ssl cache pooling ? (kind of)
Maxim Dounin
mdounin at mdounin.ru
Sat Mar 22 21:45:55 UTC 2014
Hello!
On Sat, Mar 22, 2014 at 12:28:16PM -0400, Larry wrote:
> Hello,
>
> I would like to know if we could replicate the shared memory over multiple
> servers.
>
> One cannot reliably use the new ticket system since not all webbrowsers
> support this.
>
> My idea is to modify the ngx_shared_memory_add function to add a rpc stack
> to it.
>
> We would write down the upstream servers we want to make aware of the
> modification and send them the cache value.
>
> The only remaining question is how to make a corresponding with the mmap.
>
> Is there a corresponding logic directly between the ssl handshake and the
> place in memory choosen ?
> Are there any restrictions ?
>
> Basically it would be a full replication of the cache on every server, but
> allowing dynamic allocation so that every server remains independant.
>
> Since this does not consume that much of resources, we can easily allocate
> even 50Mo for the shared memory without any fear.
>
> Before I start coding, I would like to know if there are any mistakes in
> the idea. I may have missed something huge.
>
> Did I ?
You may have better luck adding replication logic to the session
cache.
The idea of replication of shared memory looks utterly broken, in
particular as there are pointers stored in shared memory (take a
look at ngx_ssl_new_session() for details).
--
Maxim Dounin
http://nginx.org/
More information about the nginx
mailing list