Setting up the NetScaler CPX load balancing on a Ubuntu Docker host with Nginx

After being a unicorn for some time, Citrix did finally release the Docker based NetScaler called CPX!
NOTE: CPX can be downloaded from here –> If you have the proper Citrix Partner access.

But as of now the CPX can be used in two ways, either be deployed on a Ubuntu host using Docker or using the NetScaler Management and Analytics integration with Mesos and be provisioned from there.

So as of now the requirements are

  • 1 CPU
  • 2 GB RAM
  • Linux Ubuntu version 14.04 and later

So the easiest way is to download Ubuntu server from ( needs to be 64-bit!!

(I’m not going to cover how to install an Ubuntu server, but show the steps that are needed in order to set it up as an docker host, and note I’m using Ubuntu version 14.04, and it must have internet access in some way, either using a proxy or a direct connection in order to download the required files.

The simplest way is to set it up using an SSH server, which makes it easier to work with it from a remote session
sudo apt-get install openssh

Then we need to add a couple of requirements to the Ubuntu host in order to install Docker

sudo apt-get update

sudo apt-get install apt-transport-https ca-certificates

sudo apt-key adv –keyserver hkp:// –recv-keys 58118E89F3A912897C070ADBF76221572C52609D

Add a new repository

sudo vi /etc/apt/sources.list.d/docker.list

Add the following

deb ubuntu-trusty main

apt-get install apparmor

Then you need to install the docker-engine

sudo apt-get install docker-engine

sudo service docker start

Then to verify that docker is running use the command

sudo docker run hello-world


So now we can run the sudo docker command and we can see which attributes it can support, we can also run the sudo docker images to see which container images are available on the host.


After that we have to extract the CPX from the tar file

tar -xvzf cpx-

Then change directory to the CPX folder

Then run the make command from within the directory (NOTE: You need to have make installed which can be installed using apt-get install make) This creates an docker image based upon the attributes in the makefile. After it is complete you can view the CPX image by using the command

NOTE: This might take some time and requires additional components to configure properly, it will also download the ubuntu docker image

sudo docker images


Now let’s create a container from the CPX image

sudo docker run -dt -p 22 -p 80 -p 161/udp –ulimit core=-1 –privileged=true cpx:

If you run the sudo docker ps you will see the container running


Now that we can see that the CPX is running as it should, we can now enter is using SSH. Notice the port (Which is used for SSH server), this will be used to open an SSH session to that particular Container

ssh -p 32769 [email protected] (The default administrator credentials to log on to a NetScaler CPX instance are root/linux.)

Now since the CPX is not an ordinary NetScaler we have to wrap commands using a bash script. So for instance if we want to use the show ns config command we have to run it using the “show ns config”


And note: CPX can only be configured using CLI or using Nitro API or using the NetScaler Management and analysis virtual appliance.

So to setup a sample load balancing containers we have a sample container running nginx in the backend on its seperate container. In order to do that we need to have nginx docker image downloaded, which can be setup using this command from the ubuntu host –>

sudo docker pull nginx


Then we are going to setup a docker container from the nginx image

sudo docker run –name docker-nginx -p 80:80 nginx (This is going to expose the port 80 on the ubuntu host to port 80 on the container.

Open up a web browser to see that the nginx session is running. (Note we started the process interactivly therefore you will not see anything in the console)


But by using the command with –d attribute you can run it in the background.

sudo docker run –name docker-nginx -p 80:80 -d nginx

Okay, so now we have the container running externally on port 80. So let us setup a load balancing vServer which will map externally on the ubuntu host to port 81. In order to setup a load balacer we need first to get IP address of the container, the nginx container image does not have ssh so the simplest way is to use the

sudo docker exec -it containerid ip addr (command)


Now that we now the IP address of the container (Which is We can now configure the CPX load balancing parameters. “add service db1 HTTP 80” “add lb vserver cpx-vip HTTP 81” “bind lb vserver cpx-vip db1”



Notice also that this vServer is now exposed using port 81, but that is on the network which the docker bridge is on. So the simplest way is to add another NAT rule to the IPtables which will redirect the traffic to that container port

iptables -t nat -A PREROUTING -p tcp -m addrtype –dst-type LOCAL -m tcp –dport 50000 -j DNAT –to-destination

And eureka!


So did you lose overview? The simplest way is to show it in a visio drawning


I spun up a container on the nginx image which I mapped externally on port 80. Then I setup a CPX added a load balancing vserver which reponds on port 81. Since the CPX did not have port 81 mapped in the docker setup I needed to add an IP tables rule which mapped the virtual server port 81 externally to port 50000. So when I opened up the browser against the external IP on port 50000 I then get the web frontend from the Nginx server via the NetScaler CPX

Leave a Reply

Scroll to Top