reverse ssl proxy - speed & jitter
newnovice
nginx-forum at nginx.us
Wed Jul 23 17:19:47 UTC 2014
I am setting up a nginx reverse ssl proxy - I have a machine I can use with
2 E5-2650 CPU's and lots of RAM. I have nginx-1.6.0 + openssl-1.0.1h
installed. I have taken into consideration most optimization suggestions out
there and incorporated them. I will attach a copy of my config file.
(optimizing first connection experience is good) With my testing just for
handshake + connection setup with 2K cert it is taking 3.5ms on average. I
see spikes in this time every 40 or so handshakes. I would like the 90+
percentile of the handshakes to not have any jitter/variance.
testing method:
time
for i in {1..1000};
do
httperf --hog --server localhost --port 443 --ssl --uri /nginx_ping
--ssl-no-reuse --num-calls 1 --num-conns 1 --rate 1 | egrep "Connection
time \[ms\]\: |Reply time \[ms\]\: " | awk {'print $5'} | xargs | tr -s " "
", " >> test.log;
done;
-if you think this methodology is not right - do let me know. I have looked
at the tcpdumps and made sure a full handshake is happening and then a GET
request is issued
gives me: request-time, connect_time, response_time
request_time = connect_time(ssl handshake + connection setup) +
response_time.
1. I want to debug why there is jitter in the handshake time - i want the
90th, 95th, 99th, 99.9th percentiles to also be around 3.5ms.
2. I want to see if i can make nginx any faster to do handshake. what is the
fastest you guys think this can happen
3. how can i profile nginx and proceed to make this faster
all comments are welcome!
thanks!
not sure how to attach config:
config details:
5 workers, worker_priority -10, timer_resolution 200ms, worker_cpu_affinity
to separates cores on cpu2, error_log to dev/null, use epoll, worker_conns
2000, multi_accept on, accept_mutex off, sendfile on, tcp_nopush on,
tcp_nodelay on, file caches, keepalive_timeout 5000, keepalive_requests
100000, reset_timedout_connection on, client_body_timeout 10, send_timeout
2, gzip, server_tokens off, postpone_output 0. upstream: keep alive 180,
proxy_buffering off, client_body_buffer_size 512K,
large_client_header_buffers 4 64k, client_max_body_size 0. server: listen
443 ssl, access_log off, ssl_buffer_size 8k, ssl_session_timeout 10m,
ssl_protocols SSLv3 TLSv1, ssl_ciphers RC4-MD5, ssl_prefer_server_ciphers
on, ssl_session_cache shared:SSL:10m. location /nginx_ping - return 200.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252002,252002#msg-252002
More information about the nginx
mailing list