我在这个网站和其他网站上多次看到过这个问题,但是它们都没有为我的问题提供有效的解决方案。
我有一台运行 apache 2.2.22 的 ubuntu 服务器 12.04。http 流量运行良好,但 SSL 流量非常慢。在加载网站时,我可以看到图像加载,而在 http 版本中,它们几乎都是立即加载的。我运行了一些测试:
HTTP:
ab -n 1000 -c 250 http://IP/test.jpeg
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking IP (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests
Server Software: Apache/2.2.22
Server Hostname: IP
Server Port: 80
Document Path: /test.jpeg
Document Length: 19558 bytes
Concurrency Level: 250
Time taken for tests: 11.104 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 19842000 bytes
HTML transferred: 19558000 bytes
Requests per second: 90.06 [#/sec] (mean)
Time per request: 2775.995 [ms] (mean)
Time per request: 11.104 [ms] (mean, across all concurrent requests)
Transfer rate: 1745.05 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 254 549 872.4 270 3289
Processing: 518 2046 1584.9 1250 8370
Waiting: 258 1596 1532.1 724 7214
Total: 779 2595 2044.1 1525 10467
Percentage of the requests served within a certain time (ms)
50% 1525
66% 2192
75% 3424
80% 4248
90% 6013
95% 7175
98% 7723
99% 10189
100% 10467 (longest request)
HTTPS:
ab -n 1000 -c 250 https://IP/test.jpeg
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking IP (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests
Server Software: Apache/2.2.22
Server Hostname: IP
Server Port: 443
SSL/TLS Protocol: TLSv1/SSLv3,DHE-RSA-AES256-SHA,1024,256
Document Path: /test.jpeg
Document Length: 19558 bytes
Concurrency Level: 250
Time taken for tests: 62.911 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Total transferred: 19842000 bytes
HTML transferred: 19558000 bytes
Requests per second: 15.90 [#/sec] (mean)
Time per request: 15727.734 [ms] (mean)
Time per request: 62.911 [ms] (mean, across all concurrent requests)
Transfer rate: 308.01 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 1225 8408 3478.8 8733 14994
Processing: 957 6470 3693.6 5922 13997
Waiting: 258 2422 1720.7 1711 8113
Total: 10486 14878 4730.7 12594 27169
Percentage of the requests served within a certain time (ms)
50% 12594
66% 14805
75% 14828
80% 21609
90% 22990
95% 23136
98% 27115
99% 27125
100% 27169 (longest request)
具有保持活动的 HTTPS:
ab -k -n 1000 -c 250 https://IP/test.jpeg
This is ApacheBench, Version 2.3 <$Revision: 655654 $>
Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
Licensed to The Apache Software Foundation, http://www.apache.org/
Benchmarking IP (be patient)
Completed 100 requests
Completed 200 requests
Completed 300 requests
Completed 400 requests
Completed 500 requests
Completed 600 requests
Completed 700 requests
Completed 800 requests
Completed 900 requests
Completed 1000 requests
Finished 1000 requests
Server Software: Apache/2.2.22
Server Hostname: IP
Server Port: 443
SSL/TLS Protocol: TLSv1/SSLv3,DHE-RSA-AES256-SHA,1024,256
Document Path: /test.jpeg
Document Length: 19558 bytes
Concurrency Level: 250
Time taken for tests: 13.565 seconds
Complete requests: 1000
Failed requests: 0
Write errors: 0
Keep-Alive requests: 1000
Total transferred: 19852150 bytes
HTML transferred: 19558000 bytes
Requests per second: 73.72 [#/sec] (mean)
Time per request: 3391.342 [ms] (mean)
Time per request: 13.565 [ms] (mean, across all concurrent requests)
Transfer rate: 1429.14 [Kbytes/sec] received
Connection Times (ms)
min mean[+/-sd] median max
Connect: 0 1051 2562.0 0 11662
Processing: 258 903 667.8 556 2710
Waiting: 254 466 460.8 268 1840
Total: 258 1954 2982.9 565 12518
Percentage of the requests served within a certain time (ms)
50% 565
66% 830
75% 1096
80% 1361
90% 8746
95% 8753
98% 9244
99% 9595
100% 12518 (longest request)
我可以理解 https 可能比 http 慢一点,这应该可以通过 keepalive 来缓解,但我仍然不明白为什么会有这么大的差异,以及为什么我实际上看到它加载速度非常慢。我认为是我配置错误,因为按照我安装的顺序服务器,https 的速度并没有那么慢。
其他可能有用的信息包括:
cat mods-available/ssl.conf |grep SSLRandomSeed
SSLRandomSeed startup builtin
SSLRandomSeed startup file:/dev/urandom 1024
SSLRandomSeed connect builtin
SSLRandomSeed connect file:/dev/urandom 1024
这是我创建证书的方式:
openssl req -new -x509 -days 365 -nodes -out /etc/apache2/ssl/apache.pem -keyout /etc/apache2/ssl/apache.key
这是默认 ssl 的配置:
<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/apache2/ssl/apache.pem
SSLCertificateKeyFile /etc/apache2/ssl/apache.key
DocumentRoot /var/www/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
有任何想法吗?
更新:
到目前为止只有 chrome 才会这么慢...Firefox 和 Safari 都没问题,这绝对可以给出提示,我将对此进行调查。
答案1
您正在使用 /dev/urandom 作为随机种子,因此这不会成为熵池阻塞问题。
如果您注意到整个流仅在 https 上很慢(不仅是启动慢,而且速率也很慢),则应检查服务器是否配置充分。加密和签名可能相当耗费 CPU;请检查top(以及您的平均负载)。如果您的 CPU 或 RAM 数量异常少,则这种情况是有道理的。
另请注意:证书不用于实际加密,仅用于密钥交换和身份验证。根据连接开始时客户端和服务器之间协商的功能和偏好,生成随机会话密钥并用于加密。作为测试,您可以尝试在密码规范中禁用除低安全性密码之外的所有密码。