Getting about a 5sec delay for SOL handshake,anybody else?
Getting about a 5sec delay for SOL handshake,anybody else?
It's been an ongoing issue for a couple of weeks now, relating to the HTTPS addresses and only occurs occasionally.
The last hour or so is the first time I've experienced it since it began to occur.
Edit- here we go, previous thread.
https://storiesonline.net/d/s6/t5766/slow-absent-server
Due to the difficulty in configuring the new server software (nginx is a shit show configuration-wise; still trying to get a php script to respond to 404) I keep trying to see if I can find what's causing this issue.
Every day I do a software update on the servers and if there is something new relating to encryption then I try full https again. Today there was such an update and tried full https, let's just say that the new version didn't fix whatever is going on with the servers.
It's amazing that non of the "experts" we consulted so far have not figured it out. It started just like that out of nothing and it's still going on. We even reverted the three software updates that preceded the first instance, and nothing.
SOL suddenly develops a problem not related to any of the changes you made to SOL software.
Logic says that if it is a software problem and you made no software changes, perhaps the site hosting SOL made a change to their software.
Perhaps the host site made a hardware change and the new hardware is not compatible with SOL's software.
Then again, maybe you made a change that affects something and you overlooked the change as a possibility.
Good luck.
Regarding slow https:
There is one know issue with openSSL library which could give you the symptoms your are experiencing.
If the cpu isn't trusted or has a bug (AMD...) the library may fall back to alternative ways to genereate entropy and entropy generation can be slow and a limiting factor in establishing ssl connection.
However, those problem are well known and documented, your "experts" should have spotted that.
Anyway, it would be a good idea to check your entropy (from where the SSL is established) note that if you are in a VM, the Hypervisor should supply the rng thus bad entropy inside the VM means bad hypervisor or bad VM integration with the hypervisor.
Here is an article about entropy diagnostic:
https://www.cyberciti.biz/open-source/debian-ubuntu-centos-linux-setup-additional-entropy-for-server-using-aveged-rng-tools-utils/
Remark: if your ISP upgraded your hardware to a recent AMD CPU you may be facing a rng cpu bug. A server BIOS update should solve the problem.
Another potential issue could be the SSL library offloading to hardware accelerator.
With a modern CPU, those SSL accelerator are not really needed.
It would be a good idea to benchmark the SSL library on the various encryption algorythms allowed in your server SSL configuration (openssl has an integrated benchmark).
Note that if your issue is entropy, switching to nginx will not improve your server response time!!
nginx is a shit show configuration-wise; still trying to get a php script to respond to 404
Well, it's unusual and absolutely not the same as .htaccess
Here are some good sample:
https://laravel.com/docs/5.8/deployment
https://wordpress.org/support/article/nginx/
both handle the 404
there is also an alternative syntax (=404;)
see:
https://www.digitalocean.com/community/tutorials/how-to-install-laravel-with-an-nginx-web-server-on-ubuntu-14-04
Note that both framework, serve files when found and the rest is passed to /index.php with the request in parameter, the php then decide if the url is valid:
http://storiesonline.net/a/abcd (status 200)
or not
http://storiesonline.net/a/abcde (status 404)
More on Entropy...
for https, entropy is consumed during the handshake. If you reuse the connection later, entropy is not used. So keeping the connection open longer is a good idea:
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 200
http2 will also drastically reduce the handshakes.
Here is an article about entropy diagnostic:
We measured entropy and it never dropped. Entropy stayed over 3900 at the time when handshake time reached 30 seconds. The lowest I've measured entropy was at a time when the site was performing well and it dropped down to ~3600.
So, not entropy.
nginx is a shit show configuration-wise; still trying to get a php script to respond to 404
Well, it's unusual and absolutely not the same as .htaccess
The .htaccess file was easily translated from apache syntax to nginx. It wasn't a problem.
both handle the 404
there is also an alternative syntax (=404;)
Both syntaxes failed. I may have missed something. But the most frustrating fact was the paucity of documentation available online. Nginx site really pushes you towards Nginx+ and they don't make it easy to solve even the most simple of problems. Trying to get familiar with nginx was not a good experience. SOL's engine (that I created myself) is complex. I designed it to handle multiple sites at the same time and that made some things not straight forward. Even something as simple as apache's alias functionality was nowhere near straight forward on nginx.
Anyway, we're trying something different currently and hopefully that solves the problem.
๐ค