Nginx use ssl slow than ELB

Sadaf_N · December 8, 2015, 3:04pm

Hi,

I want to use nginx as LB to replace aws ELB, but found that it is much
slower, it affected web users, sometime user will encounter access web
time
out.

this is my configuration, please help to check if something is wrong. I
use
ssl.

user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;

error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;

events {
use epoll;
worker_connections 65535;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format  main  '$remote_addr - $remote_user [$time_local]

“$request”
’
'$status $body_bytes_sent “$http_referer” ’
‘“$http_user_agent” “$http_x_forwarded_for”’;

access_log  /var/log/nginx/access.log  main buffer=1m flush=5s;

sendfile        on;
keepalive_timeout  60;
client_max_body_size 0;

server {
listen 8080;
root /usr/share/nginx/html;


location = /nginx_status {
    stub_status on;
    access_log off;
}

location = /status.html {
}
}

include /etc/nginx/test.d/test.conf;

}

test.conf:
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
upstream backend {

    server x.x.x.x;
    server x.x.x.x;
    check interval=30000 rise=3 fall=5 timeout=5000 type=http;
    check_http_send "HEAD /healthcheck HTTP/1.0\r\n\r\n";

}

server {
listen 80;
listen 443 ssl;

 location / {
    proxy_pass http://backend;

}
keepalive_timeout   60;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffers 128 16k;
client_body_buffer_size 2048k;
underscores_in_headers on;
ssl_certificate     ssl/chained.crt;
ssl_certificate_key ssl/key.key;
ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers

‘ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!DH:!EDH’;
#ssl_ciphers HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
ssl_prefer_server_ciphers on;
}

Posted at Nginx Forum: