这是我的瀑布http://www.webpagetest.org/result/140417_42_H0D/1/details/
SSL 协商花费的时间太长。
我尝试应用以下文章:http://unhandledexpression.com/2013/01/25/5-easy-tips-to-accelerate-ssl/#comment-36539
我在 SSH 中尝试了第一个命令:
openssl ciphers -v ‘ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP’
但我收到错误:
-bash: !ADH: event not found
这是我的 Nginx.conf:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 100;
#gzip on;
# enable gzip compression
gzip on;
gzip_http_version 1.1;
gzip_proxied any;
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/plain application/x-javascript text/xml text/css;
gzip_vary on;
fastcgi_cache_path /var/cache/nginx2 levels=1:2 keys_zone=microcache:5m max_size=1000m;
log_format cache '$remote_addr - $remote_user [$time_local] "$request" '
'$status $upstream_cache_status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# end gzip configuration
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
# include /etc/nginx/conf.d/*.conf;
map $scheme $fastcgi_https {
default off;
https on;
}
server {
listen 80;
server_name blah.com;
return 301 https://blah.com;
}
server {
listen 443 default ssl;
ssl on;
ssl_certificate /etc/nginx/conf.d/blah.crt;
ssl_certificate_key /etc/nginx/conf.d/blah.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXP:!LOW:!RC2:!3DES:!SEED:!RC4:+HIGH:+MEDIUM;
#ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-RC4-SHA:
# ECDHE-RSA-AES128-SHA:AES128-GCM-SHA256:RC4:HIGH:
# !MD5:!aNULL:!EDH:!CAMELLIA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
#ssl_protocols SSLv3 TLSv1;
root /blah/blah;
index blah;
server_name blah;
#server_name _;
location / {
# fastcgi_param HTTPS $fastcgi_https;
index index.html index.php;
try_files $uri $uri/ @handler;
expires 30d;
# fastcgi_param HTTPS $fastcgi_https;
}
# location ~* \.html$ {
# expires -1;
#}
location ~* \.(css|js|gif|jpe?g|png)$ {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
location ~ ^/(app|includes|lib|media/downloadable|pkginfo|report/config.xml|var)/ { internal; }
location /var/export/ { internal; }
location /. { return 404; }
location @handler { rewrite / /index.php; }
location ~* .php/ { rewrite ^(.*.php)/ $1 last; }
location ~* .php$ {
fastcgi_param HTTPS $fastcgi_https;
if (!-e $request_filename) { rewrite / /index.php last; }
expires off;
# fastcgi_pass unix:/tmp/php5-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
# fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params;
}
}
}