Massive slowdown adding ssl to my nginx configuration (running Ubuntu 12.04)

Posted May 1, 2014 4.7k views
As the title says, I recently added ssl to my website and have noticed a massive slow down in response time. I used to average about 250-400ms response time, now it is about 1000ms. Most of this is due to the ssl handshake and an unknown amount of waiting period. The website in question is I am currently on the $5 package from digital ocean, does this problem require a hardware upgrade to rectify? Or is it something I can fix from my configuration? Any help would be much appreciated.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
6 answers
You are fine with the package but if you get more traffic in your website definitely you will need a bigger DO package. Here the website loads in a second, try clearing your browser history, cache etc.
Hi Marinos,

I am actually benchmarking using pingdom's tools. They ping my server every minute, so my average values are over a few days and there is definitely an increase in time.

Do you have any tips for how I could reduce the response time without going for a bigger DO package?
Give something like this a try (customizing to suit your setup)

server {
listen 80;
listen 443 ssl spdy;
root /path/to/files;
index index.html index.htm index.php;

location / {
try_files $uri $uri/ /index.php?$args;
expires max;

if ($https != "on") {
return 301 https://$host$uri;

ssl on;
spdy_headers_comp 9;
ssl_stapling on;
resolver valid=3600s;
resolver_timeout 4s;
ssl_stapling_verify on;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:60m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000";

ssl_certificate /path/to/certificate.crt;
ssl_trusted_certificate /path/to/ca.crt;
ssl_certificate_key /path/to/key.key;
I think Aidhan is pointing you in the right direction. Using spdy is probably your best bet.
Hi Aidhan,

Do you mind going through what about that config is customised to suit my setup?

Currently I can see two immediate problems: the default build of nginx on ubuntu 12.04 doesn't support spdy or ssl_stapling.
@rb: sudo apt-get install nginx-extras