用作 https 的反向代理时,nginx 行为缓慢
[英]Slow nginx behavior when using as reverse proxy for https
问题描述
Setup:
设置:
- Dummy SSL endpoint https://hookb.in/VGQ3wdGGzKSE22bwzRdP虚拟 SSL 端点https://hookb.in/VGQ3wdGGzKSE22bwzRdP
- Install Nginx on localhost在本地主机上安装 Nginx
Steps:脚步:
Hit the
hookb.inendpoint using browser for very first time and we get network activity like below.第一次使用浏览器点击hookb.in端点,我们得到如下网络活动。 It took 865 ms耗时 865 毫秒
Fig 1图。1Subsequent hit to
hookb.inendpoint using browser take much less time as it is using the same tcp connection, below is the screen shot for ref.随后使用浏览器访问hookb.in端点花费的时间要少得多,因为它使用相同的 tcp 连接,下面是参考的屏幕截图。 (All Good!!)(都好!!)
Fig 2图2setup the http-> https reverse proxy using below nginx config
使用下面的 nginx 配置设置 http-> https 反向代理
worker_processes 1;
events {
worker_connections 1024;
}
http {
keepalive_timeout 65;
server {
listen 80;
server_name localhost;
location /session {
proxy_pass https://hookb.in/VGQ3wdGGzKSE22bwzRdP;
proxy_http_version 1.1;
proxy_set_header Connection "keep-alive";
proxy_ssl_session_reuse on;
proxy_socket_keepalive on;
}
}
}
- Now from browser hit
http://127.0.0.1/sessionand nginx will work fine and proxy the content from https site.现在从浏览器点击http://127.0.0.1/session和 nginx 将正常工作并代理来自 https 站点的内容。
But nginx response time is always 200ms more than compared to accessing https site directly.但是nginx响应时间总是比直接访问https站点多200ms。 Screen shot below for ref下面的屏幕截图供参考
Why nignx is taking extra time , is it opening new ssl connection every time or is there something else?为什么 nignx 需要额外的时间,是每次都打开新的 ssl 连接还是有别的什么?
I understand with reverse proxy we are adding extra hop , but 200ms is big difference.我知道使用反向代理我们正在添加额外的 hop ,但 200 毫秒是很大的不同。
How can i fix it ?我该如何解决?
1 个解决方案
解决方案1
2 已采纳 2020-09-13 22:47:33
The configuration you are using implies that nginx will open a new connection to upstream server for each proxied request.您使用的配置意味着 nginx 将为每个代理请求打开一个到上游服务器的新连接。 To configure nginx to keep upstream connections alive, please see the description of the "keepalive" directive here:要配置 nginx 以保持上游连接处于活动状态,请在此处查看“keepalive”指令的描述:
http://nginx.org/r/keepalive http://nginx.org/r/keepalive
Notably, make sure to configure an upstream block with the "keepalive" directive.值得注意的是,请确保使用“keepalive”指令配置上游块。 Something like this at the http level should work, assuming no other changes in the configuration:假设配置中没有其他更改,http 级别的类似内容应该可以工作:
upstream hookb.in {
server hookb.in:443;
keepalive 2;
}
In the example above, nginx will keep up to two connections.在上面的例子中,nginx 将保持最多两个连接。
(This is mostly unchanged copy of my response in the nginx mailing list.) (这基本上是我在 nginx 邮件列表中回复的未更改副本。)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.