nginx 服务器上的 SSL 耗时过长

tag-icon tag-icon nginx certbot
nginx 服务器上的 SSL 耗时过长

我有一个使用 nginx、php-fpm 的网站,并使用 lets encrypt centbot 进行 ssl

以下是检查我的网站响应时间的检查:

查看屏幕截图

here is the full config of virtualhost for that website:
fastcgi_cache_path /var/run/nginx-cache levels=1:2 keys_zone=WORDPRESS:300m inactive=90m;
fastcgi_cache_key "$scheme$request_method$host$request_uri";
fastcgi_cache_use_stale error timeout invalid_header http_500;
fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

server {

        listen 80;
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name example.com www.example.com;

        root      /var/www/example.com/public_html;
        index     index.html index.htm index.php;

        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

        #Force redirect http to https
        if ($scheme != "https") {
                return 301 https://$host$request_uri;
        }

        location / {

            #wp perma directive
            try_files $uri $uri/ /index.php?$args;


        }


        # Pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9000;
                fastcgi_index index.php;
                fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;

                fastcgi_cache_bypass $skip_cache;
                fastcgi_no_cache $skip_cache;
                fastcgi_cache WORDPRESS;
                fastcgi_cache_valid 90m;
                include fastcgi_params;
        }


        #DHPARAM
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        location ~ /.well-known/acme-challenge/ {
                root /var/www/example.com/public_html;
                allow all;
        }

        ## SSL
        ssl_session_cache shared:SSL:20m;
        ssl_session_timeout 10m;

        ssl_prefer_server_ciphers On;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8 8.8.4.4 valid=300s;
        resolver_timeout 10s;


        #Gzip Settings
        gzip on;
        gzip_vary on;
        gzip_proxied any;
        gzip_comp_level 2;
        gzip_buffers 16 8k;
        gzip_http_version 1.1;
        gzip_min_length 5000;
        gzip_types text/xml text/css text/javascript;
}

这些规则与此有什么关系吗?我可以实现某种 SSL 缓存来加快速度吗?

SSL

ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;

ssl_prefer_server_ciphers On;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;

ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 10s;

相关内容