Transforming SSL server cert and private key in variables.
mat999 at gmail.com
Fri Feb 1 14:09:56 UTC 2013
On a side note, a good feature for nginx would be a small SHM zone for
storing SSL certificates cross reload (paired with a filemtime value) to
speed up reloads.
I run alot of SSL certificates myself (not using SNI but unique IPs) around
300 per node (and 7 nodes refreshed up to every minute) and have noticed
the decent CPU percentage.
On Sat, Feb 2, 2013 at 12:22 AM, António P. P. Almeida <appa at perusio.net>wrote:
> On 22 Jan 2013 14h34 CET, mdounin at mdounin.ru wrote:
> Hello Maxim,
> I made some tests and definitely we cannot use in our product, it
> takes too much time and resources.
> Tested on an EC m1.medium instance.
> 5001,01.Feb.2013 00:18:33,/usr/sbin/nginx -s
> 10001,01.Feb.2013 00:19:32,/usr/sbin/nginx -s
> 20001,01.Feb.2013 00:20:23,/usr/sbin/nginx -s
> 50001,01.Feb.2013 00:22:02,/usr/sbin/nginx -s
> As you can see 50k hosts take more than one minute. That would be
> acceptable if it weren't for the fact that it uses up a lot of CPU and
> memory. Parsing the config seems to be the culprit here.
> These where simple server blocks with self-signed certs just for
> It would be awesome if there was some sort of compilation process for
> the config parsing. It's too costly. Let's say you have a machine with
> 50k hosts, now you add another one and the machine gets a beating just
> for adding this one.
> Any comments on my test approach?
> --- appa
> nginx-devel mailing list
> nginx-devel at nginx.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx-devel