[prev in list] [next in list] [prev in thread] [next in thread]
List: nginx
Subject: Re: TTFB much higher when accessing a file, using HTTPS (LE)
From: Early Bird <earlybirds.gm () gmail ! com>
Date: 2017-08-24 9:48:24
Message-ID: CADcQdJstW8i7R9wxU+LDgiL1sJu5dO6P2=h2YdSNoWphzqR9FQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Thanks Gary
1. Disabling browser cache on your end. I do it via the Chrome developer
panel
2. The image loads fine. The problem is with TTFB (Time To First Byte)
which increases dramatically with each access to this image, when HTTPS is
on
On Thu, Aug 24, 2017 at 12:44 AM, Gary <lists@lazygranch.com> wrote:
> Is the browser cache something I'm supposed to disable on my end, or are
> you referring to a cache on your end?
>
> I'm loading that image on my phone with Chrome and it seems fine.
>
>
> *From:* earlybirds.gm@gmail.com
> *Sent:* August 23, 2017 2:09 PM
> *To:* nginx@nginx.org
> *Reply-to:* nginx@nginx.org
> *Subject:* TTFB much higher when accessing a file, using HTTPS (LE)
>
> Hi and thanks in advance to all
>
> Not sure how to investigate this problem:
> 1. Nginx 1.10.3 server on Debian 8.6, running on a 1C/2GB Linode VPS
> 2. Works well as far as I understand
> 3. However, when activating HTTPS for my sites (Let's Encrypt), I see some
> strange behavior - the TTFB (first byte delay time) is increasing
> dramatically with each request.
> 4. Testing method: running multiple Chrome tabs (3-4) accessing a specific
> image file (or a big text file), repeating every 2 seconds. Browser cache
> disabled
> Example image file on test site - link
> <https://bt286.info/wp-content/themes/twentyseventeen/assets/images/header.jpg>
> 5. Result: TTFB for the image file rising from around 200-250ms to
> 1.2-1.5s after few tabs doing it
>
> 6. More info: Doesn't happen without HTTPS, at least not for a reasonable
> count of tabs (like 20)
>
> Any advise?
>
> *conf file:*
>
> worker_processes auto;
> worker_rlimit_nofile 100000;
> pid /run/nginx.pid;
>
> events {
> worker_connections 4096;
> multi_accept on;
> }
>
> http {
>
> sendfile on;
> tcp_nopush on;
> tcp_nodelay on;
> keepalive_timeout 30;
> types_hash_max_size 2048;
>
> server_tokens off;
> reset_timedout_connection on;
> add_header X-Powered-By "EasyEngine 3.7.4";
> add_header rt-Fastcgi-Cache $upstream_cache_status;
>
> # Limit Request
> limit_req_status 403;
> limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
>
> # Proxy Settings
> # set_real_ip_from proxy-server-ip;
> # real_ip_header X-Forwarded-For;
>
> fastcgi_read_timeout 300;
> client_max_body_size 100m;
>
> ##
> # SSL Settings
> ##
>
> ssl_session_timeout 1d;
> ssl_session_cache shared:SSL:50m;
> ssl_session_tickets off;
> ssl_prefer_server_ciphers on;
> ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-
> SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-
> POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-
> GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-
> SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
> ssl_protocols TLSv1.1 TLSv1.2;
> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
> add_header Strict-Transport-Security "max-age=15768000" always;
> # OCSP Stapling ---
> # fetch OCSP records from URL in ssl_certificate and cache them
> ssl_stapling on;
> ssl_stapling_verify on;
> ##
> # Basic Settings
> ##
> # server_names_hash_bucket_size 64;
> # server_name_in_redirect off;
>
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> access_log /var/log/nginx/access.log;
> error_log /var/log/nginx/error.log;
>
> # Log format Settings
> log_format rt_cache '$remote_addr $upstream_response_time
> $upstream_cache_status [$time_local] '
> '$http_host "$request" $status $body_bytes_sent '
> '"$http_referer" "$http_user_agent"';
>
> ##
> # Gzip Settings
> ##
>
> gzip on;
> gzip_disable "msie6";
>
> gzip_vary on;
> gzip_proxied any;
> gzip_comp_level 6;
> gzip_buffers 16 8k;
> gzip_http_version 1.1;
> gzip_types
> application/atom+xml
> application/javascript
> application/json
> application/rss+xml
> application/vnd.ms-fontobject
> application/x-font-ttf
> application/x-web-app-manifest+json
> application/xhtml+xml
> application/xml
> font/opentype
> image/svg+xml
> image/x-icon
> text/css
> text/plain
> text/x-component
> text/xml
> text/javascript;
>
> ##
> # Virtual Host Configs
> ##
>
> include /etc/nginx/conf.d/*.conf;
> include /etc/nginx/sites-enabled/*;
> }
>
> *and *
>
> additional static files rule
> location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|
> jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$
> {
> add_header "Access-Control-Allow-Origin" "*";
> access_log off;
> log_not_found off;
> expires max;
> }
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
[Attachment #5 (text/html)]
<div dir="ltr">Thanks Gary<div><br></div><div>1. Disabling browser cache on your end. \
I do it via the Chrome developer panel</div><div>2. The image loads fine. The problem \
is with TTFB (Time To First Byte) which increases dramatically with each access to \
this image, when HTTPS is on</div></div><div class="gmail_extra"><br><div \
class="gmail_quote">On Thu, Aug 24, 2017 at 12:44 AM, Gary <span dir="ltr"><<a \
href="mailto:lists@lazygranch.com" \
target="_blank">lists@lazygranch.com</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex"><div \
style="background-color:rgb(255,255,255);background-image:initial;line-height:initial"><div \
id="m_4456814676557567545response_container_BBPPID" \
style="outline:none;font-size:initial;font-family:"Calibri","Slate \
Pro",sans-serif,"sans-serif"" dir="auto"> <div name="BB10" dir="auto" \
style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> \
Is the browser cache something I'm supposed to disable on my end, or are you \
referring to a cache on your end?</div><div name="BB10" \
id="m_4456814676557567545BB10_response_div_BBPPID" dir="auto" \
style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"><br></div><div \
name="BB10" id="m_4456814676557567545BB10_response_div_BBPPID" dir="auto" \
style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)">I'm \
loading that image on my phone with Chrome and it seems fine.</div><div name="BB10" \
id="m_4456814676557567545BB10_response_div_BBPPID" dir="auto" \
style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"><br></div> \
<div name="BB10" dir="auto" \
style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> \
<br style="display:initial"></div> <div \
id="m_4456814676557567545blackberry_signature_BBPPID" name="BB10" dir="auto"> \
<div name="BB10" dir="auto" \
style="padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"></div> \
</div></div><div id="m_4456814676557567545_original_msg_header_BBPPID" dir="auto"> \
<table width="100%" style="background-color:white;border-spacing:0px;display:table;outline:none"> \
<tbody><tr><td colspan="2" \
style="padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> \
<div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt \
solid rgb(181,196,223);padding:3pt 0in 0in;font-family:Tahoma,"BB Alpha \
Sans","Slate Pro";font-size:10pt"> <div \
id="m_4456814676557567545from"><b>From:</b> <a href="mailto:earlybirds.gm@gmail.com" \
target="_blank">earlybirds.gm@gmail.com</a></div><div \
id="m_4456814676557567545sent"><b>Sent:</b> August 23, 2017 2:09 PM</div><div \
id="m_4456814676557567545to"><b>To:</b> <a href="mailto:nginx@nginx.org" \
target="_blank">nginx@nginx.org</a></div><div \
id="m_4456814676557567545reply_to"><b>Reply-to:</b> <a href="mailto:nginx@nginx.org" \
target="_blank">nginx@nginx.org</a></div><div \
id="m_4456814676557567545subject"><b>Subject:</b> TTFB much higher when accessing a \
file, using HTTPS (LE)</div></div></td></tr></tbody></table><div \
style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid \
rgb(186,188,209);display:block;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"></div> \
<br> </div><div><div class="h5"><div name="BB10" dir="auto" \
style="background-image:initial;line-height:initial;outline:none"><div dir="ltr">Hi \
and thanks in advance to all<div><br></div><div>Not sure how to investigate this \
problem:</div><div>1. Nginx 1.10.3 server on Debian 8.6, running on a 1C/2GB Linode \
VPS</div><div>2. Works well as far as I understand</div><div>3. However, when \
activating HTTPS for my sites (Let's Encrypt), I see some strange behavior - the \
TTFB (first byte delay time) is increasing dramatically with each \
request.</div><div>4. Testing method: running multiple Chrome tabs (3-4) accessing a \
specific image file (or a big text file), repeating every 2 seconds. Browser cache \
disabled</div><div>Example image file on test site - <a \
href="https://bt286.info/wp-content/themes/twentyseventeen/assets/images/header.jpg" \
target="_blank">link</a></div><div>5. Result: TTFB for the image file rising from \
around 200-250ms to 1.2-1.5s after few tabs doing it</div><div><br></div><div>6. More \
info: Doesn't happen without HTTPS, at least not for a reasonable count of tabs \
(like 20)</div><div><br></div><div>Any advise?</div><div><br></div><div><b>conf \
file:</b></div><div><br></div><div><div>worker_processes \
auto;</div><div>worker_rlimit_nofile 100000;</div><div>pid \
/run/nginx.pid;</div><div><br></div><div>events {</div><div><span \
style="white-space:pre-wrap"> </span>worker_connections 4096;</div><div><span \
style="white-space:pre-wrap"> </span>multi_accept \
on;</div><div>}</div><div><br></div><div>http {</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>sendfile on;</div><div><span \
style="white-space:pre-wrap"> </span>tcp_nopush on;</div><div><span \
style="white-space:pre-wrap"> </span>tcp_nodelay on;</div><div><span \
style="white-space:pre-wrap"> </span>keepalive_timeout 30;</div><div><span \
style="white-space:pre-wrap"> </span>types_hash_max_size \
2048;</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>server_tokens off;</div><div><span \
style="white-space:pre-wrap"> </span>reset_timedout_connection on;</div><div><span \
style="white-space:pre-wrap"> </span>add_header X-Powered-By "EasyEngine \
3.7.4";</div><div><span style="white-space:pre-wrap"> </span>add_header \
rt-Fastcgi-Cache $upstream_cache_status;</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span># Limit Request</div><div><span \
style="white-space:pre-wrap"> </span>limit_req_status 403;</div><div><span \
style="white-space:pre-wrap"> </span>limit_req_zone $binary_remote_addr zone=one:10m \
rate=1r/s;</div><div><br></div><div><span style="white-space:pre-wrap"> </span># \
Proxy Settings</div><div><span style="white-space:pre-wrap"> </span># \
set_real_ip_from<span \
style="white-space:pre-wrap"> </span>proxy-server-ip;</div><div><span \
style="white-space:pre-wrap"> </span># real_ip_header<span \
style="white-space:pre-wrap"> </span>X-Forwarded-For;</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>fastcgi_read_timeout 300;</div><div><span \
style="white-space:pre-wrap"> </span>client_max_body_size \
100m;</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>##</div><div><span \
style="white-space:pre-wrap"> </span># SSL Settings</div><div><span \
style="white-space:pre-wrap"> </span>##</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>ssl_session_timeout 1d;</div><div> \
ssl_session_cache shared:SSL:50m;</div><div> ssl_session_tickets \
off;</div><div><span style="white-space:pre-wrap"> </span>ssl_prefer_server_ciphers \
on;</div><div><span style="white-space:pre-wrap"> </span>ssl_ciphers \
"ECDHE-ECDSA-AES256-GCM-<wbr>SHA384:ECDHE-RSA-AES256-GCM-<wbr>SHA384:ECDHE-ECDSA- \
CHACHA20-<wbr>POLY1305:ECDHE-RSA-CHACHA20-<wbr>POLY1305:ECDHE-ECDSA-AES128-<wbr>GCM-SH \
A256:ECDHE-RSA-AES128-<wbr>GCM-SHA256:ECDHE-ECDSA-AES256-<wbr>SHA384:ECDHE-RSA-AES256- \
<wbr>SHA384:ECDHE-ECDSA-AES128-<wbr>SHA256:ECDHE-RSA-AES128-<wbr>SHA256";</div><div><span \
style="white-space:pre-wrap"> </span>ssl_protocols TLSv1.1 TLSv1.2;</div><div><span \
style="white-space:pre-wrap"> </span></div><div><span \
style="white-space:pre-wrap"> </span># HSTS (ngx_http_headers_module is required) \
(15768000 seconds = 6 months)</div><div> add_header Strict-Transport-Security \
"max-age=15768000" always;</div><div><span \
style="white-space:pre-wrap"> </span></div><div><span \
style="white-space:pre-wrap"> </span># OCSP Stapling ---</div><div> # fetch OCSP \
records from URL in ssl_certificate and cache them</div><div> ssl_stapling \
on;</div><div> ssl_stapling_verify on;</div><div><span \
style="white-space:pre-wrap"> </span></div><div><span \
style="white-space:pre-wrap"> </span>##</div><div><span \
style="white-space:pre-wrap"> </span># Basic Settings</div><div><span \
style="white-space:pre-wrap"> </span>##</div><div><span \
style="white-space:pre-wrap"> </span># server_names_hash_bucket_size \
64;</div><div><span style="white-space:pre-wrap"> </span># server_name_in_redirect \
off;</div><div><br></div><div><span style="white-space:pre-wrap"> </span>include \
/etc/nginx/mime.types;</div><div><span \
style="white-space:pre-wrap"> </span>default_type \
application/octet-stream;</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>access_log \
/var/log/nginx/access.log;</div><div><span \
style="white-space:pre-wrap"> </span>error_log \
/var/log/nginx/error.log;</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span># Log format Settings</div><div><span \
style="white-space:pre-wrap"> </span>log_format rt_cache '$remote_addr \
$upstream_response_time $upstream_cache_status [$time_local] '</div><div><span \
style="white-space:pre-wrap"> </span>'$http_host "$request" $status \
$body_bytes_sent '</div><div><span \
style="white-space:pre-wrap"> </span>'"$http_referer" \
"$http_user_agent"';</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>##</div><div><span \
style="white-space:pre-wrap"> </span># Gzip Settings</div><div><span \
style="white-space:pre-wrap"> </span>##</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>gzip on;</div><div><span \
style="white-space:pre-wrap"> </span>gzip_disable \
"msie6";</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>gzip_vary on;</div><div><span \
style="white-space:pre-wrap"> </span>gzip_proxied any;</div><div><span \
style="white-space:pre-wrap"> </span>gzip_comp_level 6;</div><div><span \
style="white-space:pre-wrap"> </span>gzip_buffers 16 8k;</div><div><span \
style="white-space:pre-wrap"> </span>gzip_http_version 1.1;</div><div><span \
style="white-space:pre-wrap"> </span>gzip_types</div><div><span \
style="white-space:pre-wrap"> </span> application/atom+xml</div><div><span \
style="white-space:pre-wrap"> </span> application/javascript</div><div><span \
style="white-space:pre-wrap"> </span> application/json</div><div><span \
style="white-space:pre-wrap"> </span> application/rss+xml</div><div><span \
style="white-space:pre-wrap"> </span> \
application/vnd.ms-fontobject</div><div><span style="white-space:pre-wrap"> </span> \
application/x-font-ttf</div><div><span style="white-space:pre-wrap"> </span> \
application/x-web-app-<wbr>manifest+json</div><div><span \
style="white-space:pre-wrap"> </span> application/xhtml+xml</div><div><span \
style="white-space:pre-wrap"> </span> application/xml</div><div><span \
style="white-space:pre-wrap"> </span> font/opentype</div><div><span \
style="white-space:pre-wrap"> </span> image/svg+xml</div><div><span \
style="white-space:pre-wrap"> </span> image/x-icon</div><div><span \
style="white-space:pre-wrap"> </span> text/css</div><div><span \
style="white-space:pre-wrap"> </span> text/plain</div><div><span \
style="white-space:pre-wrap"> </span> text/x-component</div><div><span \
style="white-space:pre-wrap"> </span> text/xml</div><div><span \
style="white-space:pre-wrap"> </span> \
text/javascript;</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>##</div><div><span \
style="white-space:pre-wrap"> </span># Virtual Host Configs</div><div><span \
style="white-space:pre-wrap"> </span>##</div><div><br></div><div><span \
style="white-space:pre-wrap"> </span>include \
/etc/nginx/conf.d/*.conf;</div><div><span \
style="white-space:pre-wrap"> </span>include \
/etc/nginx/sites-enabled/*;</div><div>}</div></div><div><br></div><div><b>and \
</b></div><div><br></div><div>additional static files rule</div><div><div>location ~* \
\.(ogg|ogv|svg|svgz|eot|otf|<wbr>woff|mp4|ttf|css|rss|atom|js|<wbr>jpg|jpeg|gif|png|ico|zip|tgz|<wbr>gz|rar|bz2|doc|xls|exe|ppt|<wbr>tar|mid|midi|wav|bmp|rtf|swf)$ \
{</div><div> add_header "Access-Control-Allow-Origin" \
"*";</div><div> access_log off;</div><div> log_not_found \
off;</div><div> expires max;</div><div>}</div><div><br></div></div></div> \
</div></div></div></div><br>______________________________<wbr>_________________<br> \
nginx mailing list<br> <a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" \
target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br></blockquote></div><br></div>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic