Hi,

I am running 4 mongrels behind nginx with two servers blocks (one ssl enabled). I have a public facing app that 20-30 users go through each day (non ssl) and administrative SSL controllers in the app that people at my office use. I am noticing that by the end of day after a lot of use of the SSL version of the app, that some requests are hanging for certain people in the office (Mac OSX and Windows Firefox 2.0.0.5-10). It very rarely hangs on my machine (Linux), but it happens every now and then. I don't think the mongrels are dying because usually when these people encounter the hangs we can go to other computers (Linux Windows OSX) in the office and hammer on the SSL portion of site with no problems. Also, the non SSL version of the site never has any hanging AFAIK.

My server settings look like this (which is mainly Ezra's Default conf for mongrels):

server { server_name www.mydomain.com; listen 443;

ssl on; ssl_certificate /var/keys/www.mydomain.com.pem; ssl_certificate_key /var/keys/www.mydomain.com.np.pem;

client_max_body_size 50M;

# doc root root /var/www/www.mydomain.com/current/public;

# vhost specific access log access_log /var/log/nginx/ssl.www.mydomain.com.access.log main;

# this rewrites all the requests to the maintenance.html # page if it exists in the doc root. This is for capistrano's # disable web task if (-f $document_root/system/maintenance.html) { rewrite ^(.*)$ /system/maintenance.html last; break; }

location / { # needed to forward user's IP address to rails proxy_set_header X-Real-IP $remote_addr;

# needed for HTTPS proxy_set_header X-FORWARDED_PROTO https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_max_temp_file_size 0; proxy_redirect false;# If the file exists as a static file serve it directly without # running all the other rewite tests on it if (-f $request_filename) { break; }

# check for index.html for directory index # if its there on the filesystem then rewite # the url to add /index.html to the end of it # and then break to send it to the next config rules. if (-f $request_filename/index.html) { rewrite (.*) $1/index.html break; }

# this is the meat of the rails page caching config # it adds .html to the end of the url and then checks # the filesystem for that file. If it exists, then we # rewite the url to have explicit .html on the end # and then send it on its way to the next config rule. # if there is no file on the fs then it sets all the # necessary headers and proxies to our upstream mongrels if (-f $request_filename.html) { rewrite (.*) $1.html break; }

if (!-f $request_filename) { proxy_pass http://mongrel; break; } }

error_page 500 502 503 504 /500.html; error_page 413 /413.html; location = /500.html { root /var/www/www.mydomain.com/current/public; } }

One thing I did happen to notice as well, is if I do performance testing on SSL with httperf, at first it is decently fast, but on many sequential runs it consistently degrades until httperf can barely do any requests. However, even while I do an httperf I can use the SSL version of the site with different computers. It just hangs on some, usually towards the end of the day.

Any ideas?

Thanks, Curtis