Recommendations on using nginx as SSL proxy for everything
robm at fastmail.fm
Thu Sep 4 16:00:14 MSD 2008
> Is there any recommendation on using Nginx as a SSL accelerator for
> all 4 protocols ( http, smtp, imap/pop). Or if any one is doing this
> already, can you share the experience on hardware / os configuration and
> what kind of loading you are doing today.
We run it for http, imap & pop (not smtp). Partly due to legacy reasons, we
run separate http and imap/pop instances but this still seems reasonable to
allow starting/stopping of them separately.
We're using linux and two oldish (>2 years, netburst xeon) machines as
frontends. We use DNS load balancing between them, and heartbeat to takeover
an IP if one machine dies.
Performance is great. Machines also do a bunch of other things, and
generally only see 10-20% CPU usage. Each machine has about 7000 IMAP SSL +
3500 regular IMAP connections alive but has no problem taking double that
when one machine is taken down.
You might want to look into tuning these variables.
More information about the nginx