TTFB much higher when accessing a file, using HTTPS (LE)

Early Bird earlybirds.gm at gmail.com
Thu Aug 24 09:48:24 UTC 2017 

Thanks Gary

1. Disabling browser cache on your end. I do it via the Chrome developer
panel
2. The image loads fine. The problem is with TTFB (Time To First Byte)
which increases dramatically with each access to this image, when HTTPS is
on

On Thu, Aug 24, 2017 at 12:44 AM, Gary <lists at lazygranch.com> wrote:

> Is the browser cache something I'm supposed to disable on my end, or are
> you referring to a cache on your end?
>
> I'm loading that image on my phone with Chrome and it seems fine.
>
>
> *From:* earlybirds.gm at gmail.com
> *Sent:* August 23, 2017 2:09 PM
> *To:* nginx at nginx.org
> *Reply-to:* nginx at nginx.org
> *Subject:* TTFB much higher when accessing a file, using HTTPS (LE)
>
> Hi and thanks in advance to all
>
> Not sure how to investigate this problem:
> 1. Nginx 1.10.3 server on Debian 8.6, running on a 1C/2GB Linode VPS
> 2. Works well as far as I understand
> 3. However, when activating HTTPS for my sites (Let's Encrypt), I see some
> strange behavior - the TTFB (first byte delay time) is increasing
> dramatically with each request.
> 4. Testing method: running multiple Chrome tabs (3-4) accessing a specific
> image file (or a big text file), repeating every 2 seconds. Browser cache
> disabled
> Example image file on test site - link
> <https://bt286.info/wp-content/themes/twentyseventeen/assets/images/header.jpg>
> 5. Result: TTFB for the image file rising from around 200-250ms to
> 1.2-1.5s after few tabs doing it
>
> 6. More info: Doesn't happen without HTTPS, at least not for a reasonable
> count of tabs (like 20)
>
> Any advise?
>
> *conf file:*
>
> worker_processes auto;
> worker_rlimit_nofile 100000;
> pid /run/nginx.pid;
>
> events {
> worker_connections 4096;
> multi_accept on;
> }
>
> http {
>
> sendfile on;
> tcp_nopush on;
> tcp_nodelay on;
> keepalive_timeout 30;
> types_hash_max_size 2048;
>
> server_tokens off;
> reset_timedout_connection on;
> add_header X-Powered-By "EasyEngine 3.7.4";
> add_header rt-Fastcgi-Cache $upstream_cache_status;
>
> # Limit Request
> limit_req_status 403;
> limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
>
> # Proxy Settings
> # set_real_ip_from proxy-server-ip;
> # real_ip_header X-Forwarded-For;
>
> fastcgi_read_timeout 300;
> client_max_body_size 100m;
>
> ##
> # SSL Settings
> ##
>
> ssl_session_timeout 1d;
>     ssl_session_cache shared:SSL:50m;
>     ssl_session_tickets off;
> ssl_prefer_server_ciphers on;
> ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-
> SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-
> POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-
> GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-
> SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
> ssl_protocols TLSv1.1  TLSv1.2;
> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
>     add_header Strict-Transport-Security "max-age=15768000" always;
> # OCSP Stapling ---
>     # fetch OCSP records from URL in ssl_certificate and cache them
>     ssl_stapling on;
>     ssl_stapling_verify on;
> ##
> # Basic Settings
> ##
> # server_names_hash_bucket_size 64;
> # server_name_in_redirect off;
>
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> access_log /var/log/nginx/access.log;
> error_log /var/log/nginx/error.log;
>
> # Log format Settings
> log_format rt_cache '$remote_addr $upstream_response_time
> $upstream_cache_status [$time_local] '
> '$http_host "$request" $status $body_bytes_sent '
> '"$http_referer" "$http_user_agent"';
>
> ##
> # Gzip Settings
> ##
>
> gzip on;
> gzip_disable "msie6";
>
> gzip_vary on;
> gzip_proxied any;
> gzip_comp_level 6;
> gzip_buffers 16 8k;
> gzip_http_version 1.1;
> gzip_types
>    application/atom+xml
>    application/javascript
>    application/json
>    application/rss+xml
>    application/vnd.ms-fontobject
>    application/x-font-ttf
>    application/x-web-app-manifest+json
>    application/xhtml+xml
>    application/xml
>    font/opentype
>    image/svg+xml
>    image/x-icon
>    text/css
>    text/plain
>    text/x-component
>    text/xml
>    text/javascript;
>
> ##
> # Virtual Host Configs
> ##
>
> include /etc/nginx/conf.d/*.conf;
> include /etc/nginx/sites-enabled/*;
> }
>
> *and *
>
> additional static files rule
> location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|
> jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|swf)$
> {
>   add_header "Access-Control-Allow-Origin" "*";
>   access_log off;
>   log_not_found off;
>   expires max;
> }
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170824/8889428a/attachment.html>

More information about the nginx mailing list