varnish with ssl

[Ken Brownfield]

On Apr 7, 2010, at 5:20 PM, Michael Fischer wrote:
>> The single-process model as regards scalability is a red herring.
> 
> It matters a lot with SSL.  The handshaking process is very
> CPU-intensive.  You really want something that's SMP-scalable.

Run one single-process model process for each core in your machine.  You also get the rather academic bonus of less context-switching and less cache thrash (assuming a decent scheduler and affinity).  This is also how you would leverage multiple machines.

Persistent load balancing involves slightly more human setup than a single process on a single machine that handles the multi-(process|thread)ing itself, but I think discussing the finer points of performance and architecture are dubious if one's entire site runs on a single machine. :-)

I am not a proponent of the single-process model, nor any other particular model for that matter -- they can all be made to work and scale, and deciding between them depends on circumstances beyond their scope.  But I do know that if I was a proponent of any single one, it would be because I had too much time on my hands. :-P
-- 
kb

> --Michael