Https

Revision as of 00:37, 2 June 2011

Documentation for setting up the https cluster

HTTP keepalive: 65 seconds, 100 requests
- Lowering requests likely a good idea
SSL cache: shared, 50m (roughly 40,000 sessions); should use roughly 1.1GB RAM for all open sessions
SSL timeout: default (5 minutes)
Limit ssl_ciphers: RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
- Also a security setting
Using chained certificate
Disabled access log
Worker connections set to 32768
Worker processes set to number of cores
esams servers set to hit esams squids, then pmtpa squids if esams squids are down or failing
Max fails set to 2, to avoid pounding backends when they are flapping
Proxy buffering is disabled to avoid responses eating all memory
sh scheduler used to allow session reuse, and to ensure session cache is maximized

@@ Line 3: / Line 3: @@
 == Performance settings ==
-* HTTP keepalive: default (75 seconds, 100 requests)
+* HTTP keepalive: 65 seconds, 100 requests
 ** Lowering requests likely a good idea
-* SSL cache: shared, 100m (roughly 40,000 sessions); should use roughly 500MB RAM for all open sessions
+* SSL cache: shared, 50m (roughly 40,000 sessions); should use roughly 1.1GB RAM for all open sessions
 * SSL timeout: default (5 minutes)
+* Limit ssl_ciphers: RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
+** Also a security setting
+* Using chained certificate
+* Disabled access log
+* Worker connections set to 32768
+* Worker processes set to number of cores
+* esams servers set to hit esams squids, then pmtpa squids if esams squids are down or failing
+* Max fails set to 2, to avoid pounding backends when they are flapping
+* Proxy buffering is disabled to avoid responses eating all memory
+* sh scheduler used to allow session reuse, and to ensure session cache is maximized
+== Security settings ==
+* Limit protocols: SSLv3 TLSv1
+* Limit ssl_ciphers