Hacker News new | comments | show | ask | jobs | submit login

The article didn't mention TLS-session caching. Sometimes keep-alive alone is not enough. Enabling session caching helped us to reduce nginx server CPU load by about 90%.

Add this in nginx.conf "http" configuration:

  ssl_session_cache shared:SSL:10m;
  ssl_session_timeout  10m;
This makes nginx store TLS-sessions in a cache for 10 minutes and tell the clients about it. Although some clients can still use a shorter duration.

Yes, that will come in a future article :)

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact