SSL proxy slow....

Dave Cheney dave at cheney.net
Tue Sep 9 04:05:41 MSD 2008


Hi James,

If nginx is acting as your SSL handler then you don't need to pass SSL back
to your app. This should be sufficient.

location / {
   proxy_set_header X-FORWARDED_PROTO https;
   proxy_pass https://givvymain;
}

Cheers

Dave

On Mon, 8 Sep 2008 19:50:30 -0400, James <thenetimp at gmail.com> wrote:
> Here is my server config.  When I go to http://prod.givvy.com  the  
> result is normal.  When I go to https://prod.givvy.com it's dog slow.
> 
> Any idea as to how to speed up the SSL side of it?  (right now I am  
> using a local host change to point to the right IP address as  
> prod.givvy.com points to a maintenance page.  We want to launch the  
> site tomorrow, but this is a huge problem for us.  I'd hate to launch  
> it with one server.
> 
> Thanks
> James
> 
> http {
> 
>      upstream givvymain {
>          server 75.101.150.160:80        max_fails=1  fail_timeout=30s;
>          server 67.202.3.21:80           max_fails=1  fail_timeout=30s;
>      }
> 
>      upstream givvymainssl {
>          server 75.101.150.160:443       max_fails=1  fail_timeout=30s;
>          server 67.202.3.21:443          max_fails=1  fail_timeout=30s;
>      }
> 
>      server {
>          listen 80;
>          server_name prod.givvy.com;
>          location / {
>              proxy_pass http://givvymain;
>              proxy_next_upstream error timeout;
>          }
>      }
> 
> 
>      server {
>          listen 443;
>          server_name prod.givvy.com;
> 
>          ssl on;
>          ssl_certificate /####PATH TO CERT###/
>          ssl_certificate_key /####PATH TO KEY###/
>          keepalive_timeout 70;
> 
>          location / {
>              proxy_set_header X-FORWARDED_PROTO https;
>              proxy_pass https://givvymainssl;
>          }
>      }
> }
> 





More information about the nginx mailing list