Dnia 2010-05-12, śro o godzinie 17:15 +0200, Michael Rennt pisze: > Hello! > > This might be a bit off-topic (but just a little bit), as my question is > related to the performance > of stunnel when used with haproxy. > > First of all: Is haproxy + stunnel the most common technique for terminating > ssl with haproxy? Is > there a solution that's more common or even uncommon but performing better on > a 99% ssl traffic > loadbalancer? > > We are currently terminating ssl via stunnel (4.27, ulimit -n 50000), handing > the decrypted traffic > over to haproxy 1.3.23 via 127.0.0.1. Haproxy is proxying the request to 2 > other systems. > > The loadbalancer is an Intel XeonDual Core E3110 with 4 GB RAM, so plenty of > ressources for a system > doing nothing else besides ssl termination / load balancing. > > We are experiencing a limit of about 100 requests per second on the ssl path. > Unencrypted direct > connections to haproxy perform much better, of course, so I'm pretty sure > haproxy is not a bottleneck. > > Basically I'm interessted in getting feedback on how other people implement > ssl termination on a > haproxy system and if you're reaching a request rate higher than 100 req/s? > This is why I didn't > supply any configuration settings in this mail. > > The stunnel config is very basic. We played around with the timeout values > and ulimit values a bit, > without any noticeable performance boost while the system was loaded. > > The system load "idles" at around 0.11 most of the time. > > Thanks in advance. > > Best, > > Michael >
IM not familiar with stunnel, can stunnel utilize more than one core ? If not u might try to use some light http server like lighttpd or nginx as ssl proxy. -- Mariusz Gronczewski (XANi) <xani...@gmail.com> GnuPG: 0xEA8ACE64 http://devrandom.pl
signature.asc
Description: To jest część wiadomości podpisana cyfrowo