Book Image

Nginx Essentials

By : Valery Kholodkov, Valery I Kholodkov
Book Image

Nginx Essentials

By: Valery Kholodkov, Valery I Kholodkov

Overview of this book

Related Content you might be interested in

Current Title:

Small book image
Nginx Essentials
Valery Kholodkov | Valery I Kholodkov
Jul, 2015 | 150 pages
No titles found
Table of Contents (13 chapters)
Nginx Essentials
Nginx Essentials
Credits
Credits
About the Author
About the Author
About the Reviewers
About the Reviewers
www.PacktPub.com
www.PacktPub.com
Preface
Preface
Free Chapter
1
Getting Started with Nginx
Getting Started with Nginx
Installing Nginx
Configuring Nginx
Summary
2
Managing Nginx
Managing Nginx
The Nginx connection processing architecture
Starting and stopping Nginx
Control signals and their usage
Distribution-specific startup scripts
Allocating worker processes
Setting up Nginx to serve static data
Installing SSL certificates
Managing temporary files
Communicating issues to developers
Summary
3
Proxying and Caching
Proxying and Caching
Nginx as a reverse proxy
Setting up Nginx as a reverse proxy
Caching
Summary
4
Rewrite Engine and Access Control
Rewrite Engine and Access Control
The basics of the rewrite engine
Access control
Summary
5
Managing Inbound and Outbound Traffic
Managing Inbound and Outbound Traffic
Managing inbound traffic
Managing outbound traffic
Summary
6
Performance Tuning
Performance Tuning
Optimizing static file retrieval
Enabling response compression
Optimizing buffer allocation
Enabling SSL session reuse
Worker processes allocation on multi-core systems
Summary
Index
Index

Enabling SSL session reuse

An SSL session is started by a handshake procedure that involves multiple round trips (see the following figure). The client and server have to exchange four messages with a latency of around 50 milliseconds each. In total, we have at least 200 milliseconds of overhead while establishing a secure connection. In addition to that, both the client and the server need to perform public-key cryptographic operations in order to share a common secret. These operations are computationally expensive.

Normal SSL handshake

The client can request an abbreviated handshake in effect (see the following figure), saving a full round-trip of 100 milliseconds and avoiding the most expensive part of the full SSL handshake:

Abbreviated handshake

The abbreviated handshake can be accomplished either through the session identifiers mechanism defined by RFC 5246, or through the session tickets mechanism detailed in RFC 5077.

To make abbreviated handshakes with session identifiers possible,...

Previous Section
End of Section 5
Next Section