Recommendations on using nginx as SSL proxy for everything
Rob Mueller
robm at fastmail.fm
Thu Sep 4 16:00:14 MSD 2008
> Is there any recommendation on using Nginx as a SSL accelerator for
> all 4 protocols ( http, smtp, imap/pop). Or if any one is doing this
> already, can you share the experience on hardware / os configuration and
> what kind of loading you are doing today.
We run it for http, imap & pop (not smtp). Partly due to legacy reasons, we
run separate http and imap/pop instances but this still seems reasonable to
allow starting/stopping of them separately.
We're using linux and two oldish (>2 years, netburst xeon) machines as
frontends. We use DNS load balancing between them, and heartbeat to takeover
an IP if one machine dies.
Performance is great. Machines also do a bunch of other things, and
generally only see 10-20% CPU usage. Each machine has about 7000 IMAP SSL +
3500 regular IMAP connections alive but has no problem taking double that
when one machine is taken down.
You might want to look into tuning these variables.
net.ipv4.tcp_keepalive_time
net.ipv4.netfilter.ip_conntrack_max
fs.file-max
net.core.rmem_max
net.core.wmem_max
net.ipv4.tcp_rmem
net.ipv4.tcp_wmem
Rob
More information about the nginx
mailing list