I have a scenario where a number of servers are running an nginx instance. For what it's worth, these are mostly just proxied requests. These hosts all sit behind a hardware load balancer and it's not necessarily possible (or desirable, for various reasons) to enable stickiness.
Despite this, we currently still respect keep-alive in order to cut down on SSL handshakes; but I think this only works if a client happens to be routed to the same host after initial handshake.
As a result of this, we end up with many thousands of idle connections which sit open on each of our hosts; at some point, our hardware router gets fed up with it and starts sending RST packets to clients. (If it didn't, we'd hit an open connection limit in nginx, I suspect, so there's still a problem beyond that hardware router).
My question is (or rather, my questions are):
- Can I have nginx treat each request as a simple transaction and not respect keep-alive? Is that reasonable? I know some past services I've worked on have done basically this, but is there any potential downside for clients that expect their Keep-Alive header to be respected? Obviously this could result in more SSL/TLS negotiation, but that's okay in my case.
- Are there best practices around gracefully terminating idle client connections in nginx?
- Would it be reasonable to just allow these idle connections to pile up on the host? To what extent? Tens of thousands of idle connections?
