Does anyone have experience with rate limiting on Nginx HTTPS server listening on port 443? As per my testing, rate limiting seems to work well with Nginx listening on port 80 but I don't get expected results with HTTPS.
The details of my testing:
For testing, I have configured Nginx as a reverse proxy to my backend server. Nginx is configured as HTTPS server listening on 443. We have a proprietary tool which feeds configured number of HTTPS requests (one request per connection) to Nginx and generates a report at the end of test. Report lists how many requests returned status 200 and how many 503.
Observation 1: As per my observations for HTTPS case , more requests get processed with return status as 200 than expected if input request rate to Nginx is much higher than the rate limit configured. For example, I tested the following configuration in Nginx for rate limiting:
limit_req_zone $host zone=perhost:1m rate=100r/s;
limit_req zone=perhost burst=100 nodelay;
Test1: With input as 250 req/sec and rate limit configured at 100r/s, rate limiting works as expected since on an average ~100 requests return with 200 status every second
Test2: With input as 500 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on an average ~150 requests return with 200 status every second
Test3: With input as 600 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on an average ~200 requests return with 200 status every second
Test4: With input as 800 req/sec and rate limit configured at 100r/s, rate limiting does not work as expected since on an average ~350 requests return with 200 status every second
Observation 2: On the other hand, if Nginx is configured as HTTP server listening on 80, rate limiting feature seems to be working fine for the same tests.
I am not sure what happens differently for HTTPS based testing. One observation I have made is that with HTTP, requests get processed very quickly whereas for HTTPS complete transaction takes relatively longer. Also, at low input rate of HTTPS requests, transaction completion is not taking very long whereas when input rate goes up, this delay increases and then rate limiting starts behaving unexpectedly. Can this be the cause of this difference in any way?
Does anyone have any idea on this behaviour?
