Recommendations on using nginx as SSL proxy for everything

Rob Mueller robm at
Thu Sep 4 16:00:14 MSD 2008

>  Is there any recommendation on using Nginx as a SSL accelerator for
> all 4 protocols ( http, smtp, imap/pop). Or if any one is doing this 
> already, can you share the experience on hardware / os configuration and 
> what kind of loading you are doing today.

We run it for http, imap & pop (not smtp). Partly due to legacy reasons, we 
run separate http and imap/pop instances but this still seems reasonable to 
allow starting/stopping of them separately.

We're using linux and two oldish (>2 years, netburst xeon) machines as 
frontends. We use DNS load balancing between them, and heartbeat to takeover 
an IP if one machine dies.

Performance is great. Machines also do a bunch of other things, and 
generally only see 10-20% CPU usage. Each machine has about 7000 IMAP SSL + 
3500 regular IMAP connections alive but has no problem taking double that 
when one machine is taken down.

You might want to look into tuning these variables.



More information about the nginx mailing list