Peter de Bruijn Peter de Bruijn - 15 days ago 4
HTTP Question

NGINX as reverse Proxy slowing down website much

We are using NGINX as reverse proxy to integrate to websites. All requests for are forwarded to one website or the other based on the url. We woudld have expected a small performance loss because of the additional 'hops' but the performance is really bad. Loading css, js and images take 1-2 seconds per resource. The NGINX server is <1% CPU load.

If I investigate with Firebug I see huge block and wait times in the Net panel:Performance via NGINX as reverse proxy

If we go the the original website directly, It is much faster (~100 ms):
enter image description here

You can see the effect on https://www.alleszelf.nl. You can bypass the proxy by adding '37.60.230.181 www.alleszelf.nl' to your hostfile. What can be the cause of this 'throtteling'?

This is my site config:

server {
listen 80;
server_name *.alleszelf.nl;
return 301 http://www.alleszelf.nl$request_uri;
}

server {
listen 80;
root /var/www/;
index index.php index.html index.htm index.asp index.aspx;
server_name www.alleszelf.nl;
return 301 https://$server_name$request_uri;
include includes/alleszelf.nl-redirects.conf;

location / {
return 301 https://$server_name$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://107.6.185.172:80;
proxy_set_header X-Forwarded-Proto "http";
}
location /account {

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://platform.alleszelf.nl:80;
}
location /contentowner {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://platform.alleszelf.nl:80;
}
}

server {
listen 443;
root /var/www/;
index index.php index.html index.htm index.asp index.aspx;
server_name www.alleszelf.nl;
ssl_certificate /etc/ssl/private/alleszelf.nl/cert.crt;
ssl_certificate_key /etc/ssl/private/alleszelf.nl/cert.key;
ssl_client_certificate /etc/ssl/private/alleszelf.nl/ca.crt;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;

include includes/alleszelf.nl-redirects.conf;

location / {
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass https://107.6.185.172:443;
}
location /account/ {
#return 301 http://$server_name$request_uri;
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://platform.alleszelf.nl:80;
}
location /contentowner/ {
#return 301 http://$server_name$request_uri;
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
proxy_pass http://platform.alleszelf.nl:80;
}
}


And this is my nginx.config:

user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
worker_connections 18000;
multi_accept on;
}

http {

##
# Basic Settings
##

sendfile on;
tcp_nopush off;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
client_max_body_size 5M;
#proxy_buffering off;
#access_log off;

# server_names_hash_bucket_size 64;
# server_name_in_redirect off;

include /etc/nginx/mime.types;
default_type application/octet-stream;

##
# SSL Settings
##

ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;

##
# Logging Settings
##

access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;

##
# Gzip Settings
##

gzip on;
gzip_disable "msie6";

gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript application/javascript text/xml application/xml application$

##
# Virtual Host Configs
##

include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

Answer

You are using HTTP/2 on your original server, but not on the reverse proxy. Seeing the number of additional resources your page is loading, this is at least part of the problem.