SSL proxy slow....
Dave Cheney
dave at cheney.net
Tue Sep 9 04:05:41 MSD 2008
Hi James,
If nginx is acting as your SSL handler then you don't need to pass SSL back
to your app. This should be sufficient.
location / {
proxy_set_header X-FORWARDED_PROTO https;
proxy_pass https://givvymain;
}
Cheers
Dave
On Mon, 8 Sep 2008 19:50:30 -0400, James <thenetimp at gmail.com> wrote:
> Here is my server config. When I go to http://prod.givvy.com the
> result is normal. When I go to https://prod.givvy.com it's dog slow.
>
> Any idea as to how to speed up the SSL side of it? (right now I am
> using a local host change to point to the right IP address as
> prod.givvy.com points to a maintenance page. We want to launch the
> site tomorrow, but this is a huge problem for us. I'd hate to launch
> it with one server.
>
> Thanks
> James
>
> http {
>
> upstream givvymain {
> server 75.101.150.160:80 max_fails=1 fail_timeout=30s;
> server 67.202.3.21:80 max_fails=1 fail_timeout=30s;
> }
>
> upstream givvymainssl {
> server 75.101.150.160:443 max_fails=1 fail_timeout=30s;
> server 67.202.3.21:443 max_fails=1 fail_timeout=30s;
> }
>
> server {
> listen 80;
> server_name prod.givvy.com;
> location / {
> proxy_pass http://givvymain;
> proxy_next_upstream error timeout;
> }
> }
>
>
> server {
> listen 443;
> server_name prod.givvy.com;
>
> ssl on;
> ssl_certificate /####PATH TO CERT###/
> ssl_certificate_key /####PATH TO KEY###/
> keepalive_timeout 70;
>
> location / {
> proxy_set_header X-FORWARDED_PROTO https;
> proxy_pass https://givvymainssl;
> }
> }
> }
>
More information about the nginx
mailing list