Answer the question
In order to leave comments, you need to log in
E
E
Evgeny Samsonov2015-08-14 13:10:46
Evgeny Samsonov, 2015-08-14 13:10:46
How to speed up ssl?
After installing certificates from the guys, WoSign noticed a strong drawdown in page loading speed. Instead of 500ms, it became 3-15 seconds, which is not cool at all. I am attaching my config. On Ubuntu 14.04 server and LEMP. I cut the certificate by copying the sent Nginx folder to my server. Made changes to the site config, replaced http:// on the site with // . Look like that's it. Maybe missed something? Google says that I still need to merge the certificates, but I only had 2 files, not 3...
server
{
listen 80;
server_name site.ru www.site.ru;
server_tokens off;
rewrite ^ https://site.ru$request_uri? permanent;
}
server
{
listen 443 ssl;
server_name site.ru www.site.ru;
ssl on;
ssl_stapling on;
keepalive_timeout 70;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers kEECDH+AES128:kEECDH:kEDH:-3DES:kRSA+AES128:kEDH+3DES:DES-CBC3-SHA:!RC4:!aNULL:!eNULL:!MD5:!EXPORT:!LOW:!SEED:!CAMELLIA:!IDEA:!PSK:!SRP:!SSLv2;
ssl_prefer_server_ciphers on;
ssl_certificate /etc/ssl/1_site.ru_bundle.crt;
ssl_certificate_key /etc/ssl/2_site.ru.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000;";
add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:; report-uri /csp-report";
access_log /var/log/nginx/site.ru.access.log;
error_log /var/log/nginx/site.ru.error.log;
root /web/site.ru;
index index.php index.html index.htm;
set $skip_cache 0;
if ($request_method = POST)
{
set $skip_cache 1;
}
if ($query_string != "")
{
set $skip_cache 1;
}
if ($request_uri ~* "/wp-admin/|/xmlrpc.php|wp-.*.php|sitemap(_index)?.xml|/my/")
{
set $skip_cache 1;
}
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in")
{
set $skip_cache 1;
}
if ($host ~* ^www\.(.*))
{
set $host_without_www $1;
rewrite ^/(.*)$ $scheme://$host_without_www/$1 permanent;
}
if (!-e $request_filename)
{
rewrite ^(.+)$ /index.php?q=$1 last;
}
error_page 404 /index.php;
location ~ .(php|html)$
{
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_cache fcgi;
fastcgi_cache_valid 200 840m;
fastcgi_pass_header "X-Accel-Redirect";
fastcgi_pass_header "X-Accel-Expires";
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
}
location /forum/
{
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
fastcgi_cache fcgi;
fastcgi_cache_valid 200 5m;
fastcgi_pass_header "X-Accel-Redirect";
fastcgi_pass_header "X-Accel-Expires";
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
}
location ~ /\.ht
{
deny all;
}
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|css|js)$
{
expires 30d;
}
} 1 answer(s)
@kentastik
E
Evgeny Samsonov, 2015-08-15 @kentastik
I removed the advertising widget with http urls and everything flies again.
Similar questions
A
D
V
V
Vasily2013-06-26 04:51:39
How to close an SSL session in nginx when authorized with a certificate?
1Reply
A
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question