CODEWITHSUNDEEP
sslnginxhttpsreverse-proxy
Bhuvan
Bhuvan

Reputation: 4177

Slow nginx behavior when using as reverse proxy for https

Setup:

  1. Dummy SSL endpoint https://hookb.in/VGQ3wdGGzKSE22bwzRdP
  2. Install Nginx on localhost

Steps:

  1. Hit the hookb.in endpoint using browser for very first time and we get network activity like below. It took 865 ms enter image description here
    Fig 1

  2. Subsequent hit to hookb.in endpoint using browser take much less time as it is using the same tcp connection, below is the screen shot for ref. (All Good!!)
    enter image description here
    Fig 2

  3. setup the http-> https reverse proxy using below nginx config

worker_processes  1;
events {
    worker_connections  1024;
}
http {
keepalive_timeout 65;
    server {
        listen      80;
        server_name  localhost;     
        location /session {
            proxy_pass  https://hookb.in/VGQ3wdGGzKSE22bwzRdP;
            proxy_http_version 1.1;
            proxy_set_header Connection "keep-alive";
            proxy_ssl_session_reuse on;
            proxy_socket_keepalive on;  
        }
    }
}
  1. Now from browser hit http://127.0.0.1/session and nginx will work fine and proxy the content from https site.
    But nginx response time is always 200ms more than compared to accessing https site directly. Screen shot below for ref
    Why nignx is taking extra time , is it opening new ssl connection every time or is there something else?
    I understand with reverse proxy we are adding extra hop , but 200ms is big difference.
    How can i fix it ?
    enter image description here

Upvotes: 0

Views: 11074

Answers (1)

Maxim Dounin
Maxim Dounin

Reputation: 6765

The configuration you are using implies that nginx will open a new connection to upstream server for each proxied request. To configure nginx to keep upstream connections alive, please see the description of the "keepalive" directive here:

http://nginx.org/r/keepalive

Notably, make sure to configure an upstream block with the "keepalive" directive. Something like this at the http level should work, assuming no other changes in the configuration:

upstream hookb.in {
    server hookb.in:443;
    keepalive 2;
}

In the example above, nginx will keep up to two connections.

(This is mostly unchanged copy of my response in the nginx mailing list.)

Upvotes: 3

Related Questions