Risks of enabling nginx upstream keepalive

Question

Using nginx as HTTP reverse proxy for Apache with PHP backend (I need .htaccess flexibility for webmasters). Seeing http/1.0 used in Apache logs made me look up on how to enable keep-alive connection.

Upon my search I found this blog post from Nginx https://www.nginx.com/blog/avoiding-top-10-nginx-configuration-mistakes/#no-keepalives

By default, NGINX opens a new connection to an upstream (backend) server for every new incoming request. This is safe but inefficient,[...]

If default behavior is safe, what are the risks of enabling upstream keepalive ?

Answer 1

Default behaviour, creation of connection with upstream for each request is not safe for heavy load. Because of following reasons:

1. once a request come to nginx server from the same client itself also, it will create a new connection with upstream server, for which, it will use the new available local port.
2. Once it completes the request, the give connection on that local port will move from established to TIME_WAIT for 120 seconds, this means for 120 seconds, that local port cannot be reused for any new request
3. now the second request come from same client, it will repeat step 1.
4. in this way for heavy duty load,
   1. you may end up in using all available local ports on the nginx (65k)
   2. Creation & termination of connection on every request is very costly operation

So to avoid that, but best you can do is to Cache the connection, so that when request come, you may reuse the same connection with upstream server (on the same local port, as you did for last request)

Regards Vj

Answer 2

As i already stated,

KeepAlive is an optimization to cache connection, It is to support high throughput traffic, I donot see any risks for enabling it, infact it would have better results in any case.