Transforming SSL server cert and private key in variables.

António P. P. Almeida appa at perusio.net
Fri Feb 1 13:52:46 UTC 2013


On 22 Jan 2013 14h34 CET, mdounin at mdounin.ru wrote:

Hello Maxim,

I made some tests and definitely we cannot use in our product, it
takes too much time and resources. 

Tested on an EC m1.medium instance.

HOSTS,DATE,COMMAND,CPU_PERCENTAGE,CPU_SYSTEM,CPU_USER,ELAPSED_TIME,IO_PG_FAULTS,ICONTEXT_SWITCHING,VCONTEXT_SWITCHING,MAX_MEMORY
5001,01.Feb.2013 00:18:33,/usr/sbin/nginx -s reload,92%,0.60,1.84,0:02.62,0,3296,1,138528
10001,01.Feb.2013 00:19:32,/usr/sbin/nginx -s reload,93%,1.67,5.80,0:08.00,0,11627,1,406804
20001,01.Feb.2013 00:20:23,/usr/sbin/nginx -s reload,93%,4.17,13.68,0:19.16,0,25221,1,945164
50001,01.Feb.2013 00:22:02,/usr/sbin/nginx -s reload,60%,13.24,36.37,1:22.46,14,68338,87121,2288668

As you can see 50k hosts take more than one minute. That would be
acceptable if it weren't for the fact that it uses up a lot of CPU and
memory. Parsing the config seems to be the culprit here.

These where simple server blocks with self-signed certs just for
testing.

It would be awesome if there was some sort of compilation process for
the config parsing. It's too costly. Let's say you have a machine with
50k hosts, now you add another one and the machine gets a beating just
for adding this one.

Any comments on my test approach?

Thanks,
--- appa



More information about the nginx-devel mailing list