Performance issues with nginx proxy

xoxys · September 26, 2018, 11:31am

Platform information:
- Hardware: Raspnerry Pi 2
- OS: CentOS 7
- Java Runtime Environment: zulu latest
- openHAB version: 2.3.0

Hi,
i have some performance issues with nginx in front of openhab 2. The load time from openhab without nginx is round about a second but if i open the webinterface over nginx there is a very high load time from more than 5 seconds before the webinterface is accessable…

The nginx is running on a separate server and used as proxy for multiple applications. No one of the other apps (e. g. Ubiquiti Unifi Controller, also a Java application) behind this proxy has these issues, so i have no idea what’s causing the problems with openhab…

Has anyone noticed similar behavior?

Benjy · September 26, 2018, 11:36am

Could we see your nginx configuration? I’m assuming it’s similar to the one suggested.

xoxys · September 26, 2018, 11:59am

Yes, vhost server block is the same as mentioned in the docs with (i think so ) not necessary differents:

use nginx upstrean instead of direct proxy pass

upstream backend {
server 1.2.3.4:8443;
}

server {
listen 80;
server_name myserver.example.com;

return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name myserver.example.com;
location / {
    proxy_pass https://backend;

    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

ssl_certificate /etc/pki/tls/certs/mycert;
ssl_certificate_key /etc/pki/tls/private/mykey;
}

strict ssl settings

ssl_ciphers ‘ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA’;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2;
ssl_session_cache shared:SSL:10m;

some heades

add_header Strict-Transport-Security “nginx_hsts_max_age=63072000; includeSubDomains”;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection “1; mode=block”;

and basic gzip compression setting in nginx.conf

Benjy · September 26, 2018, 12:36pm

I’m not sure unfortunately.

What is taking the largest amount of time when you look at the performance metrics (inside chrome or firefox) and refreshing the page?

xoxys · September 26, 2018, 12:44pm

I can’t say at the moment but will have a look at home

xoxys · September 26, 2018, 8:22pm

Ok, i found the “issue”… so what i figured out:

browser — https —> nginx — https —> openhab

endless slow… chrome says 5s

browser — https —> nginx — http —> openhab

works good, < 1s

browser — https —> openhab

works good, < 1s

I have no idea whats going on and why nginx with ssl passthrough to openhab is so slow… Any suggestions?

xoxys · October 6, 2018, 12:53am

@Benjy can you reproduce this behaviour? Should we open an issue for this?

Benjy · October 7, 2018, 1:14pm

I won’t be able to for a couple of days, but will try and let you know what I find soon.

xoxys · October 29, 2018, 7:53am

@Benjy any news? Otherwise i can also open an issue.