Ubuntu 20.04 new install: strange performance problems

Discussion in 'Server Operation' started by wwweiss, Nov 2, 2020.

  1. wwweiss

    wwweiss New Member HowtoForge Supporter

    I made a fresh install of Ubuntu with ispconfig following the tutorial. As I only need Web and DB I skipped everything regarding email and dns. Also I did not install FTP. The server is running only one website is active and the server is only used from two persons that work on the website.
    So the performance should always be very good.
    Randomly some pages are very slow. It may take about 10 seconds until a page loads, which normaly loads in less then one second. I see that it takes a long time to do the TLS-Handshake.
    The website runs with php-fpm. I also tried fast-cgi, but not really a difference.
    In the error log of the webiste there is nothing. In the global error log i can find these errors:
    When using fast-cgi a also get:
    This is strange because at that time I was the only person connecting to the server and only called one or two pages. Python is not used in the website only php. I cannot see anything about the slow TLS-Handshake.
    Any ideas?
     
  2. nhybgtvfr

    nhybgtvfr Active Member

    well the maxrequestworkers limit being reached will certainly cause delays. although you don't say if you've changed those settings from their default values at all.
    apart from the error logs, have you checked the access logs, just because you think only two people are using the site doesn't mean that's actually the case. if it's accessible from the internet you're probably getting loads of access attempts.

    also, although it shouldn't be necessary for a site with only a couple of users, you could try switching apache to mpm_event, and use php-fpm, both offer performance and resource utilisation improvements.
     
  3. wwweiss

    wwweiss New Member HowtoForge Supporter

    I left the default values, so they are pretty good (I also increased them for testing purpose) and the access log has nearly no other requests then mine. php-fpm is my favorite and is used in the website - fast-cgi was only used to see what happens.
    It seems to me that the TLS Handshake needs a lot of resources - but only sometimes.
     
  4. wwweiss

    wwweiss New Member HowtoForge Supporter

    One more info. I just disabled TLS1.3 in the vhost config (SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 -TLSv1.3), where I added the -TLSv1.3. Now the website runs without problems.
    But I have another server with nearly the same configuration, where TLSv1.3 runs without problems. But I remember I had a similar problem on this other server. I think I made a change which I found here in some forum, a post from Till Brehm, but I forgot to make a documentation and do not find this post again. Has anybody seen this?
     
  5. Jesse Norell

    Jesse Norell ISPConfig Developer Staff Member ISPConfig Developer

    Not offhand, no. My first thought was maybe related to SSL stapling (possibly combined with bad/intermittent dns resolution?).
     
  6. wwweiss

    wwweiss New Member HowtoForge Supporter

    Bingo! "Bad DNS resolution" pointed me into the right direction. I forgot to look into my hosts file. Here I had an entry coming from some testing after the basic install of the server. I removed this, enabled TLS1.3 and it works :)
    What I do not understand is, why the problem comes up only with TLS1.3 and not with TLS1.2.
    I assume that my knowlede about TLS is not enought to understand this.
    Here is the info for everyone who might get a similar problem (my server's name is "web"). I had in hosts:
    127.0.1.1 web web
    127.0.0.1 localhost
    which is good, and a third line
    111.222.111.222 web.mydomain.com web
    IP and name of course is only a dummy. This was obviously wrong and caused the problems with TLS1.3.
     

Share This Page