Question

Massive slowdown adding ssl to my nginx configuration (running Ubuntu 12.04)

Posted May 1, 2014 4.4k views
As the title says, I recently added ssl to my website and have noticed a massive slow down in response time. I used to average about 250-400ms response time, now it is about 1000ms. Most of this is due to the ssl handshake and an unknown amount of waiting period. The website in question is asianessentials.co.uk. I am currently on the $5 package from digital ocean, does this problem require a hardware upgrade to rectify? Or is it something I can fix from my configuration? Any help would be much appreciated.
Add a comment
rb
By:
rb

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
6 answers
sianios May 1, 2014
You are fine with the package but if you get more traffic in your website definitely you will need a bigger DO package. Here the website loads in a second, try clearing your browser history, cache etc.
Reply Report
rb May 1, 2014
Hi Marinos,

I am actually benchmarking using pingdom's tools. They ping my server every minute, so my average values are over a few days and there is definitely an increase in time.

Do you have any tips for how I could reduce the response time without going for a bigger DO package?
Reply Report
UKn0Me May 1, 2014
Give something like this a try (customizing to suit your setup)

server {
listen 80;
listen 443 ssl spdy;
server_name example.com;
root /path/to/files;
index index.html index.htm index.php;

location / {
try_files $uri $uri/ /index.php?$args;
expires max;
}

if ($https != "on") {
return 301 https://$host$uri;
}

ssl on;
spdy_headers_comp 9;
ssl_stapling on;
resolver 8.8.8.8
8.8.4.4 valid=3600s;
resolver_timeout 4s;
ssl_stapling_verify on;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:60m;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
add_header Strict-Transport-Security "max-age=31536000";
ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-RC4-SHA:ECDHE-RSA-RC4-SHA:ECDH-ECDSA-RC4-SHA:ECDH-RSA-RC4-SHA:ECDHE-RSA-AES256-SHA:RC4-SHA;

ssl_certificate /path/to/certificate.crt;
ssl_trusted_certificate /path/to/ca.crt;
ssl_certificate_key /path/to/key.key;
}
Reply Report
asb May 1, 2014
I think Aidhan is pointing you in the right direction. Using spdy is probably your best bet.
Reply Report
rb May 12, 2014
Hi Aidhan,

Do you mind going through what about that config is customised to suit my setup?

Currently I can see two immediate problems: the default build of nginx on ubuntu 12.04 doesn't support spdy or ssl_stapling.
Reply Report
jonathan May 17, 2014
@rb: sudo apt-get install nginx-extras
Reply Report

Looking for something else?

Ask a new question Search for more help