Hello all, Is there any recommendation on using Nginx as a SSL accelerator for all 4 protocols ( http, smtp, imap/pop). Or if any one is doing this already, can you share the experience on hardware / os configuration and what kind of loading you are doing today. Best regards, - Joe
on 04.09.2008 07:53
on 04.09.2008 14:11
> Is there any recommendation on using Nginx as a SSL accelerator for > all 4 protocols ( http, smtp, imap/pop). Or if any one is doing this > already, can you share the experience on hardware / os configuration and > what kind of loading you are doing today. We run it for http, imap & pop (not smtp). Partly due to legacy reasons, we run separate http and imap/pop instances but this still seems reasonable to allow starting/stopping of them separately. We're using linux and two oldish (>2 years, netburst xeon) machines as frontends. We use DNS load balancing between them, and heartbeat to takeover an IP if one machine dies. Performance is great. Machines also do a bunch of other things, and generally only see 10-20% CPU usage. Each machine has about 7000 IMAP SSL + 3500 regular IMAP connections alive but has no problem taking double that when one machine is taken down. You might want to look into tuning these variables. net.ipv4.tcp_keepalive_time net.ipv4.netfilter.ip_conntrack_max fs.file-max net.core.rmem_max net.core.wmem_max net.ipv4.tcp_rmem net.ipv4.tcp_wmem Rob