DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=43238>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=43238 Summary: No KeepAlive for Reverse proxy to HTTPS - very poor performance Product: Apache httpd-2 Version: 2.2.4 Platform: All OS/Version: All Status: NEW Severity: major Priority: P2 Component: mod_proxy AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] I'm using Apache as a reverse proxy. The request contain important information that can not be passed in clear text between machines. I tried to use the connect to the backend server using https. <virtualHost _default:443> SSLProxyEngine on ProxyPass /proxy-s/ https://realserver/app/ max=5 </virtual> We benchmarked the performance, and found noticable slowness on the proxy-s path, compared with accessing the "realserver" app over HTTPS. The delay is ~0.1 seconds/request. It turned out that regardless of any setting, Apache does not use KeepAlive connections to connect to https backends. Each request require an HTTPS connection setup. When using HTTP to connect to the real server, the cost of running the requests through the proxy was < 0.01 second/request, and significantly less with Keep-Alive & connection pooling. For my application, direct https connection (with Keep-Alive) takes ~1.5 seconds/per 100 requests (including ~0.1 seconds for the inital SSL setup). The 10 seconds delay (0.1*100) prevent high-load applications from using Apache, if the proxied connection must be secured. The code in mod_proxy_http.c (2.2.4) states: /* * TODO: Currently we cannot handle persistent SSL backend connections, * because we recreate backend->connection for each request and thus * try to initialize an already existing SSL connection. This does * not work. */ if (is_ssl) backend->close_on_recycle = 1; IS IT POSSIBLE TO REMOVE THIS LIMIT ? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
