Dynamic upstream configuration

Hi,

I have an nginx configured as a reverse proxy using proxy_pass.
This is a dynamic reverse proxy, it fetches content for users in
accordance
to the HOST header in the requests.
The problem I encountered is that the backends are normally SSL, and
every
request that goes has to re-handshake (since there is no keep-alive
between
nginx and the backend servers).
I know that I can configure keep-alive with upstream - but that requires
me
to know upfront which servers will be used (which I don’t, since I
dynamically fetch content according to headers).
Is there a way to configure that the proxy will keep-alive connections
with
backend servers dynamically, or for some time?

Thanks,
Roy.

Posted at Nginx Forum:

A shame that no one has a solution for this…
It’s a really big performance hit whenever backend servers are https and
nginx simply renegotiates SSL for each request.

Is there any plan to support this? Some sort of backend connection
pooling
with SSL?

Posted at Nginx Forum:

No it does not unless you don’t configure a shared SSL session cache.
http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_session_cache

I’m assuming that the upstream servers are Nginx also.
If not adapt to the appropriate server session cache setup.

----appa

Hi!

Unfortunately, I didn’t find a very good solution for this, but, in
nginx
1.4+ the issue with SSL backend keepalive was fixed - so if you have a
list
of all your possible servers, your configuration file will look
horrible,
but you can achieve this by having all the backend servers defined as
upstreams with different “server” clauses for each of the proxies.

Cheers,

  • Roy

Posted at Nginx Forum:

mamoos1 Wrote:

[snip…]

I know that I can configure keep-alive with upstream - but that
requires me to know upfront which servers will be used (which I don’t,
since I dynamically fetch content according to headers).
Is there a way to configure that the proxy will keep-alive connections
with backend servers dynamically, or for some time?

I’m facing a similar issue right now where I need to enable
persistent/keepalive connections to a dynamic set of upstreams. This is
not running SSL, but for various reasons upstream servers are slow at
establishing connections and persistent connections are a real
performance boost.

We dynamically find the upstream using lua scripting. What I’d like
is to dynamically define an upstream including keepalive (ideally in
lua).

Has anyone found a way to achieve this, or is it simple not possible at
the moment?

  • Karl

Posted at Nginx Forum: