<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
Igor I did SSL benchmarks with 10 worker processes on a very fast
multicore machine with multiple ssl_session_cache configs to try and
disprove this post. My results were also slow:<br>
<br>
<span class="Apple-style-span" style="border-collapse: separate;
color: rgb(0, 0, 0); font-family: Times; font-style: normal;
font-variant: normal; font-weight: normal; letter-spacing: normal;
line-height: normal; orphans: 2; text-indent: 0px; text-transform:
none; white-space: normal; widows: 2; word-spacing: 0px;
font-size: medium;"><span class="Apple-style-span"
style="font-family: Verdana; font-size: 12px;">
<p style="margin-top: 8px; margin-bottom: 0px;">On a 4 core Xeon
E5410 using: <br>
</p>
<p style="margin-top: 8px; margin-bottom: 0px;">ab -c 50 -n 5000
<br>
</p>
<p style="margin-top: 8px; margin-bottom: 0px;">with 64 bit
ubuntu 10.10 and kernel 2.6.35 I get:</p>
<p style="margin-top: 8px; margin-bottom: 0px;">For a 43 byte
transparent gif image on regular HTTP:</p>
<p style="margin-top: 8px; margin-bottom: 0px;">Requests per
second: 11703.19 [#/sec] (mean)</p>
<p style="margin-top: 8px; margin-bottom: 0px;">Same file via
HTTPS with various ssl_session_cache params set:</p>
<p style="margin-top: 8px; margin-bottom: 0px;">ssl_session_cache
shared:SSL:10m; <br>
Requests per second: 180.13 [#/sec] (mean)</p>
<p style="margin-top: 8px; margin-bottom: 0px;">ssl_session_cache
builtin:1000 shared:SSL:10m; <br>
Requests per second: 183.53 [#/sec] (mean)</p>
<p style="margin-top: 8px; margin-bottom: 0px;">ssl_session_cache
builtin:1000; <br>
Requests per second: 182.63 [#/sec] (mean)</p>
<p style="margin-top: 8px; margin-bottom: 0px;">No
ssl_session_cache: <br>
Requests per second: 184.67 [#/sec] (mean)</p>
</span></span><br>
I'm assuming the session cache has no effect since each 'ab' request
is a new session. But I thought I'd try it anyway. <br>
<br>
180 per second for a machine this fast compared to 11,703 per second
on regular HTTP seems like a big difference. 'ab' was run on the
local machine (it takes very little CPU) so there was zero network
latency. <br>
<br>
Let me know if there's anything I should try to speed it up.<br>
<br>
Here's the config I used:<br>
<br>
worker_processes 10;<br>
worker_rlimit_nofile 60000;<br>
error_log logs/error.log;<br>
pid /var/run/nginx.pid;<br>
events {<br>
worker_connections 10000;<br>
}<br>
http {<br>
client_max_body_size 20m;<br>
client_header_timeout 3m;<br>
client_body_timeout 3m;<br>
send_timeout 3m;<br>
server_names_hash_bucket_size 128;<br>
client_header_buffer_size 1k;<br>
large_client_header_buffers 4 4k;<br>
sendfile on;<br>
tcp_nopush on;<br>
tcp_nodelay on;<br>
server_tokens off;<br>
gzip on;<br>
gzip_min_length 1100;<br>
gzip_buffers 4 8k;<br>
gzip_types text/plain text/css application/x-javascript
application/javascript text/xml application/xml application/xml+rss
text/javascript;<br>
keepalive_timeout 10 5;<br>
<br>
proxy_next_upstream off;<br>
<br>
geo $country {<br>
default no;<br>
include mygeodir/nginxGeo.txt;<br>
}<br>
limit_req_zone $binary_remote_addr zone=slowSite:20m rate=10r/m;<br>
limit_req_zone $binary_remote_addr zone=fastSite:20m
rate=500r/m;<br>
limit_req_zone $binary_remote_addr zone=zonea:20m rate=120r/m;<br>
limit_req_zone $binary_remote_addr zone=zoneb:20m rate=60r/m;<br>
<br>
include mime.types;<br>
<br>
#the rest is basic server sections<br>
}<br>
<pre class="moz-signature" cols="72">--
Mark Maunder <a class="moz-txt-link-rfc2396E" href="mailto:mark@feedjit.com"><mark@feedjit.com></a>
<a class="moz-txt-link-freetext" href="http://feedjit.com/">http://feedjit.com/</a>
</pre>
<br>
On 7/12/11 12:23 AM, Igor Sysoev wrote:
<blockquote
cite="mid:F6A7C419-1FE3-47F9-8851-AF5680187FAD@sysoev.ru"
type="cite">
<pre wrap="">On Jul 12, 2011, at 4:45 , davidkazuhiro wrote:
</pre>
<blockquote type="cite">
<pre wrap="">According to this article <a class="moz-txt-link-freetext" href="http://matt.io/entry/uq">http://matt.io/entry/uq</a> nginx is really slow
at SSL. Is this true and should I be using stud to handle SSL
connections, or is nginx actually fast an it's a configuration issue or
a fluke version of nginx?
</pre>
</blockquote>
<pre wrap="">
I believe nginx was not configured to run 8 worker processes.
It seems he ran only 2 worker processes.
--
Igor Sysoev
<a class="moz-txt-link-freetext" href="http://sysoev.ru/en/">http://sysoev.ru/en/</a>
_______________________________________________
nginx mailing list
<a class="moz-txt-link-abbreviated" href="mailto:nginx@nginx.org">nginx@nginx.org</a>
<a class="moz-txt-link-freetext" href="http://nginx.org/mailman/listinfo/nginx">http://nginx.org/mailman/listinfo/nginx</a>
</pre>
</blockquote>
</body>
</html>