Coming soon - Get a detailed view of why an account is flagged as spam!
view details

This post has been de-listed

It is no longer included in search results and normal feeds (front page, hot posts, subreddit posts, etc). It remains visible only via the author's post history.

3
Odd Latency Problems between Nginx and Tomcat
Post Body

I've setup a nginx proxy to front the tomcat app. However the performance is bad, and I feel bad. The pages take roughly 5 seconds to load. Though that's been observed to go up to almost 50 seconds.

The tomcat app currently has a JKS SSL certificate installed. I've confirmed with curl that the ssl certificate is valid. And that the nginx server recognizes and respects the certificate.

What's interesting is - when I curl the web page and look at statistics, responses take up to 5 seconds before it displays an output. This lines up with what we've been observing when loading a web page. Running Chrome Network metrics, this is what seems to be happening:

  1. User goes to the proxied web page.
  2. The site takes 5 seconds to connect.
  3. After about 5 seconds, the content loads as expected.

This happens for every page we access via the proxy. However going to the application itself (bypassing the proxy) is almost instantaneous. The worst we've seen is maybe 50 milliseconds to load an image. But, other than that, content on the application server itself loads quickly.

Below is my nginx config for the proxied server:

#####################################################################
# nginx.conf
#####################################################################

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    keepalive_timeout   65;
    types_hash_max_size 4096;
    gzip on;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*.conf;

    proxy_cache_path /apps01/wdtvs/nginx/proxy/cache/wdtvs levels=1:2 keys_zone=static:10m inactive=24h max_size=1g;


}

#####################################################################
# site.conf
#####################################################################

server {
   listen 443 ssl;
   server_name proxied.app.com;
   ssl_certificate  /etc/nginx/ssl/wildcard_server.crt;
   ssl_certificate_key /etc/nginx/ssl/wildcard_server.key;
   ssl_session_cache    shared:SSL:5m;
   ssl_session_timeout  10m;
   ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
   add_header X-Frame-Options "SAMEORIGIN";

   ssl_ciphers     "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA";

   ssl_prefer_server_ciphers  on;
   proxy_ssl_server_name on;

   location / {
            proxy_pass https://app.example.com:8443;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_cache         static;
   }

   location /route1 {
            proxy_pass https://app.example.com:8443/tomcat_app_route_1;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:8443;
            proxy_cache         static;
            add_header Cache-Control "public, no-transform";
   }

    location /route2 {
            proxy_pass https://app.example.com:8443/tomcat_app_route_2;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host:8443;
            proxy_cache                static;
            add_header Cache-Control "public, no-transform";
   }
}

It's modified (obviously). Any typo's in the config are likely due to me replacing app routes, etc. That said... gotta be honest here - I'm at my wits end for why this site is loading so slowly.

2 things that have been observed:

  1. When we strip ssl from the app, the site loads instantaneously.

  2. Looking at Chrome's networking tools, content sometimes returns with a 302-redirect code. But I'm unsure if this is a read hearing or not.

Any help is appreciated. Thank you.

Edit: On further review, the the 302 redirect is a red herring. I feel it's something to do with the JKS certificate. But I honestly have no idea what it could be.

Author
Account Strength
100%
Account Age
12 years
Verified Email
Yes
Verified Flair
No
Total Karma
34,362
Link Karma
3,056
Comment Karma
31,193
Profile updated: 5 days ago
Posts updated: 1 year ago
acebossrhino

Subreddit

r/nginx

Post Details

We try to extract some basic information from the post title. This is not always successful or accurate, please use your best judgement and compare these values to the post title and body for confirmation.
Posted
2 years ago
Reddit URL
View post on reddit.com
External URL
reddit.com/r/nginx/comme...