diff --git a/CHANGELOG/unreleased/kong/11515.yaml b/CHANGELOG/unreleased/kong/11515.yaml new file mode 100644 index 000000000000..28a3209034a8 --- /dev/null +++ b/CHANGELOG/unreleased/kong/11515.yaml @@ -0,0 +1,7 @@ +message: Bumped the default value of `upstream_keepalive_pool_size` to `512` and `upstream_keepalive_max_requests` to `1000` +type: performance +scope: Configuration +prs: + - 11515 +jiras: + - "FTI-4868" diff --git a/kong.conf.default b/kong.conf.default index 87dad2196f3f..40c7e24179e1 100644 --- a/kong.conf.default +++ b/kong.conf.default @@ -960,26 +960,26 @@ # `text/html`, `application/json`, and # `application/xml`. -#upstream_keepalive_pool_size = 60 # Sets the default size of the upstream - # keepalive connection pools. - # Upstream keepalive connection pools - # are segmented by the `dst ip/dst - # port/SNI` attributes of a connection. - # A value of `0` will disable upstream - # keepalive connections by default, forcing - # each upstream request to open a new - # connection. - -#upstream_keepalive_max_requests = 100 # Sets the default maximum number of - # requests than can be proxied upstream - # through one keepalive connection. - # After the maximum number of requests - # is reached, the connection will be - # closed. - # A value of `0` will disable this - # behavior, and a keepalive connection - # can be used to proxy an indefinite - # number of requests. +#upstream_keepalive_pool_size = 512 # Sets the default size of the upstream + # keepalive connection pools. + # Upstream keepalive connection pools + # are segmented by the `dst ip/dst + # port/SNI` attributes of a connection. + # A value of `0` will disable upstream + # keepalive connections by default, forcing + # each upstream request to open a new + # connection. + +#upstream_keepalive_max_requests = 1000 # Sets the default maximum number of + # requests than can be proxied upstream + # through one keepalive connection. + # After the maximum number of requests + # is reached, the connection will be + # closed. + # A value of `0` will disable this + # behavior, and a keepalive connection + # can be used to proxy an indefinite + # number of requests. #upstream_keepalive_idle_timeout = 60 # Sets the default timeout (in seconds) # for which an upstream keepalive @@ -1137,6 +1137,16 @@ # It is recommended to set it to at least (number of regex paths * 2) # to avoid high CPU usages. +#nginx_http_keepalive_requests = 1000 # Sets the maximum number of client requests that can be served through one + # keep-alive connection. After the maximum number of requests are made, + # the connection is closed. + # Closing connections periodically is necessary to free per-connection + # memory allocations. Therefore, using too high maximum number of requests + # could result in excessive memory usage and not recommended. + # See: https://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests + + + #------------------------------------------------------------------------------ # DATASTORE #------------------------------------------------------------------------------ diff --git a/kong/templates/kong_defaults.lua b/kong/templates/kong_defaults.lua index fea900620be8..fb4bb3110aef 100644 --- a/kong/templates/kong_defaults.lua +++ b/kong/templates/kong_defaults.lua @@ -62,8 +62,8 @@ status_ssl_cert_key = NONE headers = server_tokens, latency_tokens trusted_ips = NONE error_default_type = text/plain -upstream_keepalive_pool_size = 60 -upstream_keepalive_max_requests = 100 +upstream_keepalive_pool_size = 512 +upstream_keepalive_max_requests = 1000 upstream_keepalive_idle_timeout = 60 allow_debug_header = off @@ -84,6 +84,9 @@ nginx_http_ssl_prefer_server_ciphers = NONE nginx_http_ssl_dhparam = NONE nginx_http_ssl_session_tickets = NONE nginx_http_ssl_session_timeout = NONE +nginx_http_lua_regex_match_limit = 100000 +nginx_http_lua_regex_cache_max_entries = 8192 +nginx_http_keepalive_requests = 1000 nginx_stream_ssl_protocols = NONE nginx_stream_ssl_prefer_server_ciphers = NONE nginx_stream_ssl_dhparam = NONE @@ -93,8 +96,6 @@ nginx_proxy_real_ip_header = X-Real-IP nginx_proxy_real_ip_recursive = off nginx_admin_client_max_body_size = 10m nginx_admin_client_body_buffer_size = 10m -nginx_http_lua_regex_match_limit = 100000 -nginx_http_lua_regex_cache_max_entries = 8192 client_body_buffer_size = 8k real_ip_header = X-Real-IP diff --git a/spec/01-unit/04-prefix_handler_spec.lua b/spec/01-unit/04-prefix_handler_spec.lua index a85b423ef962..69b055974e48 100644 --- a/spec/01-unit/04-prefix_handler_spec.lua +++ b/spec/01-unit/04-prefix_handler_spec.lua @@ -1116,7 +1116,7 @@ describe("NGINX conf compiler", function() nil, true) assert.matches("daemon on;", contents, nil, true) assert.matches("listen 0.0.0.0:9000;", contents, nil, true) - assert.not_matches("keepalive", contents, nil, true) + assert.not_matches("keepalive%s+%d+", contents) end) end) end)