Welcome! Log In Create A New Profile

Advanced

Re: ssl proxys https web server is very slow

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
June 20, 2014 03:14PM
Hello!

On Fri, Jun 20, 2014 at 10:14:54AM -0700, Mark Moseley wrote:

> On Fri, Jun 20, 2014 at 5:20 AM, Maxim Dounin <mdounin@mdounin.ru> wrote:
>
> > Hello!
> >
> > On Fri, Jun 20, 2014 at 10:51:38AM +0200, Yifeng Wang wrote:
> >
> > > Hi, It's my first time using NGINX to proxy other web servers. I set a
> > > variable in location, this variable may be gotten in cookie or args. if
> > > I use it directly likes "proxy_pass https://$nodeIp2;", it will get the
> > > response for a long time. but if I hardcode likes "proxy_pass
> > > https://147.128.22.152:8443" it works normally. Do I need to set more
> > > cofiguration parameters to solve this problem.Below is the segment of my
> > > windows https configuration.
> > >
> > > http {
> > > ...
> > > server {
> > > listen 443 ssl;
> > > server_name localhost;
> > >
> > > ssl_certificate server.crt;
> > > ssl_certificate_key server.key;
> > >
> > > location /pau6000lct/ {
> > > set $nodeIp 147.128.22.152:8443;
> > > proxy_pass https://$nodeIp;
> >
> > Use of variables in the proxy_pass, in particular, implies that
> > SSL sessions will not be reused (as upstream address is not known
> > in advance, and there is no associated storage for an SSL
> > session). This means that each connection will have to do full
> > SSL handshake, and this is likely the reason for the performance
> > problems you see.
> >
> > Solution is to use proxy_pass without variables, or use
> > preconfigured upstream{} blocks instead of ip addresses if you
> > have to use variables.
> >
>
> So to prevent the heart attack I almost just had, can you confirm how I
> interpret that last statement:
>
> If you define your upstream using "upstream upstream_name etc" and then use
> a variable indicating the name of the upstream in proxy_pass statement,
> that will *not* cause SSL sessions to not be reused. I.e. proxy_pass with a
> variable indicating upstream would not cause a performance issue.
>
> Is that correct?

Yes. If there is an upstream{} block, SSL sessions with upstream
servers will be reused regardless of use of variables in the
proxy_pass directive.

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

ssl proxys https web server is very slow

Yifeng Wang June 20, 2014 04:52AM

Re: ssl proxys https web server is very slow

Maxim Dounin June 20, 2014 08:22AM

Re: ssl proxys https web server is very slow

Mark Moseley June 20, 2014 01:16PM

Re: ssl proxys https web server is very slow

Maxim Dounin June 20, 2014 03:14PM

Re: ssl proxys https web server is very slow

Yifeng Wang June 22, 2014 09:56PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 253
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready