slow nginx behavior when using as reverse proxy for https

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

slow nginx behavior when using as reverse proxy for https

Bhuvan Gupta

Community,

Same as asked here also: https://stackoverflow.com/questions/63857630/slow-nginx-behavior-when-using-as-reverse-proxy-for-https

Setup:

  1. Dummy SSL endpoint https://hookb.in/VGQ3wdGGzKSE22bwzRdP
  2. Install Nginx on localhost

Steps:

  1. Hit the hookb.in endpoint using browser for very first time and we get network activity like below. It took 865 ms enter image description here
    Fig 1

  2. Subsequent hit to hookb.in endpoint using browser take much less time as it is using the same tcp connection, below is the screen shot for ref. (All Good!!)
    enter image description here
    Fig 2

  3. setup the http-> https reverse proxy using below nginx config

worker_processes  1;
events {
    worker_connections  1024;
}
http {
keepalive_timeout 65;
    server {
        listen      80;
        server_name  localhost;     
        location /session {
            proxy_pass  https://hookb.in/VGQ3wdGGzKSE22bwzRdP;
            proxy_http_version 1.1;
            proxy_set_header Connection "keep-alive";
            proxy_ssl_session_reuse on;
            proxy_socket_keepalive on;  
        }
    }
}

  1. Now from browser hit http://127.0.0.1/session and nginx will work fine and proxy the content from https site.
    But nginx response time is always 200ms more than compared to accessing https site directly. Screen shot below for ref
    Why nignx is taking extra time , is it opening new ssl connection every time or is there something else?
    I understand with reverse proxy we are adding extra hop , but 200ms is big difference.
    How can i fix it ?
    enter image description here
Any Help will be appricated!! Thank

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: slow nginx behavior when using as reverse proxy for https

Maxim Dounin
Hello!

On Sat, Sep 12, 2020 at 12:34:15PM +0530, Bhuvan Gupta wrote:

[...]

> http {
> keepalive_timeout 65;
>     server {
>         listen      80;
>         server_name  localhost;
>         location /session {
>             proxy_pass  https://hookb.in/VGQ3wdGGzKSE22bwzRdP;
>             proxy_http_version 1.1;
>             proxy_set_header Connection "keep-alive";
>             proxy_ssl_session_reuse on;
>             proxy_socket_keepalive on;
>         }
>     }
> }
>
>
>
>    1. Now from browser hit http://127.0.0.1/session and nginx will work
>    fine and proxy the content from https site.
>    But nginx response time is always 200ms more than compared to accessing
>    https site directly. Screen shot below for ref
>    *Why nignx is taking extra time , is it opening new ssl connection every
>    time or is there something else?*

The configuration you are using implies that nginx will open a new
connection to upstream server for each proxied request.  To
configure nginx to keep upstream connections alive, please see the
description of the "keepalive" directive here:

http://nginx.org/r/keepalive

Notably, make sure to configure an upstream block with the
"keepalive" directive.  Something like this at the http level
should work, assuming no other changes in the configuration:

    upstream hookb.in {
        server hookb.in:443;
        keepalive 2;
    }

In the example above, nginx will keep up to two connections.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx