ssl cache pooling ? (kind of)

Maxim Dounin mdounin at
Sat Mar 22 21:45:55 UTC 2014


On Sat, Mar 22, 2014 at 12:28:16PM -0400, Larry wrote:

> Hello,
> I would like to know if we could replicate the shared memory over multiple
> servers.
> One cannot reliably use the new ticket system since not all webbrowsers
> support this.
> My idea is to modify the ngx_shared_memory_add function to add a rpc stack
> to it.
> We would write down the upstream servers we want to make aware of the
> modification and send them the cache value.
> The only remaining question is how to make a corresponding with the mmap.
> Is there a corresponding logic directly between the ssl handshake and the
> place in memory choosen ?
> Are there any restrictions ?
> Basically it would be a full replication of the cache on every server, but
> allowing dynamic allocation so that every server remains independant.
> Since this does not consume that much of resources, we can easily allocate
> even 50Mo for the shared memory without any fear.
> Before I start coding,  I would like to know if there are any mistakes in
> the idea. I may have missed something huge.
> Did I ?

You may have better luck adding replication logic to the session 

The idea of replication of shared memory looks utterly broken, in 
particular as there are pointers stored in shared memory (take a 
look at ngx_ssl_new_session() for details).

Maxim Dounin

More information about the nginx mailing list