Default BitrixVM and green zone Google Pagespeed Insights?

T

Tech2019-09-25 11:18:05

Nginx

Tech, 2019-09-25 11:18:05

Initial data:
VDS.
Proc:

Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
Address sizes:       39 bits physical, 48 bits virtual
CPU(s):              8
On-line CPU(s) list: 0-7
Thread(s) per core:  1
Core(s) per socket:  1
Socket(s):           8
NUMA node(s):        1
Vendor ID:           GenuineIntel
CPU family:          15
Model:               6
Model name:          Common KVM processor
Stepping:            1
CPU MHz:             3312.012
BogoMIPS:            6624.02
Hypervisor vendor:   Microsoft
Virtualization type: full
L1d cache:           32K
L1i cache:           32K
L2 cache:            4096K
L3 cache:            16384K
NUMA node0 CPU(s):   0-7

Process test:
#7zr b -mmt1 -md26

7-Zip (a) [64] 16.02 : Copyright (c) 1999-2016 Igor Pavlov : 2016-05-21
p7zip Version 16.02 (locale=en_US.UTF-8,Utf16=on,HugeFiles=on,64 bits,8 CPUs Common KVM processor (F61),ASM,AES-NI)

Common KVM processor (F61)
CPU Freq:  3887  3923  3929  3959  4007  4010  4039  4031  4014

RAM size:   16041 MB,  # CPU hardware threads:   8
RAM usage:    803 MB,  # Benchmark threads:      1

                       Compressing:
Speed KiB/s: 3828 
R/U: 3793 MIPS
Rating: 3792 MIPS

Decompressing:
Speed KiB/s: 43198 
R/U: 3793 MIPS
Rating: 3792 MIPS

RAM: 16GB
SSD:

#/sbin/sysctl -w vm.drop_caches=3 && dd if=tempfile of=/dev/null bs=1K count=1048576
vm.drop_caches = 3
1048576+0 records in
1048576+0 records out
1073741824 bytes (1.1 GB, 1.0 GiB) copied, 1.98889 s, 540 MB/s

Internet channel 200Mbps.
That is, the physical characteristics are generally quite good.
Installed from scratch BitrixVM (we also tried a freshly installed CentOS with a knurled bitrix-env script).
That is, the official default installation of bitrix.
Google Pagespeed gives 45 mobile and 87 desktop.
The quality monitor in the Bitra admin panel reports that out of 26 required tests, only 7 have been passed. Of the particularly interesting ones, "PHP is not configured optimally" and "The kernel has been modified."
The 1st question is rather rhetorical: Why don't the Bitrovites make the default installation of the site without errors in the quality monitor and the maximum number of points in Google pagespeed?
2nd question. Can someone share their quality nginx+php-fpm configs for bitra? Since I don’t see the point in bitrix-env for myself, due to the phenomenon of an extra layer, we don’t plan to use Apache there, and also, we don’t plan a cluster.
Just in case, I will give my nginx config, maybe you can throw something out of it or, on the contrary, add it.

server {
    listen       80;
    server_name  22mysite22.ru.ru;
    return       301 https://$host$request_uri;
}
server {
        listen 443 ssl http2;
        ssi on;
  ssl on;
        server_name 22mysite22.ru;
        charset off;
        #disable_symlinks if_not_owner from=$root_path;
        index index.php;
        root $root_path;
        set $root_path /var/www/mysite;
        set $php_sock unix:/run/php/php7.3-fpm.sock;
  ssl_stapling on;
    	ssl_stapling_verify on;
        ssl_certificate /etc/letsencrypt/live/22mysite22.ru/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/22mysite22.ru/privkey.pem;
  ssl_dhparam /etc/nginx/dhparam.pem;
  ssl_session_tickets off;
    	ssl_session_timeout 1d;
    	ssl_session_cache shared:SSL:10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
  ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
  ssl_prefer_server_ciphers on;
  add_header Strict-Transport-Security max-age=31536000;
        access_log /var/log/nginx/_access.log;
        error_log /var/log/nginx/error.log;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        client_max_body_size 1024M;
        client_body_buffer_size 4M;

        location / {
                try_files       $uri $uri/ @bitrix;
        }

        location ~* /upload/.*\.(php|phtml|pl|asp|aspx|cgi|dll|exe|shtm|shtml|fcg|fcgi|fpl|asmx|pht|py|psp|rb|var)$ {
                types {
                        text/plain text/plain php phtml pl asp aspx cgi dll exe ico shtm shtml fcg fcgi fpl asmx pht py psp rb var;
                }
        }

        location ~ \.php$ {
                try_files       $uri @bitrix;
                fastcgi_pass    $php_sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f wm@test.ru";
                include fastcgi_params;
        }
        location @bitrix {
                fastcgi_pass    $php_sock;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root/bitrix/urlrewrite.php;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f wm@test.ru";
        }
        location ~* /bitrix/admin.+\.php$ {
                try_files       $uri @bitrixadm;
                fastcgi_pass    $php_sock;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f wm@test.ru";
                include fastcgi_params;
        }
        location @bitrixadm{
                fastcgi_pass    $php_sock;
                include fastcgi_params;
                fastcgi_param SCRIPT_FILENAME $document_root/bitrix/admin/404.php;
                fastcgi_param PHP_ADMIN_VALUE "sendmail_path = /usr/sbin/sendmail -t -i -f wm@test.ru";
        }

        location = /favicon.ico {
                log_not_found off;
                access_log off;
        }

        location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
        }
        #
        # block this locations for any installation
        #

        # ht(passwd|access)
        location ~* /\.ht  { deny all; }

        # repositories
        location ~* /\.(svn|hg|git) { deny all; }

        # bitrix internal locations
        location ~* ^/bitrix/(modules|local_cache|stack_cache|managed_cache|php_interface) {
          deny all;
        }

        # upload files
        location ~* ^/upload/1c_[^/]+/ { deny all; }

        # use the file system to access files outside the site (cache)
        location ~* /\.\./ { deny all; }
        location ~* ^/bitrix/html_pages/\.config\.php { deny all; }
        location ~* ^/bitrix/html_pages/\.enabled { deny all; }

        # Intenal locations
        location ^~ /upload/support/not_image   { internal; }

        # Cache location: composite and general site
        location ~* @.*\.html$ {
          internal;
          # disable browser cache, php manage file
          expires -1y;
          add_header X-Bitrix-Composite "Nginx (file)";
        }

        # Player options, disable no-sniff
        location ~* ^/bitrix/components/bitrix/player/mediaplayer/player$ {
          add_header Access-Control-Allow-Origin *;
        }

        # Accept access for merged css and js
        location ~* ^/bitrix/cache/(css/.+\.css|js/.+\.js)$ {
          expires 30d;
          error_page 404 /404.html;
        }

        # Disable access for other assets in cache location
        location ~* ^/bitrix/cache              { deny all; }

        # Use nginx to return static content from s3 cloud storage
        # /upload/bx_cloud_upload/<schema>.<backet_name>.<s3_point>.amazonaws.com/<path/to/file>
        # Static content
        location ~* ^/(upload|bitrix/images|bitrix/tmp) {
          expires 30d;
        }

        location  ~* \.(css|js|gif|png|jpg|jpeg|ico|ogg|ttf|woff|webp|eot|otf)$ {
          error_page 404 /404.html;
          expires 30d;
        }

        location = /404.html {
                access_log off ;
        }

}

Gzip is included in the main nginx.conf config:

gzip on;

  gzip_vary on;
  gzip_proxied any;
  gzip_comp_level 6;
  gzip_buffers 16 8k;
  gzip_http_version 1.1;
  gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

#nginx -v
nginx version: nginx/1.14.2

This config is already on debian 10. Opcash and php are tuned (sort of).
With this config, the same scores in Google pagespeed 45/85.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

Alexander, 2019-09-25
@bioid

Here are all the configs that you brought, they have nothing to do with the results of Google Pagespeed Insights. You can turn them up to the ideal and achieve another increase of 1-2 points maximum or even 0 if there were no problems with caching and return speed.
Basically, the score depends on the layout of your site and the correctness of the preparation of materials.
In addition, please note that simply following the advice of GPSI will lead to the fact that the site will not load nicely and slowly.
This leads to the answer to the first question:
Because it is impossible.
And the answer to the second question is not really needed at all, but if it is needed, then it is not correct, since in order to answer it you need to know - what exactly in the work of nginx does not suit you now?