Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Reverse Proxy SSL session reuse |
|
| Author |
|
Muggy
Joined: 23 May 2018
Posts: 1
Location: England
|
 Posted: Wed 23 May '18 18:30 Post subject: Reverse Proxy SSL session reuse |
 |
|
Hi everyone
I am trying to setup a reverse proxy to provide optimized SSL connectivity to our API. This is the setup:-
|Client in india|--internet 10ms rtt--|reverse proxy|---internet 240ms rtt--|datacentre (Atlanta)|
The requirements are the proxy must reuse the SSL connection for as long it is active.
The reason for this is we have customers in India who are experiencing prolonged reach response time due to each request waiting for the TCP session and SSL session to establish which in some cases can take up to 1 second.
We have already applied the following from a client perspective:-
Leverage long-running HTTP connection pools with HTTP “Connection: Keep-Alive”
Include “Accept-Encoding: gzip” to enable compression on response payloads
Set customer-side TCP receive buffers to at least 500K (TCP window scaling)
Do not use “Expect: 100-continue” in HTTP request headers
But the issue is I am unable to get the apache server to honour connection reuse.
Every time I send a request to the apache revere proxy it establishes a new SSL connection although the SSL connections stay up for some time the reverse proxy will not reuse them.
First Request
tcp 0 0 proxy.test:ssh 192.168.1.203:54410 ESTABLISHED
tcp 0 0 proxy.test:43156 apac.universal-ap:https ESTABLISHED
tcp 0 0 proxy.test:ssh 192.168.1.203:54415 ESTABLISHED
tcp 0 0 proxy.test:ssh 192.168.1.203:57770 ESTABLISHED
tcp6 0 0 proxy.test:https 192.168.1.203:61846 ESTABLISHED
Seconds later
tcp 0 0 proxy.test:ssh 192.168.1.203:54410 ESTABLISHED
tcp 0 0 proxy.test:43156 apac.universal-ap:https ESTABLISHED
tcp 0 0 proxy.test:ssh 192.168.1.203:54415 ESTABLISHED
tcp 0 0 proxy.test:ssh 192.168.1.203:57770 ESTABLISHED
Second Request
tcp 0 0 proxy.test:ssh 192.168.1.203:54410 ESTABLISHED
tcp 0 0 proxy.test:43158 apac.universal-ap:https ESTABLISHED
tcp 0 0 proxy.test:43156 apac.universal-ap:https ESTABLISHED
tcp 0 0 proxy.test:ssh 192.168.1.203:54415 ESTABLISHED
tcp 0 0 proxy.test:ssh 192.168.1.203:57770 ESTABLISHED
tcp6 0 0 proxy.test:https 192.168.1.203:61855 ESTABLISHED
Seconds Later
tcp 0 0 proxy.test:ssh 192.168.1.203:54410 ESTABLISHED
tcp 0 0 proxy.test:43158 apac.universal-ap:https ESTABLISHED
tcp 0 0 proxy.test:43156 apac.universal-ap:https ESTABLISHED
tcp 0 0 proxy.test:ssh 192.168.1.203:54415 ESTABLISHED
tcp 0 0 proxy.test:ssh 192.168.1.203:57770 ESTABLISHED
As you can see the SSL conections are staying active but not being reused.
I have added the following configuration:-
ssl.conf
<VirtualHost _default_:443>
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLCertificateFile /etc/pki/tls/certs/proxy.test.crt
SSLCertificateKeyFile /etc/pki/tls/private/proxy.test.key
ProxyPreserveHost On
ProxyPass / https://apac.universal-api.travelport.com/ keepalive=on
ProxyPassReverse / https://apac.universal-api.travelport.com/ keepalive=on
ProxyRequests off
</VirtualHost _default_:443>
httpd.cong
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 100
Thanks in advanced |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Tue 16 Oct '18 23:30 Post subject: |
|
|
| There is SSLSessionCache |
|
| Back to top |
|
|
|
|
|
|
