SSL proxy slow....

Delta Yeh delta.yeh at gmail.com
Tue Sep 9 07:19:01 MSD 2008 

I think apache support persistent connection and ssl to backend  server

2008/9/9 James <thenetimp at gmail.com>:
> we've decided for the time being to go round robin DNS for now.  It's got
> it's disadvantages, but since the site launches in the morning, I don't have
> time to play with it before the launch, too many other things to do.  Kind
> of sucks, I was really excited about using nginx.
>
> James
>
>
> On Sep 8, 2008, at 10:41 PM, Gabriel Ramuglia wrote:
>
>> varnish can't act as an ssl server, not sure about being an ssl client.
>>
>> On Mon, Sep 8, 2008 at 9:41 PM, James <thenetimp at gmail.com> wrote:
>>>
>>> Thanks Dave.  I'll look into both of those.
>>>
>>> Thanks,
>>> James
>>>
>>>
>>> On Sep 8, 2008, at 9:05 PM, Dave Cheney wrote:
>>>
>>>> The the dog slowness you are seeing is probably nginx renegitiation SSL
>>>> on
>>>> every backend request. At the moment nginx will issue a connection close
>>>> after each request.
>>>>
>>>> If you are using nginx as an SSL load balancer you might need to use
>>>> something else (varnish? squid?) that can maintain persistant
>>>> connections
>>>> to your backend, this might help, a bit.
>>>>
>>>> Cheers
>>>>
>>>> Dave
>>>>
>>>> On Mon, 8 Sep 2008 20:36:04 -0400, James <thenetimp at gmail.com> wrote:
>>>>>
>>>>> I do need to pass SSL back to my app from the front nginx server,
>>>>> because we are using EC2 forour servers, so I do need to encrypt them
>>>>> back to the 2 front end servers, as it's on a public network, and the
>>>>> network is public.
>>>>>
>>>>> James
>>>>>
>>>>>
>>>>> On Sep 8, 2008, at 8:05 PM, Dave Cheney wrote:
>>>>>
>>>>>> Hi James,
>>>>>>
>>>>>> If nginx is acting as your SSL handler then you don't need to pass
>>>>>> SSL back
>>>>>> to your app. This should be sufficient.
>>>>>>
>>>>>> location / {
>>>>>> proxy_set_header X-FORWARDED_PROTO https;
>>>>>> proxy_pass https://givvymain;
>>>>>> }
>>>>>>
>>>>>> Cheers
>>>>>>
>>>>>> Dave
>>>>>>
>>>>>> On Mon, 8 Sep 2008 19:50:30 -0400, James <thenetimp at gmail.com> wrote:
>>>>>>>
>>>>>>> Here is my server config.  When I go to http://prod.givvy.com  the
>>>>>>> result is normal.  When I go to https://prod.givvy.com it's dog slow.
>>>>>>>
>>>>>>> Any idea as to how to speed up the SSL side of it?  (right now I am
>>>>>>> using a local host change to point to the right IP address as
>>>>>>> prod.givvy.com points to a maintenance page.  We want to launch the
>>>>>>> site tomorrow, but this is a huge problem for us.  I'd hate to launch
>>>>>>> it with one server.
>>>>>>>
>>>>>>> Thanks
>>>>>>> James
>>>>>>>
>>>>>>> http {
>>>>>>>
>>>>>>>  upstream givvymain {
>>>>>>>     server 75.101.150.160:80        max_fails=1
>>>>>>> fail_timeout=30s;
>>>>>>>     server 67.202.3.21:80           max_fails=1
>>>>>>> fail_timeout=30s;
>>>>>>>  }
>>>>>>>
>>>>>>>  upstream givvymainssl {
>>>>>>>     server 75.101.150.160:443       max_fails=1
>>>>>>> fail_timeout=30s;
>>>>>>>     server 67.202.3.21:443          max_fails=1
>>>>>>> fail_timeout=30s;
>>>>>>>  }
>>>>>>>
>>>>>>>  server {
>>>>>>>     listen 80;
>>>>>>>     server_name prod.givvy.com;
>>>>>>>     location / {
>>>>>>>         proxy_pass http://givvymain;
>>>>>>>         proxy_next_upstream error timeout;
>>>>>>>     }
>>>>>>>  }
>>>>>>>
>>>>>>>
>>>>>>>  server {
>>>>>>>     listen 443;
>>>>>>>     server_name prod.givvy.com;
>>>>>>>
>>>>>>>     ssl on;
>>>>>>>     ssl_certificate /####PATH TO CERT###/
>>>>>>>     ssl_certificate_key /####PATH TO KEY###/
>>>>>>>     keepalive_timeout 70;
>>>>>>>
>>>>>>>     location / {
>>>>>>>         proxy_set_header X-FORWARDED_PROTO https;
>>>>>>>         proxy_pass https://givvymainssl;
>>>>>>>     }
>>>>>>>  }
>>>>>>> }
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>

More information about the nginx mailing list