我开始注意到我的 Jira 服务器上的页面加载速度非常慢。我发现这种情况只发生在通过 nginx 访问 Jira 时,但如果我使用 SSH 端口转发到服务器并直接访问后端端口,页面加载就会立即完成。
nginx 配置(/etc/nginx/sites-enabled/support.example.org.conf
):
## Jira
##
## Modified from nginx http version
## Modified from https://confluence.atlassian.com/jirakb/integrating-jira-with-nginx-426115340.html
## Modified from https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html
##
server {
listen 192.168.118.32:443 ssl;
server_name support.example.org;
server_tokens off;
## Strong SSL Security
## https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html & https://cipherli.st/
ssl on;
ssl_certificate /etc/letsencrypt/live/support.example.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/support.example.org/privkey.pem;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_session_timeout 1d;
access_log /var/log/nginx/support_access.log;
error_log /var/log/nginx/support_error.log;
location /jira {
gzip off;
proxy_read_timeout 300;
proxy_connect_timeout 300;
# proxy_redirect off;
proxy_request_buffering off;
proxy_buffering off;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8081/jira;
client_max_body_size 2G;
}
include snippets/letsencrypt.conf;
}
有些代理设置是我已经尝试过的,它们的范围从小幅改进到没有改进,但性能仍然很糟糕。
Jira 配置:(/opt/atlassian/jira/conf/server.xml
)
<?xml version="1.0" encoding="utf-8"?>
<Server port="8005" shutdown="SHUTDOWN">
<Listener className="org.apache.catalina.startup.VersionLoggerListener"/>
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on"/>
<Listener className="org.apache.catalina.core.JreMemoryLeakPreventionListener"/>
<Listener className="org.apache.catalina.mbeans.GlobalResourcesLifecycleListener"/>
<Listener className="org.apache.catalina.core.ThreadLocalLeakPreventionListener"/>
<Service name="Catalina">
<!--
==============================================================================================================
HTTPS - Proxying Jira via Apache or Nginx over HTTPS
If you're proxying traffic to Jira over HTTPS, uncomment the below connector and comment out the others.
Ensure the proxyName and proxyPort are updated with the appropriate information if necessary as per the docs.
See the following for more information:
Apache - https://confluence.atlassian.com/x/PTT3MQ
nginx - https://confluence.atlassian.com/x/DAFmGQ
==============================================================================================================
-->
<Connector port="8081" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false" secure="true" scheme="https"
proxyName="support.example.org" proxyPort="443"/>
<Engine name="Catalina" defaultHost="localhost">
<Host name="localhost" appBase="webapps" unpackWARs="true" autoDeploy="true">
<Context path="/jira" docBase="${catalina.home}/atlassian-jira" reloadable="false" useHttpOnly="true">
<Resource name="UserTransaction" auth="Container" type="javax.transaction.UserTransaction"
factory="org.objectweb.jotm.UserTransactionFactory" jotm.timeout="60"/>
<Manager pathname=""/>
<JarScanner scanManifest="false"/>
<Valve className="org.apache.catalina.valves.StuckThreadDetectionValve" threshold="120" />
</Context>
</Host>
<Valve className="org.apache.catalina.valves.AccessLogValve"
pattern="%a %{jira.request.id}r %{jira.request.username}r %t "%m %U%q %H" %s %b %D "%{Referer}i" "%{User-Agent}i" "%{jira.request.assession.id}r""/>
</Engine>
</Service>
</Server>
当我直接测试时,我启用了默认连接器:
<Connector port="8080" relaxedPathChars="[]|" relaxedQueryChars="[]|{}^\`"<>"
maxThreads="150" minSpareThreads="25" connectionTimeout="20000" enableLookups="false"
maxHttpHeaderSize="8192" protocol="HTTP/1.1" useBodyEncodingForURI="true" redirectPort="8443"
acceptCount="100" disableUploadTimeout="true" bindOnInit="false"/>
我做错了什么或者我怎样才能提高表现?
答案1
你的 nginx 配置看起来没问题,但是为什么你禁用 gzip?
确保 JIRA -> '管理' -> '全局设置' -> '常规配置' 中的 gzip 压缩设置为“开启”。然后从 nginx vhost 中删除配置行:
gzip off;
并添加例如此示例配置:
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
答案2
切换到 Apache HTTPD 和 mod_proxy_ajp 以跟踪不同的页面Jira 的文档似乎解决了这个问题。对问题发表评论这表明这是一个nginx 中的缺陷。