<html><head><meta http-equiv="Content-Security-Policy" content="script-src 'self'; img-src * cid: data:;"></head><body style="background-color: rgb(255, 255, 255); background-image: initial; line-height: initial;"><div id="response_container_BBPPID" style="outline:none;font-size:initial;font-family:"Calibri","Slate Pro",sans-serif,"sans-serif"" dir="auto" contenteditable="false"> <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> Is the browser cache something I'm supposed to disable on my end, or are you referring to a cache on your end?</div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">I'm loading that image on my phone with Chrome and it seems fine.</div><div name="BB10" id="BB10_response_div_BBPPID" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"><br></div>                                                                                                                                      <div name="BB10" dir="auto" style="width: 100%; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"> <br style="display:initial"></div>                            <div id="blackberry_signature_BBPPID" name="BB10" dir="auto">     <div name="BB10" dir="auto" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> </div></div><div id="_original_msg_header_BBPPID" dir="auto">                                                                                                                                             <table width="100%" style="background-color: white; border-spacing: 0px; display: table; outline: none;" contenteditable="false"> <tbody><tr><td colspan="2" style="padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);">                           <div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(181, 196, 223); padding: 3pt 0in 0in; font-family: Tahoma, "BB Alpha Sans", "Slate Pro"; font-size: 10pt;">  <div id="from"><b>From:</b> earlybirds.gm@gmail.com</div><div id="sent"><b>Sent:</b> August 23, 2017 2:09 PM</div><div id="to"><b>To:</b> nginx@nginx.org</div><div id="reply_to"><b>Reply-to:</b> nginx@nginx.org</div><div id="subject"><b>Subject:</b> TTFB much higher when accessing a file, using HTTPS (LE)</div></div></td></tr></tbody></table><div style="border-right: none; border-bottom: none; border-left: none; border-image: initial; border-top: 1pt solid rgb(186, 188, 209); display: block; padding: initial; font-size: initial; text-align: initial; background-color: rgb(255, 255, 255);"></div> <br> </div><!--start of _originalContent --><div name="BB10" dir="auto" style="background-image: initial; line-height: initial; outline: none;" contenteditable="false"><div dir="ltr">Hi and thanks in advance to all<div><br></div><div>Not sure how to investigate this problem:</div><div>1. Nginx 1.10.3 server on Debian 8.6, running on a 1C/2GB Linode VPS</div><div>2. Works well as far as I understand</div><div>3. However, when activating HTTPS for my sites (Let's Encrypt), I see some strange behavior - the TTFB (first byte delay time) is increasing dramatically with each request.</div><div>4. Testing method: running multiple Chrome tabs (3-4) accessing a specific image file (or a big text file), repeating every 2 seconds. Browser cache disabled</div><div>Example image file on test site - <a href="https://bt286.info/wp-content/themes/twentyseventeen/assets/images/header.jpg">link</a></div><div>5. Result: TTFB for the image file rising from around 200-250ms to 1.2-1.5s after few tabs doing it</div><div><br></div><div>6. More info: Doesn't happen without HTTPS, at least not for a reasonable count of tabs (like 20)</div><div><br></div><div>Any advise?</div><div><br></div><div><b>conf file:</b></div><div><br></div><div><div>worker_processes auto;</div><div>worker_rlimit_nofile 100000;</div><div>pid /run/nginx.pid;</div><div><br></div><div>events {<!-- --></div><div><span style="white-space:pre">        </span>worker_connections 4096;</div><div><span style="white-space:pre">      </span>multi_accept on;</div><div>}</div><div><br></div><div>http {<!-- --></div><div><br></div><div><span style="white-space:pre"> </span>sendfile on;</div><div><span style="white-space:pre">  </span>tcp_nopush on;</div><div><span style="white-space:pre">        </span>tcp_nodelay on;</div><div><span style="white-space:pre">       </span>keepalive_timeout 30;</div><div><span style="white-space:pre"> </span>types_hash_max_size 2048;</div><div><br></div><div><span style="white-space:pre">    </span>server_tokens off;</div><div><span style="white-space:pre">    </span>reset_timedout_connection on;</div><div><span style="white-space:pre"> </span>add_header X-Powered-By "EasyEngine 3.7.4";</div><div><span style="white-space:pre"> </span>add_header rt-Fastcgi-Cache $upstream_cache_status;</div><div><br></div><div><span style="white-space:pre">  </span># Limit Request</div><div><span style="white-space:pre">       </span>limit_req_status 403;</div><div><span style="white-space:pre"> </span>limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;</div><div><br></div><div><span style="white-space:pre">   </span># Proxy Settings</div><div><span style="white-space:pre">      </span># set_real_ip_from<span style="white-space:pre">   </span>proxy-server-ip;</div><div><span style="white-space:pre">      </span># real_ip_header<span style="white-space:pre">     </span>X-Forwarded-For;</div><div><br></div><div><span style="white-space:pre">     </span>fastcgi_read_timeout 300;</div><div><span style="white-space:pre">     </span>client_max_body_size 100m;</div><div><br></div><div><span style="white-space:pre">   </span>##</div><div><span style="white-space:pre">    </span># SSL Settings</div><div><span style="white-space:pre">        </span>##</div><div><br></div><div><span style="white-space:pre">   </span>ssl_session_timeout 1d;</div><div>    ssl_session_cache shared:SSL:50m;</div><div>    ssl_session_tickets off;</div><div><span style="white-space:pre">    </span>ssl_prefer_server_ciphers on;</div><div><span style="white-space:pre"> </span>ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";</div><div><span style="white-space:pre">    </span>ssl_protocols TLSv1.1  TLSv1.2;</div><div><span style="white-space:pre">  </span></div><div><span style="white-space:pre">      </span># HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)</div><div>    add_header Strict-Transport-Security "max-age=15768000" always;</div><div><span style="white-space:pre">      </span></div><div><span style="white-space:pre">      </span># OCSP Stapling ---</div><div>    # fetch OCSP records from URL in ssl_certificate and cache them</div><div>    ssl_stapling on;</div><div>    ssl_stapling_verify on;</div><div><span style="white-space:pre">      </span></div><div><span style="white-space:pre">      </span>##</div><div><span style="white-space:pre">    </span># Basic Settings</div><div><span style="white-space:pre">      </span>##</div><div><span style="white-space:pre">    </span># server_names_hash_bucket_size 64;</div><div><span style="white-space:pre">   </span># server_name_in_redirect off;</div><div><br></div><div><span style="white-space:pre">       </span>include /etc/nginx/mime.types;</div><div><span style="white-space:pre">        </span>default_type application/octet-stream;</div><div><br></div><div><span style="white-space:pre">       </span>access_log /var/log/nginx/access.log;</div><div><span style="white-space:pre"> </span>error_log /var/log/nginx/error.log;</div><div><br></div><div><span style="white-space:pre">  </span># Log format Settings</div><div><span style="white-space:pre"> </span>log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '</div><div><span style="white-space:pre">      </span>'$http_host "$request" $status $body_bytes_sent '</div><div><span style="white-space:pre">   </span>'"$http_referer" "$http_user_agent"';</div><div><br></div><div><span style="white-space:pre">    </span>##</div><div><span style="white-space:pre">    </span># Gzip Settings</div><div><span style="white-space:pre">       </span>##</div><div><br></div><div><span style="white-space:pre">   </span>gzip on;</div><div><span style="white-space:pre">      </span>gzip_disable "msie6";</div><div><br></div><div><span style="white-space:pre">      </span>gzip_vary on;</div><div><span style="white-space:pre"> </span>gzip_proxied any;</div><div><span style="white-space:pre">     </span>gzip_comp_level 6;</div><div><span style="white-space:pre">    </span>gzip_buffers 16 8k;</div><div><span style="white-space:pre">   </span>gzip_http_version 1.1;</div><div><span style="white-space:pre">        </span>gzip_types</div><div><span style="white-space:pre">    </span>    application/atom+xml</div><div><span style="white-space:pre">    </span>    application/javascript</div><div><span style="white-space:pre">  </span>    application/json</div><div><span style="white-space:pre">        </span>    application/rss+xml</div><div><span style="white-space:pre">     </span>    application/vnd.ms-fontobject</div><div><span style="white-space:pre">   </span>    application/x-font-ttf</div><div><span style="white-space:pre">  </span>    application/x-web-app-manifest+json</div><div><span style="white-space:pre">     </span>    application/xhtml+xml</div><div><span style="white-space:pre">   </span>    application/xml</div><div><span style="white-space:pre"> </span>    font/opentype</div><div><span style="white-space:pre">   </span>    image/svg+xml</div><div><span style="white-space:pre">   </span>    image/x-icon</div><div><span style="white-space:pre">    </span>    text/css</div><div><span style="white-space:pre">        </span>    text/plain</div><div><span style="white-space:pre">      </span>    text/x-component</div><div><span style="white-space:pre">        </span>    text/xml</div><div><span style="white-space:pre">        </span>    text/javascript;</div><div><br></div><div><span style="white-space:pre">       </span>##</div><div><span style="white-space:pre">    </span># Virtual Host Configs</div><div><span style="white-space:pre">        </span>##</div><div><br></div><div><span style="white-space:pre">   </span>include /etc/nginx/conf.d/*.conf;</div><div><span style="white-space:pre">     </span>include /etc/nginx/sites-enabled/*;</div><div>}</div></div><div><br></div><div><b>and </b></div><div><br></div><div>additional static files rule</div><div><div>location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {<!-- --></div><div>  add_header "Access-Control-Allow-Origin" "*";</div><div>  access_log off;</div><div>  log_not_found off;</div><div>  expires max;</div><div>}</div><div><br></div></div></div>
<!--end of _originalContent --></div></body></html>