Hi,
We've shifted our static content to SSL recently and found that mp4
streaming is drastically slow over SSL ( around 90KBps on 4Mbps connection)
and if we test the same video over HTTP it gives us full 400+KBps speed.
Here is the SSL config :
server {
listen 443 spdy;
ssl on;
server_name cw004.domain.net www.cw004.domain.net;
ssl_certificate /etc/ssl/certs/domain/domain-combined.crt;
ssl_certificate_key /etc/ssl/certs/domain/domain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-A$
location / {
root /videos;
index index.html index.htm index.php;
}
location ~ \.(flv)$ {
flv;
root /videos;
expires 7d;
include hotlink.inc;
}
include thumbs.inc;
#location ~ \.(jpg)$ {
# root /videos;
# try_files $uri /files/thumbs/no_thumb.jpg;
# }
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 1y;
log_not_found off;
}
You have new mail in /var/mail/root
[root@cw004 /usr/local/etc/nginx/vhosts]# ^C
[root@cw004 /usr/local/etc/nginx/vhosts]# cat virtual-ssl.conf
server {
listen 443 spdy;
ssl on;
server_name cw004.domain.net www.cw004.domain.net;
ssl_certificate /etc/ssl/certs/domain/domain-combined.crt;
ssl_certificate_key /etc/ssl/certs/domain/domain.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers
'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';
ssl_prefer_server_ciphers on;
location / {
root /videos;
index index.html index.htm index.php;
}
location ~ \.(flv)$ {
flv;
root /videos;
expires 7d;
include hotlink.inc;
}
include thumbs.inc;
#location ~ \.(jpg)$ {
# root /videos;
# try_files $uri /files/thumbs/no_thumb.jpg;
# }
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires 1y;
log_not_found off;
}
location ~ \.(mp4)$ {
mp4;
mp4_buffer_size 4M;
mp4_max_buffer_size 10M;
expires 1y;
add_header Cache-Control "public";
root /videos;
include hotlink.inc;
}
# pass the PHP scripts to FastCGI server listening on
unix:/var/run/www.socket
location ~ \.php$ {
root /videos;
fastcgi_pass unix:/var/run/www.socket;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
-------------------------
Is there optimization being missed for SSL ?
Thanks.
Shahzaib
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
