使用nginx作为代理时性能不佳

时间:2015-10-29 04:18:06

标签: performance tomcat amazon-web-services nginx tomcat7

我们后端的当前设置使用Route53将请求路由到在ec2实例上运行的tomcat服务器。

我正在尝试将nginx设置为负载均衡器(代理)以将请求路由到我们的tomcat服务器。

以下是实例类型

  1. Tomcat服务器实例类型= m3.2xlarge
  2. nginx服务器实例类型 = c3.large

    3. 当我运行带有100个并发连接的ab(apache基准测试)而没有保持活动时,我看到单个tomcat实例的性能优于nginx服务器前面的2个tomcat服务器。我现在想知道我的nginx配置是否有问题。我检查了nginx实例上的error.log文件,没有错误。此外,运行基准测试工具时,nginx实例上的CPU不会超过30%。这是我的nginx配置,

    user nginx;
pid /run/nginx.pid;
worker_processes auto;

worker_rlimit_nofile    32768;

events {
    worker_connections 8192;
    multi_accept on;
    use epoll;
}

http {

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;


    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    upstream backend {
        server x.x.x.x:443;
        server x.x.x.x:443;
        keepalive 1024;
    }

    server {
            listen 443;
            server_name localhost;
            ssl on;
            ssl_certificate /etc/nginx/certs/ssl-bundle_2015_2018.crt;
            ssl_certificate_key /etc/nginx/certs/chewie.key;
            ssl_dhparam /etc/nginx/certs/dhparam.pem;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_session_cache    shared:SSL:10m;
            ssl_prefer_server_ciphers on;
            ssl_session_timeout  10m;
            ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";

            location / {
                    proxy_pass https://backend;
                    proxy_cache_bypass true;
                    proxy_no_cache true;
                    proxy_set_header        X-Real-IP       $remote_addr;
                    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }
    }


    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;


    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
     gzip_comp_level 6;
     gzip_buffers 16 8k;
     gzip_http_version 1.1;
     gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

    以下是没有nginx的apache基准测试结果。 

    Concurrency Level:      100
Time taken for tests:   8.393 seconds
Complete requests:      800
Failed requests:        0
Total transferred:      368000 bytes
HTML transferred:       16800 bytes
Requests per second:    95.32 [#/sec] (mean)
Time per request:       1049.083 [ms] (mean)
Time per request:       10.491 [ms] (mean, across all concurrent requests)
Transfer rate:          42.82 [Kbytes/sec] received

    这些是nginx在2个tomcat服务器前面的结果:

    Concurrency Level:      100
Time taken for tests:   23.494 seconds
Complete requests:      800
Failed requests:        0
Total transferred:      381600 bytes
HTML transferred:       16800 bytes
Requests per second:    34.05 [#/sec] (mean)
Time per request:       2936.768 [ms] (mean)
Time per request:       29.368 [ms] (mean, across all concurrent requests)
Transfer rate:          15.86 [Kbytes/sec] received

    对我应该优化的地方的任何想法都表示赞赏!

1 个答案:

答案 0 :(得分:0)

以下是为提高绩效而采取的一些措施,

  • 将nginx和上游服务器之间的流量转换为http 表格https
  • 为你的nginx使用正确的ssl密码。一定要跑 ssl测试以确保使用的密码是安全的(www.ssllabs.com)
  • 增加nginx服务器以及tomcat的文件描述符限制 实例到了很高的数字。

随着我发现更多内容,我会不断更新。

相关问题
最新问题