Forum List Message List New Topic Print View

Mark Maunder

July 12, 2011 04:00AM

Igor I did SSL benchmarks with 10 worker processes on a very fast
multicore machine with multiple ssl_session_cache configs to try and
disprove this post. My results were also slow:

On a 4 core Xeon E5410 using:

ab -c 50 -n 5000

with 64 bit ubuntu 10.10 and kernel 2.6.35 I get:

For a 43 byte transparent gif image on regular HTTP:

Requests per second: 11703.19 [#/sec] (mean)

Same file via HTTPS with various ssl_session_cache params set:

ssl_session_cache shared:SSL:10m;
Requests per second: 180.13 [#/sec] (mean)

ssl_session_cache builtin:1000 shared:SSL:10m;
Requests per second: 183.53 [#/sec] (mean)

ssl_session_cache builtin:1000;
Requests per second: 182.63 [#/sec] (mean)

No ssl_session_cache:
Requests per second: 184.67 [#/sec] (mean)

I'm assuming the session cache has no effect since each 'ab' request is
a new session. But I thought I'd try it anyway.

180 per second for a machine this fast compared to 11,703 per second on
regular HTTP seems like a big difference. 'ab' was run on the local
machine (it takes very little CPU) so there was zero network latency.

Let me know if there's anything I should try to speed it up.

Here's the config I used:

worker_processes 10;
worker_rlimit_nofile 60000;
error_log logs/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 10000;
}
http {
client_max_body_size 20m;
client_header_timeout 3m;
client_body_timeout 3m;
send_timeout 3m;
server_names_hash_bucket_size 128;
client_header_buffer_size 1k;
large_client_header_buffers 4 4k;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
server_tokens off;
gzip on;
gzip_min_length 1100;
gzip_buffers 4 8k;
gzip_types text/plain text/css application/x-javascript
application/javascript text/xml application/xml application/xml+rss
text/javascript;
keepalive_timeout 10 5;

proxy_next_upstream off;

geo $country {
default no;
include mygeodir/nginxGeo.txt;
}
limit_req_zone $binary_remote_addr zone=slowSite:20m rate=10r/m;
limit_req_zone $binary_remote_addr zone=fastSite:20m rate=500r/m;
limit_req_zone $binary_remote_addr zone=zonea:20m rate=120r/m;
limit_req_zone $binary_remote_addr zone=zoneb:20m rate=60r/m;

include mime.types;

#the rest is basic server sections
}

--
Mark Maunder<mark@feedjit.com>
http://feedjit.com/

On 7/12/11 12:23 AM, Igor Sysoev wrote:
> On Jul 12, 2011, at 4:45 , davidkazuhiro wrote:
>
>> According to this article http://matt.io/entry/uq nginx is really slow
>> at SSL. Is this true and should I be using stud to handle SSL
>> connections, or is nginx actually fast an it's a configuration issue or
>> a fluke version of nginx?
> I believe nginx was not configured to run 8 worker processes.
> It seems he ran only 2 worker processes.
>
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
nginx ssl slow	davidkazuhiro	July 11, 2011 08:45PM
Re: nginx ssl slow	Maxim Dounin	July 12, 2011 12:16AM
Re: nginx ssl slow	davidkazuhiro	July 12, 2011 01:39AM
Re: nginx ssl slow	davidkazuhiro	July 15, 2011 01:57AM
Re: nginx ssl slow	Igor Sysoev	July 12, 2011 02:24AM
Re: nginx ssl slow	Mark Maunder	July 12, 2011 04:00AM
Re: nginx ssl slow	Maxim Dounin	July 14, 2011 11:22AM
Re: nginx ssl slow	Adam Zell	July 14, 2011 01:18PM
Re: nginx ssl slow	Bradley Falzon	July 12, 2011 02:30AM
Re: nginx ssl slow	Maxim Dounin	July 12, 2011 05:12AM
Re: nginx ssl slow	Maxim Dounin	July 12, 2011 09:12AM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 230

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018