<div dir="ltr">Thanks Gary<div><br></div><div>1. Disabling browser cache on your end. I do it via the Chrome developer panel</div><div>2. The image loads fine. The problem is with TTFB (Time To First Byte) which increases dramatically with each access to this image, when HTTPS is on</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Aug 24, 2017 at 12:44 AM, Gary <span dir="ltr"><<a href="mailto:lists@lazygranch.com" target="_blank">lists@lazygranch.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="background-color:rgb(255,255,255);background-image:initial;line-height:initial"><div id="m_4456814676557567545response_container_BBPPID" style="outline:none;font-size:initial;font-family:"Calibri","Slate Pro",sans-serif,"sans-serif"" dir="auto"> <div name="BB10" dir="auto" style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> Is the browser cache something I'm supposed to disable on my end, or are you referring to a cache on your end?</div><div name="BB10" id="m_4456814676557567545BB10_response_div_BBPPID" dir="auto" style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"><br></div><div name="BB10" id="m_4456814676557567545BB10_response_div_BBPPID" dir="auto" style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)">I'm loading that image on my phone with Chrome and it seems fine.</div><div name="BB10" id="m_4456814676557567545BB10_response_div_BBPPID" dir="auto" style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"><br></div> <div name="BB10" dir="auto" style="width:100%;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> <br style="display:initial"></div> <div id="m_4456814676557567545blackberry_signature_BBPPID" name="BB10" dir="auto"> <div name="BB10" dir="auto" style="padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"></div> </div></div><div id="m_4456814676557567545_original_msg_header_BBPPID" dir="auto"> <table width="100%" style="background-color:white;border-spacing:0px;display:table;outline:none"> <tbody><tr><td colspan="2" style="padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"> <div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(181,196,223);padding:3pt 0in 0in;font-family:Tahoma,"BB Alpha Sans","Slate Pro";font-size:10pt"> <div id="m_4456814676557567545from"><b>From:</b> <a href="mailto:earlybirds.gm@gmail.com" target="_blank">earlybirds.gm@gmail.com</a></div><div id="m_4456814676557567545sent"><b>Sent:</b> August 23, 2017 2:09 PM</div><div id="m_4456814676557567545to"><b>To:</b> <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a></div><div id="m_4456814676557567545reply_to"><b>Reply-to:</b> <a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a></div><div id="m_4456814676557567545subject"><b>Subject:</b> TTFB much higher when accessing a file, using HTTPS (LE)</div></div></td></tr></tbody></table><div style="border-right:none;border-bottom:none;border-left:none;border-top:1pt solid rgb(186,188,209);display:block;padding:initial;font-size:initial;text-align:initial;background-color:rgb(255,255,255)"></div> <br> </div><div><div class="h5"><div name="BB10" dir="auto" style="background-image:initial;line-height:initial;outline:none"><div dir="ltr">Hi and thanks in advance to all<div><br></div><div>Not sure how to investigate this problem:</div><div>1. Nginx 1.10.3 server on Debian 8.6, running on a 1C/2GB Linode VPS</div><div>2. Works well as far as I understand</div><div>3. However, when activating HTTPS for my sites (Let's Encrypt), I see some strange behavior - the TTFB (first byte delay time) is increasing dramatically with each request.</div><div>4. Testing method: running multiple Chrome tabs (3-4) accessing a specific image file (or a big text file), repeating every 2 seconds. Browser cache disabled</div><div>Example image file on test site - <a href="https://bt286.info/wp-content/themes/twentyseventeen/assets/images/header.jpg" target="_blank">link</a></div><div>5. Result: TTFB for the image file rising from around 200-250ms to 1.2-1.5s after few tabs doing it</div><div><br></div><div>6. More info: Doesn't happen without HTTPS, at least not for a reasonable count of tabs (like 20)</div><div><br></div><div>Any advise?</div><div><br></div><div><b>conf file:</b></div><div><br></div><div><div>worker_processes auto;</div><div>worker_rlimit_nofile 100000;</div><div>pid /run/nginx.pid;</div><div><br></div><div>events {</div><div><span style="white-space:pre-wrap"> </span>worker_connections 4096;</div><div><span style="white-space:pre-wrap"> </span>multi_accept on;</div><div>}</div><div><br></div><div>http {</div><div><br></div><div><span style="white-space:pre-wrap"> </span>sendfile on;</div><div><span style="white-space:pre-wrap"> </span>tcp_nopush on;</div><div><span style="white-space:pre-wrap"> </span>tcp_nodelay on;</div><div><span style="white-space:pre-wrap"> </span>keepalive_timeout 30;</div><div><span style="white-space:pre-wrap"> </span>types_hash_max_size 2048;</div><div><br></div><div><span style="white-space:pre-wrap"> </span>server_tokens off;</div><div><span style="white-space:pre-wrap"> </span>reset_timedout_connection on;</div><div><span style="white-space:pre-wrap"> </span>add_header X-Powered-By "EasyEngine 3.7.4";</div><div><span style="white-space:pre-wrap"> </span>add_header rt-Fastcgi-Cache $upstream_cache_status;</div><div><br></div><div><span style="white-space:pre-wrap"> </span># Limit Request</div><div><span style="white-space:pre-wrap"> </span>limit_req_status 403;</div><div><span style="white-space:pre-wrap"> </span>limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;</div><div><br></div><div><span style="white-space:pre-wrap"> </span># Proxy Settings</div><div><span style="white-space:pre-wrap"> </span># set_real_ip_from<span style="white-space:pre-wrap"> </span>proxy-server-ip;</div><div><span style="white-space:pre-wrap"> </span># real_ip_header<span style="white-space:pre-wrap"> </span>X-Forwarded-For;</div><div><br></div><div><span style="white-space:pre-wrap"> </span>fastcgi_read_timeout 300;</div><div><span style="white-space:pre-wrap"> </span>client_max_body_size 100m;</div><div><br></div><div><span style="white-space:pre-wrap"> </span>##</div><div><span style="white-space:pre-wrap"> </span># SSL Settings</div><div><span style="white-space:pre-wrap"> </span>##</div><div><br></div><div><span style="white-space:pre-wrap"> </span>ssl_session_timeout 1d;</div><div> ssl_session_cache shared:SSL:50m;</div><div> ssl_session_tickets off;</div><div><span style="white-space:pre-wrap"> </span>ssl_prefer_server_ciphers on;</div><div><span style="white-space:pre-wrap"> </span>ssl_ciphers "ECDHE-ECDSA-AES256-GCM-<wbr>SHA384:ECDHE-RSA-AES256-GCM-<wbr>SHA384:ECDHE-ECDSA-CHACHA20-<wbr>POLY1305:ECDHE-RSA-CHACHA20-<wbr>POLY1305:ECDHE-ECDSA-AES128-<wbr>GCM-SHA256:ECDHE-RSA-AES128-<wbr>GCM-SHA256:ECDHE-ECDSA-AES256-<wbr>SHA384:ECDHE-RSA-AES256-<wbr>SHA384:ECDHE-ECDSA-AES128-<wbr>SHA256:ECDHE-RSA-AES128-<wbr>SHA256";</div><div><span style="white-space:pre-wrap"> </span>ssl_protocols TLSv1.1 TLSv1.2;</div><div><span style="white-space:pre-wrap"> </span></div><div><span style="white-space:pre-wrap"> </span># HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)</div><div> add_header Strict-Transport-Security "max-age=15768000" always;</div><div><span style="white-space:pre-wrap"> </span></div><div><span style="white-space:pre-wrap"> </span># OCSP Stapling ---</div><div> # fetch OCSP records from URL in ssl_certificate and cache them</div><div> ssl_stapling on;</div><div> ssl_stapling_verify on;</div><div><span style="white-space:pre-wrap"> </span></div><div><span style="white-space:pre-wrap"> </span>##</div><div><span style="white-space:pre-wrap"> </span># Basic Settings</div><div><span style="white-space:pre-wrap"> </span>##</div><div><span style="white-space:pre-wrap"> </span># server_names_hash_bucket_size 64;</div><div><span style="white-space:pre-wrap"> </span># server_name_in_redirect off;</div><div><br></div><div><span style="white-space:pre-wrap"> </span>include /etc/nginx/mime.types;</div><div><span style="white-space:pre-wrap"> </span>default_type application/octet-stream;</div><div><br></div><div><span style="white-space:pre-wrap"> </span>access_log /var/log/nginx/access.log;</div><div><span style="white-space:pre-wrap"> </span>error_log /var/log/nginx/error.log;</div><div><br></div><div><span style="white-space:pre-wrap"> </span># Log format Settings</div><div><span style="white-space:pre-wrap"> </span>log_format rt_cache '$remote_addr $upstream_response_time $upstream_cache_status [$time_local] '</div><div><span style="white-space:pre-wrap"> </span>'$http_host "$request" $status $body_bytes_sent '</div><div><span style="white-space:pre-wrap"> </span>'"$http_referer" "$http_user_agent"';</div><div><br></div><div><span style="white-space:pre-wrap"> </span>##</div><div><span style="white-space:pre-wrap"> </span># Gzip Settings</div><div><span style="white-space:pre-wrap"> </span>##</div><div><br></div><div><span style="white-space:pre-wrap"> </span>gzip on;</div><div><span style="white-space:pre-wrap"> </span>gzip_disable "msie6";</div><div><br></div><div><span style="white-space:pre-wrap"> </span>gzip_vary on;</div><div><span style="white-space:pre-wrap"> </span>gzip_proxied any;</div><div><span style="white-space:pre-wrap"> </span>gzip_comp_level 6;</div><div><span style="white-space:pre-wrap"> </span>gzip_buffers 16 8k;</div><div><span style="white-space:pre-wrap"> </span>gzip_http_version 1.1;</div><div><span style="white-space:pre-wrap"> </span>gzip_types</div><div><span style="white-space:pre-wrap"> </span> application/atom+xml</div><div><span style="white-space:pre-wrap"> </span> application/javascript</div><div><span style="white-space:pre-wrap"> </span> application/json</div><div><span style="white-space:pre-wrap"> </span> application/rss+xml</div><div><span style="white-space:pre-wrap"> </span> application/vnd.ms-fontobject</div><div><span style="white-space:pre-wrap"> </span> application/x-font-ttf</div><div><span style="white-space:pre-wrap"> </span> application/x-web-app-<wbr>manifest+json</div><div><span style="white-space:pre-wrap"> </span> application/xhtml+xml</div><div><span style="white-space:pre-wrap"> </span> application/xml</div><div><span style="white-space:pre-wrap"> </span> font/opentype</div><div><span style="white-space:pre-wrap"> </span> image/svg+xml</div><div><span style="white-space:pre-wrap"> </span> image/x-icon</div><div><span style="white-space:pre-wrap"> </span> text/css</div><div><span style="white-space:pre-wrap"> </span> text/plain</div><div><span style="white-space:pre-wrap"> </span> text/x-component</div><div><span style="white-space:pre-wrap"> </span> text/xml</div><div><span style="white-space:pre-wrap"> </span> text/javascript;</div><div><br></div><div><span style="white-space:pre-wrap"> </span>##</div><div><span style="white-space:pre-wrap"> </span># Virtual Host Configs</div><div><span style="white-space:pre-wrap"> </span>##</div><div><br></div><div><span style="white-space:pre-wrap"> </span>include /etc/nginx/conf.d/*.conf;</div><div><span style="white-space:pre-wrap"> </span>include /etc/nginx/sites-enabled/*;</div><div>}</div></div><div><br></div><div><b>and </b></div><div><br></div><div>additional static files rule</div><div><div>location ~* \.(ogg|ogv|svg|svgz|eot|otf|<wbr>woff|mp4|ttf|css|rss|atom|js|<wbr>jpg|jpeg|gif|png|ico|zip|tgz|<wbr>gz|rar|bz2|doc|xls|exe|ppt|<wbr>tar|mid|midi|wav|bmp|rtf|swf)$ {</div><div> add_header "Access-Control-Allow-Origin" "*";</div><div> access_log off;</div><div> log_not_found off;</div><div> expires max;</div><div>}</div><div><br></div></div></div>
</div></div></div></div><br>______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br></blockquote></div><br></div>