Recommendations on using nginx as SSL proxy for everything

Hello all,

Is there any recommendation on using Nginx as a SSL accelerator for
all 4 protocols ( http, smtp, imap/pop). Or if any one is doing this
already, can you share the experience on hardware / os configuration and
what kind of loading you are doing today.

Best regards,

  • Joe

Is there any recommendation on using Nginx as a SSL accelerator for
all 4 protocols ( http, smtp, imap/pop). Or if any one is doing this
already, can you share the experience on hardware / os configuration and
what kind of loading you are doing today.

We run it for http, imap & pop (not smtp). Partly due to legacy reasons,
we
run separate http and imap/pop instances but this still seems reasonable
to
allow starting/stopping of them separately.

We’re using linux and two oldish (>2 years, netburst xeon) machines as
frontends. We use DNS load balancing between them, and heartbeat to
takeover
an IP if one machine dies.

Performance is great. Machines also do a bunch of other things, and
generally only see 10-20% CPU usage. Each machine has about 7000 IMAP
SSL +
3500 regular IMAP connections alive but has no problem taking double
that
when one machine is taken down.

You might want to look into tuning these variables.

net.ipv4.tcp_keepalive_time
net.ipv4.netfilter.ip_conntrack_max
fs.file-max
net.core.rmem_max
net.core.wmem_max
net.ipv4.tcp_rmem
net.ipv4.tcp_wmem

Rob

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs