Performance of Nginx as reverse proxy for Hasura - 7-50x slow

[Reinis Rozitis]

> Keep alive works for other REST services, but not working for Hasura. (Keep-Alive requests:    0 Vs Keep-Alive requests:    200 for other services). Is Keep-Alive anything to do with the response headers of Hasura or its POST request?

It could be that the service/backend doesn't support (or doesn't want to hence the header) keepalive connections. You might be better of asking Hasura support directly (I'm not familiar with the product/service).


> But, even with keep-alive, usual performance of http vs https through nginx is around 50-100 times slow for any services. 

That is somewhat expected- depending on the protocol/ciphers and server resources the ssl/tls handshake (for every request) can take a significant time.

Here you can see some official tests (a bit dated but you'll get the picture) done by nginx team themselves https://www.nginx.com/blog/testing-the-performance-of-nginx-and-nginx-plus-web-servers/ 

One additional thing to check for the benchmarks is what cipher is 'ab' actually using. You might get more precise (or better) results if you specify it with '-Z ciphersuite' (can be obtained from 'openssl ciphers'). Some ciphers require (significantly) more cpu resources which can result in a slower network throughput.

 
> Are there any optimization approaches for the same? TIA

In general the default configuration values for ssl/tls in nginx are a middle ground - as in those work for majority. 
If your goal is to reduce latency/TTFB you might read https://blog.cloudflare.com/optimizing-tls-over-tcp-to-reduce-latency/ - there are custom patches which introduce some tuning options. Also other ssl offloaders like Haproxy might be better solution for this task.

Another approach could be getting the nginx commercial support.

rr