Encoderer

Asked: 2018-01-30 17:23:25 +0800 CST2018-01-30 17:23:25 +0800 CST 2018-01-30 17:23:25 +0800 CST

Optimizing nginx with SSL for bot traffic without sessions

The service I run, cronitor.io, has a telemetry collection API that sees bursts of traffic around 1000rps. (overall baseline is much lower, call it 100rps)

Most of our requests come from things like curl and the most popular HTTP libraries in each language (Requests, Guzzle, etc). These clients do not maintain an SSL session the way a browser would. This results in a lot of SSL handshakes for comparatively small http requests.

I would love any tips on optimizing nginx for this use case. We upstream requests to uwsgi. Relevant portion from current nginx.conf:

worker_processes auto;

events {
    worker_connections 1024;
}

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
client_max_body_size 20M;
gzip on;

This was essentially cloned from our app servers. I've done some research and I have some ideas on things to try (disabling server tokens, for example) but I would love any advice.

Optimizing nginx with SSL for bot traffic without sessions

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Optimizing nginx with SSL for bot traffic without sessions

0 Answers