nginx ssl slow

Mark Maunder mark at feedjit.com
Tue Jul 12 11:58:38 MSD 2011 

Igor I did SSL benchmarks with 10 worker processes on a very fast 
multicore machine with multiple ssl_session_cache configs to try and 
disprove this post. My results were also slow:

On a 4 core Xeon E5410 using:

ab -c 50 -n 5000

with 64 bit ubuntu 10.10 and kernel 2.6.35 I get:

For a 43 byte transparent gif image on regular HTTP:

Requests per second: 11703.19 [#/sec] (mean)

Same file via HTTPS with various ssl_session_cache params set:

ssl_session_cache shared:SSL:10m;
Requests per second: 180.13 [#/sec] (mean)

ssl_session_cache builtin:1000 shared:SSL:10m;
Requests per second: 183.53 [#/sec] (mean)

ssl_session_cache builtin:1000;
Requests per second: 182.63 [#/sec] (mean)

No ssl_session_cache:
Requests per second: 184.67 [#/sec] (mean)


I'm assuming the session cache has no effect since each 'ab' request is 
a new session. But I thought I'd try it anyway.

180 per second for a machine this fast compared to 11,703 per second on 
regular HTTP seems like a big difference. 'ab' was run on the local 
machine (it takes very little CPU) so there was zero network latency.

Let me know if there's anything I should try to speed it up.

Here's the config I used:

worker_processes  10;
worker_rlimit_nofile 60000;
error_log  logs/error.log;
pid        /var/run/nginx.pid;
events {
     worker_connections  10000;
}
http {
client_max_body_size   20m;
client_header_timeout  3m;
client_body_timeout    3m;
send_timeout           3m;
server_names_hash_bucket_size 128;
client_header_buffer_size    1k;
large_client_header_buffers  4 4k;
sendfile         on;
tcp_nopush       on;
tcp_nodelay      on;
server_tokens   off;
gzip on;
gzip_min_length  1100;
gzip_buffers     4 8k;
gzip_types       text/plain text/css application/x-javascript 
application/javascript text/xml application/xml application/xml+rss 
text/javascript;
keepalive_timeout  10 5;

proxy_next_upstream off;

geo $country {
         default no;
         include mygeodir/nginxGeo.txt;
}
limit_req_zone  $binary_remote_addr  zone=slowSite:20m   rate=10r/m;
limit_req_zone  $binary_remote_addr  zone=fastSite:20m   rate=500r/m;
limit_req_zone  $binary_remote_addr  zone=zonea:20m   rate=120r/m;
limit_req_zone  $binary_remote_addr  zone=zoneb:20m   rate=60r/m;

include    mime.types;

#the rest is basic server sections
}

--
Mark Maunder<mark at feedjit.com>
http://feedjit.com/



On 7/12/11 12:23 AM, Igor Sysoev wrote:
> On Jul 12, 2011, at 4:45 , davidkazuhiro wrote:
>
>> According to this article http://matt.io/entry/uq nginx is really slow
>> at SSL. Is this true and should I be using stud to handle SSL
>> connections, or is nginx actually fast an it's a configuration issue or
>> a fluke version of nginx?
> I believe nginx was not configured to run 8 worker processes.
> It seems he ran only 2 worker processes.
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110712/7c920399/attachment.html>

More information about the nginx mailing list