Https

From Wikitech
Revision as of 00:37, 2 June 2011 by Ryan Lane (Talk | contribs)

Jump to: navigation, search

Documentation for setting up the https cluster

Performance settings

  • HTTP keepalive: 65 seconds, 100 requests
    • Lowering requests likely a good idea
  • SSL cache: shared, 50m (roughly 40,000 sessions); should use roughly 1.1GB RAM for all open sessions
  • SSL timeout: default (5 minutes)
  • Limit ssl_ciphers: RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA
    • Also a security setting
  • Using chained certificate
  • Disabled access log
  • Worker connections set to 32768
  • Worker processes set to number of cores
  • esams servers set to hit esams squids, then pmtpa squids if esams squids are down or failing
  • Max fails set to 2, to avoid pounding backends when they are flapping
  • Proxy buffering is disabled to avoid responses eating all memory
  • sh scheduler used to allow session reuse, and to ensure session cache is maximized

Security settings

  • Limit protocols: SSLv3 TLSv1
  • Limit ssl_ciphers
Retrieved from "http://wikitech-old.wikimedia.org/index.php?title=Https&oldid=34281"
Personal tools
Namespaces

Variants
Actions
Navigation
Ops documentation
Wiki
Toolbox