SSL proxy slow....
James
thenetimp at gmail.com
Tue Sep 9 04:36:04 MSD 2008
I do need to pass SSL back to my app from the front nginx server,
because we are using EC2 forour servers, so I do need to encrypt them
back to the 2 front end servers, as it's on a public network, and the
network is public.
James
On Sep 8, 2008, at 8:05 PM, Dave Cheney wrote:
> Hi James,
>
> If nginx is acting as your SSL handler then you don't need to pass
> SSL back
> to your app. This should be sufficient.
>
> location / {
> proxy_set_header X-FORWARDED_PROTO https;
> proxy_pass https://givvymain;
> }
>
> Cheers
>
> Dave
>
> On Mon, 8 Sep 2008 19:50:30 -0400, James <thenetimp at gmail.com> wrote:
>> Here is my server config. When I go to http://prod.givvy.com the
>> result is normal. When I go to https://prod.givvy.com it's dog slow.
>>
>> Any idea as to how to speed up the SSL side of it? (right now I am
>> using a local host change to point to the right IP address as
>> prod.givvy.com points to a maintenance page. We want to launch the
>> site tomorrow, but this is a huge problem for us. I'd hate to launch
>> it with one server.
>>
>> Thanks
>> James
>>
>> http {
>>
>> upstream givvymain {
>> server 75.101.150.160:80 max_fails=1
>> fail_timeout=30s;
>> server 67.202.3.21:80 max_fails=1
>> fail_timeout=30s;
>> }
>>
>> upstream givvymainssl {
>> server 75.101.150.160:443 max_fails=1
>> fail_timeout=30s;
>> server 67.202.3.21:443 max_fails=1
>> fail_timeout=30s;
>> }
>>
>> server {
>> listen 80;
>> server_name prod.givvy.com;
>> location / {
>> proxy_pass http://givvymain;
>> proxy_next_upstream error timeout;
>> }
>> }
>>
>>
>> server {
>> listen 443;
>> server_name prod.givvy.com;
>>
>> ssl on;
>> ssl_certificate /####PATH TO CERT###/
>> ssl_certificate_key /####PATH TO KEY###/
>> keepalive_timeout 70;
>>
>> location / {
>> proxy_set_header X-FORWARDED_PROTO https;
>> proxy_pass https://givvymainssl;
>> }
>> }
>> }
>>
>
More information about the nginx
mailing list