<div dir="ltr">Hi and thanks in advance to all<div><br></div><div>Not sure how to investigate this problem:</div><div>1. Nginx 1.10.3 server on Debian 8.6, running on a 1C/2GB Linode VPS</div><div>2. Works well as far as I understand</div><div>3. However, when activating HTTPS for my sites (Let's Encrypt), I see some strange behavior - the TTFB (first byte delay time) is increasing dramatically with each request.</div><div>4. Testing method: running multiple Chrome tabs (3-4) accessing a specific image file (or a big text file), repeating every 2 seconds. Browser cache disabled</div><div>Example image file on test site - <a href="https://bt286.info/wp-content/themes/twentyseventeen/assets/images/header.jpg">link</a></div><div>5. Result: TTFB for the image file rising from around 200-250ms to 1.2-1.5s after few tabs doing it</div><div><br></div><div>6. More info: Doesn't happen without HTTPS, at least not for a reasonable count of tabs (like 20)</div><div><br></div><div>Any advise?</div><div><br></div><div><b>conf file:</b></div><div><br></div><div><div>worker_processes auto;</div><div>worker_rlimit_nofile 100000;</div><div>pid /run/nginx.pid;</div><div><br></div><div>events {</div><div><span style="white-space:pre">   </span>worker_connections 4096;</div><div><span style="white-space:pre">      </span>multi_accept on;</div><div>}</div><div><br></div><div>http {</div><div><br></div><div><span style="white-space:pre">       </span>sendfile on;</div><div><span style="white-space:pre">  </span>tcp_nopush on;</div><div><span style="white-space:pre">        </span>tcp_nodelay on;</div><div><span style="white-space:pre">       </span>keepalive_timeout 30;</div><div><span style="white-space:pre"> </span>types_hash_max_size 2048;</div><div><br></div><div><span style="white-space:pre">    </span>server_tokens off;</div><div><span style="white-space:pre">    </span>reset_timedout_connection on;</div><div><span style="white-space:pre"> </span>add_header X-Powered-By "EasyEngine 3.7.4";</div><div><span style="white-space:pre"> </span>add_header rt-Fastcgi-Cache $upstream_cache_status;</div><div><br></div><div><span style="white-space:pre">  </span># Limit Request</div><div><span style="white-space:pre">       </span>limit_req_status 403;</div><div><span style="white-space:pre"> </span>limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;</div><div><br></div><div><span style="white-space:pre">   </span># Proxy Settings</div><div><span style="white-space:pre">      </span># set_real_ip_from<span style="white-space:pre">   </span>proxy-server-ip;</div><div><span style="white-space:pre">      </span># real_ip_header<span style="white-space:pre">     </span>X-Forwarded-For;</div><div><br></div><div><span style="white-space:pre">     </span>fastcgi_read_timeout 300;</div><div><span style="white-space:pre">     </span>client_max_body_size 100m;</div><div><br></div><div><span style="white-space:pre">   </span>##</div><div><span style="white-space:pre">    </span># SSL Settings</div><div><span style="white-space:pre">        </span>##</div><div><br></div><div><span style="white-space:pre">   </span>ssl_session_timeout 1d;</div><div>    ssl_session_cache shared:SSL:50m;</div><div>    ssl_session_tickets off;</div><div><span style="white-space:pre">    </span>ssl_prefer_server_ciphers on;</div><div><span style="white-space:pre"> </span>ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";</div><div><span style="white-space:pre">    </span>ssl_protocols TLSv1.1  TLSv1.2;</div><div><span style="white-space:pre">      </span></div><div><span style="white-space:pre">      </span># HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)</div><div>    add_header Strict-Transport-Security "max-age=15768000" always;</div><div><span style="white-space:pre">      </span></div><div><span style="white-space:pre">      </span># OCSP Stapling ---</div><div>    # fetch OCSP records from URL in ssl_certificate and cache them</div><div>    ssl_stapling on;</div><div>    ssl_stapling_verify on;</div><div><span style="white-space:pre">      </span></div><div><span style="white-space:pre">      </span>##</div><div><span style="white-space:pre">    </span># Basic Settings</div><div><span style="white-space:pre">      </span>##</div><div><span style="white-space:pre">    </span># server_names_hash_bucket_size 64;</div><div><span style="white-space:pre">   </span># server_name_in_redirect off;</div><div><br></div><div><span style="white-space:pre">       </span>include /etc/nginx/mime.types;</div><div><span style="white-space:pre">        </span>default_type application/octet-stream;</div><div><br></div><div><span style="white-space:pre">       </span>access_log /var/log/nginx/access.log;</div><div><span style="white-space:pre"> </span>error_log /var/log/nginx/error.log;</div><div><br></div><div><span style="white-space:pre">  </span># Log format Settings</div><div><span style="white-space:pre"> </span>log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '</div><div><span style="white-space:pre">      </span>'$http_host "$request" $status $body_bytes_sent '</div><div><span style="white-space:pre">   </span>'"$http_referer" "$http_user_agent"';</div><div><br></div><div><span style="white-space:pre">    </span>##</div><div><span style="white-space:pre">    </span># Gzip Settings</div><div><span style="white-space:pre">       </span>##</div><div><br></div><div><span style="white-space:pre">   </span>gzip on;</div><div><span style="white-space:pre">      </span>gzip_disable "msie6";</div><div><br></div><div><span style="white-space:pre">      </span>gzip_vary on;</div><div><span style="white-space:pre"> </span>gzip_proxied any;</div><div><span style="white-space:pre">     </span>gzip_comp_level 6;</div><div><span style="white-space:pre">    </span>gzip_buffers 16 8k;</div><div><span style="white-space:pre">   </span>gzip_http_version 1.1;</div><div><span style="white-space:pre">        </span>gzip_types</div><div><span style="white-space:pre">    </span>    application/atom+xml</div><div><span style="white-space:pre">    </span>    application/javascript</div><div><span style="white-space:pre">  </span>    application/json</div><div><span style="white-space:pre">        </span>    application/rss+xml</div><div><span style="white-space:pre">     </span>    application/vnd.ms-fontobject</div><div><span style="white-space:pre">   </span>    application/x-font-ttf</div><div><span style="white-space:pre">  </span>    application/x-web-app-manifest+json</div><div><span style="white-space:pre">     </span>    application/xhtml+xml</div><div><span style="white-space:pre">   </span>    application/xml</div><div><span style="white-space:pre"> </span>    font/opentype</div><div><span style="white-space:pre">   </span>    image/svg+xml</div><div><span style="white-space:pre">   </span>    image/x-icon</div><div><span style="white-space:pre">    </span>    text/css</div><div><span style="white-space:pre">        </span>    text/plain</div><div><span style="white-space:pre">      </span>    text/x-component</div><div><span style="white-space:pre">        </span>    text/xml</div><div><span style="white-space:pre">        </span>    text/javascript;</div><div><br></div><div><span style="white-space:pre">       </span>##</div><div><span style="white-space:pre">    </span># Virtual Host Configs</div><div><span style="white-space:pre">        </span>##</div><div><br></div><div><span style="white-space:pre">   </span>include /etc/nginx/conf.d/*.conf;</div><div><span style="white-space:pre">     </span>include /etc/nginx/sites-enabled/*;</div><div>}</div></div><div><br></div><div><b>and </b></div><div><br></div><div>additional static files rule</div><div><div>location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$ {</div><div>  add_header "Access-Control-Allow-Origin" "*";</div><div>  access_log off;</div><div>  log_not_found off;</div><div>  expires max;</div><div>}</div><div><br></div></div></div>