Intel Ice Lake上构建nginx加速

选择的是阿里云ecs.g7,操作系统为anolis 8

安装asynch_mode_nginx

  1. 加入仓库文件

    vim  /etc/yum.repos.d/AnolisOS-ShangMi.repo
    # 文件内容
    [ShangMi]
    
    name=AnolisOS-8 - ShangMi
    #baseurl=https://mirrors.openanolis.cn/anolis/8.4/ShangMi/$basearch/os
    
    baseurl=http://mirrors.cloud.aliyuncs.com/anolis/8/ShangMi/$basearch/os
    
    enabled=1
    
    gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ANOLIS
    
    gpgcheck=1
  2. 安装

    yum --disablerepo=AppStream,epel --enablerepo=ShangMi install qatengine asynch_mode_nginx

密钥和证书的创建、压力测试

  1. 创建/etc/nginx/cert/密钥证书目录

    mkdir /etc/nginx/cert/
    cd /etc/nginx/cert/
  2. 分别创建RSA 2K和ECDSA P256的密钥和证书

    openssl req -x509 -sha256 -nodes -days 365 -newkey rsa:2048 -keyout server.key -out server.crt -subj "/C=CN/ST=Beijing/O=Example Inc./OU=Web Security/CN=example1.com"
    
    openssl req -x509 -sha256 -nodes -days 365 -newkey ec:<(openssl ecparam -name prime256v1) -keyout ecdsa.key -out ecdsa.crt -subj "/C=CN/ST=Beijing/L=Beijing/O=Example Inc./OU=Web Security/CN=example1.com"
  3. 参考配置文件 /etc/nginx/nginx.crypto-ni.conf 对比开关SSL加速(原来就是on)
    ssl_asynch  on; #off

  4. 通过配置文件按测试需要绑核,cpu#2和cpu#3是超线程,在同一个CPU core;

    worker_processes  2;(原来是1)

    worker_cpu_affinity  1100; # bind cpu2 cpu3 (HT) for nginx worker(原来是auto)

  5. 通过配置文件选择使用RSA或ECDSA key

    ssl_certificate      /etc/nginx/cert/server.crt;
    ssl_certificate_key  /etc/nginx/cert/server.key;
    # ssl_certificate      /etc/nginx/cert/ecdsa.crt;
    # ssl_certificate_key  /etc/nginx/cert/ecdsa.key;
  6. 启动nginx server;

    • 确认cipher suite配置是否符合预期 echo | openssl s_client -connect localhost:443
    • 使用wrk进行测试

      • 安装wrk
        # yum install wrk # 不可用
        yum install -y https://github.com/scutse/wrk-rpm/releases/download/4.1.0/wrk-4.1.0-1.el7.centos.x86_64.rpm
      • 测试
        taskset -c 1 wrk -t 1 -c 1000 -d 10s --latency -H 'Connection: close' https://localhost:443/0kb.bin
      • 结果

        Running 10s test @ https://localhost:443/0kb.bin
        1 threads and 1000 connections
        Thread Stats   Avg      Stdev     Max   +/- Stdev
        Latency    17.27ms   11.90ms  80.24ms   73.94%
        Req/Sec     4.69k   793.49     7.04k    71.28%
        Latency Distribution
         50%   14.21ms
         75%   22.77ms
         90%   33.52ms
         99%   56.17ms
        46515 requests in 10.03s, 13.44MB read
        Non-2xx or 3xx responses: 46515
        Requests/sec:   4637.43
        Transfer/sec:      1.34MB
        

参考

Ice Lake SSL/TLS加速实践

暂无评论

发送评论 编辑评论


				
|´・ω・)ノ
ヾ(≧∇≦*)ゝ
(☆ω☆)
(╯‵□′)╯︵┴─┴
 ̄﹃ ̄
(/ω\)
∠( ᐛ 」∠)_
(๑•̀ㅁ•́ฅ)
→_→
୧(๑•̀⌄•́๑)૭
٩(ˊᗜˋ*)و
(ノ°ο°)ノ
(´இ皿இ`)
⌇●﹏●⌇
(ฅ´ω`ฅ)
(╯°A°)╯︵○○○
φ( ̄∇ ̄o)
ヾ(´・ ・`。)ノ"
( ง ᵒ̌皿ᵒ̌)ง⁼³₌₃
(ó﹏ò。)
Σ(っ °Д °;)っ
( ,,´・ω・)ノ"(´っω・`。)
╮(╯▽╰)╭
o(*////▽////*)q
>﹏<
( ๑´•ω•) "(ㆆᴗㆆ)
😂
😀
😅
😊
🙂
🙃
😌
😍
😘
😜
😝
😏
😒
🙄
😳
😡
😔
😫
😱
😭
💩
👻
🙌
🖕
👍
👫
👬
👭
🌚
🌝
🙈
💊
😶
🙏
🍦
🍉
😣
Source: github.com/k4yt3x/flowerhd
颜文字
Emoji
小恐龙
花!
上一篇
下一篇