Updates to secure proxy for better performanceΒ #72
Description
To make secure proxy perform better, we need to remove the hard coded max connection value as to allow more connections when using larger VM sizes. We also need to add a healthcheck/drain piece to the openresty config to support CF Drain
Notes
- Adjust BOSH release release, making this a spec value that can be configured but also has a default for https://github.com/cloud-gov/cg-secureproxy-boshrelease/blob/main/jobs/secureproxy/templates/config/nginx.conf.erb#L10
- Adjust BOSH release release, making this a spec value that can be configured but also has a default for https://github.com/cloud-gov/cg-secureproxy-boshrelease/blob/main/jobs/secureproxy/templates/config/nginx.conf.erb#L7
- Adjust release to support HTTP/2
- Review NGINX best practices and implement any other performance related config items and make defaults as well as config options
- Create lua health checks to follow CF gorouter drain setup
- gorouter has a
drain_waitvalue which defaults to 20 seconds - during that time, the gorouter health endpoint will give 503s but still accept and route HTTP traffic on it's main port during thedrain_wait. This delay/wait allows the ELB health check to kick the server out of the pool. Currently secure proxy downs both it's health check proxy endpoint and the gorouter proxy port once the gorouter health check throws it's first 503 - this causes 502s to customers until the ELB health checks remove the VM from the target pool - Update and test any packages in the release to latest/support versions
Acceptance Criteria
- Make the performance improvements
- Verify in testing the release works