Example
location /auth {
radius_servers "radius_server_1";
radius_health ["testuser"] ["testpassword"];
auth_radius "Authentication Realm";
}Ensure that the username and password are correctly configured and match the RADIUS server settings.
The directive must be placed inside a location block; otherwise, it will not be effective.
If health checks are improperly set, they may lead to false positives or negatives, affecting the overall availability of services.