Multiple SSL enabled hosts causes nginx to reload slowly - runesoerensen - ru.sysoev.nginx

4 messages in ru.sysoev.nginxMultiple SSL enabled hosts causes ngi...

From	Sent On	Attachments
runesoerensen	May 18, 2011 5:39 pm
Maxim Dounin	May 19, 2011 3:42 am
runesoerensen	Jul 26, 2011 7:48 pm
Maxim Dounin	Jul 27, 2011 12:25 am

Subject:	Multiple SSL enabled hosts causes nginx to reload slowly
From:	runesoerensen (ngin...@nginx.us)
Date:	May 18, 2011 5:39:40 pm
List:	ru.sysoev.nginx

Hi,

I've set up a ssl_certificate and ssl_certificate_key directives on the http level of my nginx configuration. The problem I'm facing is that starting/reloading nginx is getting slower and slower as more hosts (server directives) are added. The server has roughly 1000 SSL-enabled hosts that inherits the ssl certificate directives.

I know nginx verifies the certificate when loading it, so I'm wondering if nginx checks the certificate each time an SSL enabled host inherits the shared certificate? If so, shouldn't it only check the certificate once? According to http://nginx.org/en/docs/http/configuring_https_servers.html it should cause all hosts to inherit a single memory footprint, but this doesn't seem to be the case.

If this is a bug in nginx it may be an idea to completely disable certificate verification if possible?

Any advice is highly appreciated.

Best, Rune

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,199166,199166#msg-199166

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets