Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSL Performance for swoole http server #3077

Closed
thbley opened this issue Jan 20, 2020 · 3 comments
Closed

SSL Performance for swoole http server #3077

thbley opened this issue Jan 20, 2020 · 3 comments
Labels
good question

Comments

@thbley
Copy link

thbley commented Jan 20, 2020
edited
Loading

Please answer these questions before submitting your issue. Thanks!

  1. What did you do? If possible, provide a simple script for reproducing the error.

Compared SSL performance between nginx and swoole.

  1. What did you expect to see?

similar or better performance for swoole

  1. What did you see instead?

with SSL, nginx performance is 3.5x faster than swoole http server (swoole 327 req/s vs. nginx 1193 req/s)
without SSL, nginx performance is 2x slower than swoole http server (swoole 11237 req/s vs. nginx 5589 req/s)

  1. What version of Swoole are you using (show your php --ri swoole)?

swoole 4.4.15 / OpenSSL 1.1.1d
nginx 1.16.1 (nginx:stable-alpine)
php 7.3.13
Docker version 19.03.5
kernel 5.4.7
cpu i5-8250U

  1. What is your machine environment used (including version of kernel & php & gcc) ?
FROM alpine:3.10
RUN echo "@testing http://dl-cdn.alpinelinux.org/alpine/edge/testing" >> /etc/apk/repositories \
    && apk --no-cache add php7 php7-curl php7-pdo_mysql php7-json php7-pecl-apcu php7-mbstring \
        php7-phar php7-dom php7-tokenizer php7-zip php7-xmlreader php7-simplexml php7-intl \
        php7-opcache php7-pecl-pcov@testing php7-pecl-swoole@testing curl openssl \
    && rm /etc/php7/conf.d/pcov.ini
COPY conf.d/php.ini /etc/php7/php.ini
ENTRYPOINT [ "php", "/var/www/swoole.php" ]

php.ini

opcache.enable_cli=1
opcache.memory_consumption = 128
opcache.interned_strings_buffer = 16
opcache.max_accelerated_files = 20000
opcache.max_wasted_percentage = 10
opcache.save_comments = 0
apc.enable_cli = On

Sample code for swoole http server:

<?php
error_reporting(E_ALL);
$http = new \Swoole\Http\Server("0.0.0.0", 8081 , SWOOLE_PROCESS, SWOOLE_SOCK_TCP | SWOOLE_SSL);
$http->set([
    'log_file' => '/dev/stdout',
    'log_level' => SWOOLE_LOG_INFO,
    'worker_num' => swoole_cpu_num() * 2,
    'ssl_cert_file' => __DIR__ . '/server.crt',
    'ssl_key_file' => __DIR__ . '/server.key',
]);
$http->on('start', function ($server) {
    echo sprintf('Swoole http server is started at %s:%s', $server->host, $server->port) . PHP_EOL;
    echo sprintf('Master PID %s, Manager PID %s', $server->master_pid, $server->manager_pid) . PHP_EOL;
});
$http->on('request', function ($request, $response) {
    $response->status(200);
    $response->header('Content-type', 'application/json');
    $response->end('[]');
});
$http->on('workerstart', function () use ($http) {
    echo 'starting worker ...' . $http->worker_pid . PHP_EOL;
});
$http->start();

ab -n 1000 -c 32 "https://127.0.0.1:8081/api/categories"
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests

Server Software:        swoole-http-server
Server Hostname:        127.0.0.1
Server Port:            8081
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES256-GCM-SHA384,2048,256

Document Path:          /api/categories
Document Length:        2 bytes

Concurrency Level:      32
Time taken for tests:   3.050 seconds
Complete requests:      1000
Failed requests:        0
Total transferred:      156000 bytes
HTML transferred:       2000 bytes
Requests per second:    327.90 [#/sec] (mean)
Time per request:       97.592 [ms] (mean)
Time per request:       3.050 [ms] (mean, across all concurrent requests)
Transfer rate:          49.95 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:       15   78  22.1     87     145
Processing:     2   17  23.9      3     102
Waiting:        0   15  22.2      3      88
Total:         81   95  15.3     91     194

Percentage of the requests served within a certain time (ms)
  50%     91
  66%     94
  75%     96
  80%     97
  90%    103
  95%    111
  98%    173
  99%    181
 100%    194 (longest request)

Sample code for nginx/php-fpm server:

<?php

http_response_code(200);
header('Content-Type: application/json');
echo '[]';



ab -n 1000 -c 32 "https://127.0.0.1/api/categories"
This is ApacheBench, Version 2.3 <$Revision: 1807734 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/

Benchmarking 127.0.0.1 (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests

Server Software:        nginx
Server Hostname:        127.0.0.1
Server Port:            443
SSL/TLS Protocol:       TLSv1.2,ECDHE-RSA-AES256-GCM-SHA384,2048,256

Document Path:          /api/categories
Document Length:        2 bytes

Concurrency Level:      32
Time taken for tests:   0.838 seconds
Complete requests:      1000
Failed requests:        0
Total transferred:      147000 bytes
HTML transferred:       2000 bytes
Requests per second:    1193.45 [#/sec] (mean)
Time per request:       26.813 [ms] (mean)
Time per request:       0.838 [ms] (mean, across all concurrent requests)
Transfer rate:          171.33 [Kbytes/sec] received

Connection Times (ms)
              min  mean[+/-sd] median   max
Connect:        2    8   8.4      6      53
Processing:     0   19   4.8     19      35
Waiting:        0   18   4.8     19      35
Total:          2   26   8.7     25      70

Percentage of the requests served within a certain time (ms)
  50%     25
  66%     27
  75%     28
  80%     29
  90%     33
  95%     37
  98%     64
  99%     67
 100%     70 (longest request)

nginx.conf

worker_processes 4;
worker_rlimit_nofile 30000;

events {
  worker_connections 1024;
}

http {
  sendfile on;
  tcp_nopush on;
  tcp_nodelay on;
  keepalive_timeout 65;
  types_hash_max_size 2048;
}

ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_ciphers ECDH+AESGCM:ECDH+CHACHA20:ECDH+AES256:ECDH+AES128:!aNULL:!SHA1;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
@kenashkov
Copy link

kenashkov commented Jan 29, 2020
edited
Loading

I observe 3-4 times drop in performance when SSL is enabled (using different code, not the example code given). Swoole 4.5.0-alpha (built from master) and PHP 7.4.1

@shenzhe
Copy link
Member

shenzhe commented Feb 19, 2020

Use nginx as Swoole's proxy

@matyhtf
Copy link
Member

matyhtf commented Mar 20, 2020

@thomasbley Try to set the ssl_ecdh_curve option to empty.

$http->set([
    'log_file' => '/dev/stdout',
    'log_level' => SWOOLE_LOG_INFO,
    'worker_num' => swoole_cpu_num() * 2,
    'ssl_cert_file' => __DIR__ . '/server.crt',
    'ssl_key_file' => __DIR__ . '/server.key',
    'ssl_ecdh_curve' => '',
]);

@matyhtf matyhtf closed this as completed Mar 20, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@shenzhe @thbley @kenashkov @matyhtf