Welcome! Log In Create A New Profile

Advanced

Nginx use ssl slow than ELB

Previous Message Next Message
Forum List Message List New Topic Print View
huakaibird
December 08, 2015 09:03AM
Hi,

I want to use nginx as LB to replace aws ELB, but found that it is much slower, it affected web users, sometime user will encounter access web time out.

this is my configuration, please help to check if something is wrong. I use ssl.

user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;


events {
use epoll;
worker_connections 65535;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main buffer=1m flush=5s;

sendfile on;
keepalive_timeout 60;
client_max_body_size 0;

server {
listen 8080;
root /usr/share/nginx/html;


location = /nginx_status {
stub_status on;
access_log off;
}

location = /status.html {
}
}

include /etc/nginx/test.d/test.conf;
}

test.conf:
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
upstream backend {

server x.x.x.x;
server x.x.x.x;
check interval=30000 rise=3 fall=5 timeout=5000 type=http;
check_http_send "HEAD /healthcheck HTTP/1.0\r\n\r\n";

}


server {
listen 80;
listen 443 ssl;


location / {
proxy_pass http://backend;

}
keepalive_timeout 60;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffers 128 16k;
client_body_buffer_size 2048k;
underscores_in_headers on;
ssl_certificate ssl/chained.crt;
ssl_certificate_key ssl/key.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DH:!EDH';
#ssl_ciphers HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
}
Reply Quote
RSS
Subject Author Posted

Nginx use ssl slow than ELB

huakaibird December 08, 2015 09:03AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 106
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready