<div dir="ltr">Do you see a large ttfb on a static html page ? , if an upstream like proxy/fastcgi is involved and they are slow to respond the ttfb also will be high<div><br></div><div>17K open/TIME_WAIT -- investigate this as this dont seem normal<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Aug 7, 2019 at 3:46 PM neomaq <<a href="mailto:nginx-forum@forum.nginx.org">nginx-forum@forum.nginx.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello<br>
there is a problem:<br>
slow connection to nginx server<br>
<br>
telnet server 443<br>
1-8 random sec before TTFB<br>
<br>
all possible network stack tunings are applied, similar problems are not<br>
observed on other(non nginx) ports<br>
<br>
32 vCPU Intel(R) Xeon(R) CPU E5-2630 v4 <br>
96 GB RAM<br>
avg CPU load -20%<br>
1 GB network (tested on local internal network)<br>
<br>
there are over 1400 virtual hosts with SSL<br>
the problem is observed during busy hours<br>
<br>
nginx:<br>
user www-data;<br>
worker_processes 64;<br>
pid /run/nginx.pid;<br>
worker_rlimit_nofile 16384;<br>
events {<br>
use epoll;<br>
worker_connections 16384;<br>
multi_accept on;}<br>
http {<br>
sendfile on;<br>
tcp_nopush on;<br>
tcp_nodelay on;<br>
keepalive_timeout 65;<br>
types_hash_max_size 2048;<br>
server_names_hash_max_size 524280;<br>
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE<br>
ssl_prefer_server_ciphers on;<br>
}<br>
----------------------------------------<br>
there are 5-15K ESTANLISHED connections and over 17K open/TIME_WAIT ports<br>
<br>
What can be done to reduce the connection time to the server?<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,285142,285142#msg-285142" rel="noreferrer" target="_blank">https://forum.nginx.org/read.php?2,285142,285142#msg-285142</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div><b>Anoop P Alias</b> <div><br></div></div></div></div>