Hello all,
I have nginx to reverse proxy SSL site to end users. (And yes, I
need SSL on the back-end as well as on the front-end.)
The problem is - it is too slow (~200ms overhead per each request).
I found this comment from Dave C.:
The the dog slowness you are seeing is probably nginx renegitiation SSL on
every backend request. At the moment nginx will issue a connection close
after each request.
So my question is whether it’s still true for the nginx-0.7.34 ?
(assuming that client to nginx keeps single connection alive for all
requests)
In the log file I can see several entries like:
2009/02/13 02:35:33 [debug] 26638#0: *1 SSL handshake handler: 0
2009/02/13 02:35:33 [debug] 26638#0: *1 SSL_do_handshake: 1
2009/02/13 02:35:33 [debug] 26638#0: *1 SSL: TLSv1, cipher: “RC4-MD5
SSLv3 Kx=RS
A Au=RSA Enc=RC4(128) Mac=MD5”
2009/02/13 02:35:33 [debug] 26638#0: *1 save session: 08975D40:2
2009/02/13 02:35:33 [debug] 26638#0: *1 http upstream send request
Does it actually mean the SSL connection initialization to backend?
Turning on google_perftools_profiles gave me the following list but
I’m not sure how to interpret the results and whether is shows the
full picture:
pprof --text /usr/local/nginx/sbin/nginx profile.24433
Total: 51 samples
11 21.6% 21.6% 11 21.6% _x86_AES_encrypt
5 9.8% 31.4% 5 9.8% sha1_block_asm_data_order
4 7.8% 39.2% 4 7.8% AES_cbc_encrypt
4 7.8% 47.1% 4 7.8% memcpy
4 7.8% 54.9% 4 7.8% __epoll_wait_nocancel
3 5.9% 60.8% 3 5.9% md5_block_asm_host_order
3 5.9% 66.7% 3 5.9% __read_nocancel
2 3.9% 70.6% 2 3.9% RC4
2 3.9% 74.5% 2 3.9% __write_nocancel
1 2.0% 76.5% 1 2.0% bn_sub_part_words
1 2.0% 78.4% 1 2.0% __gettimeofday_internal
1 2.0% 80.4% 25 49.0% ngx_worker_process_cycle
1 2.0% 82.4% 1 2.0% CRYPTO_lock
1 2.0% 84.3% 4 7.8% ngx_ssl_send_chain
1 2.0% 86.3% 1 2.0% lh_doall_arg
1 2.0% 88.2% 1 2.0% OPENSSL_cleanse
1 2.0% 90.2% 1 2.0% ERR_clear_error
1 2.0% 92.2% 1 2.0% tls1_mac
1 2.0% 94.1% 1 2.0% BN_from_montgomery
1 2.0% 96.1% 1 2.0% ngx_palloc
1 2.0% 98.0% 6 11.8% ngx_http_write_filter
1 2.0% 100.0% 1 2.0% RC4_set_key
0 0.0% 100.0% 1 2.0% DH_OpenSSL
0 0.0% 100.0% 6 11.8% ngx_http_postpone_filter
0 0.0% 100.0% 1 2.0% ERR_add_error_data
0 0.0% 100.0% 2 3.9%
ngx_http_upstream_finalize_request
0 0.0% 100.0% 3 5.9% ssl3_write
0 0.0% 100.0% 12 23.5%
ngx_http_upstream_process_upstream
0 0.0% 100.0% 10 19.6% ngx_event_pipe