We have noticed significant performance degradation by using recent NGINX version 1.19.1 or higher.
The previous version that have used without any problem is 1.16.1 with openssl 1.1.1g.
To upgrade NGINX and OpenSSL by some security issues, we have tried many combinations of NGINX and OpenSSL.
And we have figured out that the border is between NGINX version 1.18.0 and 1.19.1.
We have read Changes in 1.19.1, but no important changed are found.
Does anyone have similar experiences?
The server provides functionalities which are used in usual web user logging system under round robin L4 device.
http {
include mime.types;
default_type application/octet-stream;
keepalive_timeout 0;
server_tokens off;
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
real_ip_recursive on;
client_body_in_single_buffer on;
client_body_in_file_only off;
client_body_buffer_size 5m;
client_max_body_size 5m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 1m;
server {
listen 80;
listen 443 default ssl;
server_name deleted.
...
}
}
NIC bps in/out
