Using NGINX-1.21.6 as TLS test-server with remote Apache-Benchmark(AB)
test-client
Both Server and Client are on Ubuntu20.04
For >6 workers on NGINX and >16 concurrent sessions AB sessions (ab -n400
-c32 https://)
a couple of test-sessions are not closed and AB reports timeout for them.
TCPDUMP analizys discover the a TLS-Record is lost == Not Sent by NGINX (or
NET-stack) towatd OpenSSL and out to NET-dev.
Anybody have seen same/similar?
Thanks
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295740,295740#msg-295740
Hi,
hope you're doing well.
On Mon, Nov 14, 2022 at 07:53:13AM -0500, ymarkman wrote:
> Using NGINX-1.21.6 as TLS test-server with remote Apache-Benchmark(AB)
> test-client
> Both Server and Client are on Ubuntu20.04
I'd recommend to use recent stable version 1.22.1 or, in case it's preffered
to use mainline - 1.23.2. The packages are availble on site,
https://nginx.org/en/linux_packages.html#Ubuntu
> For >6 workers on NGINX and >16 concurrent sessions AB sessions (ab -n400
> -c32 https://)
> a couple of test-sessions are not closed and AB reports timeout for them.
> TCPDUMP analizys discover the a TLS-Record is lost == Not Sent by NGINX (or
> NET-stack) towatd OpenSSL and out to NET-dev.
Have you had a chance to observe the nginx's error log file?
Is there any other places of interest in /var/log?
Thank you.
--
Sergey A. Osokin
Regarding problem TLS-session-close itself -- There is No any errors nor in
error-log nor in access-log.
I'm going to try the 1.22....
"Our" NGINX-1.21 has been build from sources with OpenSSL-3.0 -- because we
need KTLS introduced in OpenSSL-3.0.
Q: Does the 1.22 already built with OpenSSL-3.0 -- e.g. "ready for
apt-install"
or I need to take sources and rebuild like previously?
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295740,295746#msg-295746
I moved onto v1.21.1
But result is the same -- for many workers not all parallel/concurrent AB
sessions are closed.
Any idea or hint?
Thanks
Yan
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295740,295769#msg-295769
On Mon, Nov 14, 2022 at 10:35:37AM -0500, ymarkman wrote:
> Regarding problem TLS-session-close itself -- There is No any errors nor in
> error-log nor in access-log.
You should enable logging otherwise there's no clear observation of
an potential issue with nginx.
> I'm going to try the 1.22....
> "Our" NGINX-1.21 has been build from sources with OpenSSL-3.0 -- because we
> need KTLS introduced in OpenSSL-3.0.
Have you or your team built your own package?
> Q: Does the 1.22 already built with OpenSSL-3.0 -- e.g. "ready for
> apt-install"
> or I need to take sources and rebuild like previously?
That depends on an operating system and its version.
--
Sergey A. Osokin
I built nginx-1.22.1 myself with the same OpenSSL-3.0.2 which was on
previous nginx-1.21.24
Both variants work same-same
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,295740,295771#msg-295771