I've been struggling recently with try to identify where the performance on our environment is bottlenecking.
Environment (each server is Linux VM, 8 Cores, 32 GB RAM):
Load Balance: 50
Web Servers (rsync): 51, 52, 54
DB (MySQL 5.6 master master): 56, 58
I set up a load-balanced environment with HAProxy for load balancing and Nginx for SSL termination on ...50. HAProxy listens on port 80 and directs traffic to ...51, 52, or 54. It also listens on port 3306 and directs traffic between .._.56, and 58 for database load balancing. Nginx listens on port 443 and handles the SSL handshake while forwarding the actual traffic to port 80 on the same machine, where it is handled by HAProxy.
That setup handles non-SSL connections at ~1000/sec, but SSL connections are handled at ~300/sec.
I recently altered the environment by upgrading our version of HAProxy to one that could handle SSL termination. HAProxy now listens on port 80 and port 443, handling the SSL handshake in the case of the latter, and forwarding the traffic to the webservers: 51, 52, and 54. The performance stayed roughly the same, but the configuration was much simpler.
I've watched top on the load balancer, and there doesn't appear to be hardly any load on the server in either case; port 80 or 443 traffic. The web servers get hammered during my port 80 tests, as expected, but they show very little load during my 443 tests.
Is there anything that you are aware of that can be done to increase the response time of our SSL connections?
Any and all tips or suggestions are welcome, I'd like to get as much performance as I can.
Thanks All!
Best Answer
Put faster SSL ciphers on top of the list (of course those that match your security requirements)
Example for haproxy
My settings on an nginx instance are the following
You can test the speed of the SSL ciphers available on your balancer, for example with