Welcome! Log In Create A New Profile

Re: Transforming SSL server cert and private key in variables.

Forum List Message List New Topic Print View

splitice

February 01, 2013 09:12AM

Registered: 12 years ago
Posts: 118

On a side note, a good feature for nginx would be a small SHM zone for
storing SSL certificates cross reload (paired with a filemtime value) to
speed up reloads.

I run alot of SSL certificates myself (not using SNI but unique IPs) around
300 per node (and 7 nodes refreshed up to every minute) and have noticed
the decent CPU percentage.

On Sat, Feb 2, 2013 at 12:22 AM, António P. P. Almeida <appa@perusio.net>wrote:

> On 22 Jan 2013 14h34 CET, mdounin@mdounin.ru wrote:
>
> Hello Maxim,
>
> I made some tests and definitely we cannot use in our product, it
> takes too much time and resources.
>
> Tested on an EC m1.medium instance.
>
>
> HOSTS,DATE,COMMAND,CPU_PERCENTAGE,CPU_SYSTEM,CPU_USER,ELAPSED_TIME,IO_PG_FAULTS,ICONTEXT_SWITCHING,VCONTEXT_SWITCHING,MAX_MEMORY
> 5001,01.Feb.2013 00:18:33,/usr/sbin/nginx -s
> reload,92%,0.60,1.84,0:02.62,0,3296,1,138528
> 10001,01.Feb.2013 00:19:32,/usr/sbin/nginx -s
> reload,93%,1.67,5.80,0:08.00,0,11627,1,406804
> 20001,01.Feb.2013 00:20:23,/usr/sbin/nginx -s
> reload,93%,4.17,13.68,0:19.16,0,25221,1,945164
> 50001,01.Feb.2013 00:22:02,/usr/sbin/nginx -s
> reload,60%,13.24,36.37,1:22.46,14,68338,87121,2288668
>
> As you can see 50k hosts take more than one minute. That would be
> acceptable if it weren't for the fact that it uses up a lot of CPU and
> memory. Parsing the config seems to be the culprit here.
>
> These where simple server blocks with self-signed certs just for
> testing.
>
> It would be awesome if there was some sort of compilation process for
> the config parsing. It's too costly. Let's say you have a machine with
> 50k hosts, now you add another one and the machine gets a beating just
> for adding this one.
>
> Any comments on my test approach?
>
> Thanks,
> --- appa
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
Transforming SSL server cert and private key in variables.	António P. P. Almeida	1422	January 22, 2013 05:22AM
Re: Transforming SSL server cert and private key in variables.	Maxim Dounin	804	January 22, 2013 06:22AM
Re: Transforming SSL server cert and private key in variables.	António P. P. Almeida	1238	January 22, 2013 08:14AM
Re: Transforming SSL server cert and private key in variables.	Maxim Dounin	969	January 22, 2013 08:36AM
Re: Transforming SSL server cert and private key in variables.	António P. P. Almeida	960	January 23, 2013 06:28AM
Re: Transforming SSL server cert and private key in variables.	António P. P. Almeida	774	February 01, 2013 08:54AM
Re: Transforming SSL server cert and private key in variables.	splitice	950	February 01, 2013 09:12AM
Re: Transforming SSL server cert and private key in variables.	Maxim Dounin	766	February 01, 2013 10:26AM
Re: Transforming SSL server cert and private key in variables.	António P. P. Almeida	1187	February 01, 2013 10:44AM
Re: Transforming SSL server cert and private key in variables.	Maxim Dounin	917	February 01, 2013 11:38AM

Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 233

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018