使用所描述的方法這裡為了測量伺服器回應時間,我可以看到time_appconnect、time_pretransfer、 和time_starttransfer非常高,但僅限於透過 HTTPS 造訪網站時。
相比之下,連接到 Google 的速度非常快。
curl -w "@curl-format.txt" -o /dev/null -s "https://www.google.com"
回報
time_namelookup: 0.014433
time_connect: 0.117187
time_appconnect: 0.374567
time_pretransfer: 0.374779
time_redirect: 0.000000
time_starttransfer: 0.513398
----------
time_total: 0.514880
透過 HTTP 連接到我們的網站也相當快:
curl -w "@curl-format.txt" -o /dev/null -s "http://environmentaldashboard.org"
回報
time_namelookup: 0.004136
time_connect: 0.044469
time_appconnect: 0.000000
time_pretransfer: 0.044554
time_redirect: 0.000000
time_starttransfer: 0.166275
----------
time_total: 0.166404
但透過 HTTPS 連線是非常慢的:
curl -w "@curl-format.txt" -o /dev/null -s "https://environmentaldashboard.org"
回報
time_namelookup: 0.005211
time_connect: 0.057697
time_appconnect: 11.931837
time_pretransfer: 11.932075
time_redirect: 0.000000
time_starttransfer: 11.972374
----------
time_total: 12.009711
怎麼會這樣?據我所知,這個問題是在沒有對程式碼進行任何更改的情況下開始的。我是一個相當新的系統管理員——我可以使用什麼工具來調試這個問題?由於問題似乎與 SSL 有關,是否有可能問題實際上出在我們的憑證授權單位 (GoDaddy) 上?或者問題更可能是伺服器配置錯誤?
我不確定這是否相關,但這是environmentaldashboard.org的(稍微縮寫的)apache虛擬主機檔案:
<VirtualHost *:443>
ServerName environmentaldashboard.org
ServerAlias www.environmentaldashboard.org
SSLEngine on
SSLCertificateFile /etc/ssl/environmentaldashboard.org/environmentaldashboard.org.crt
SSLCertificateKeyFile /etc/ssl/environmentaldashboard.org/environmentaldashboard.org.key
SSLCACertificateFile /etc/ssl/environmentaldashboard.org/intermediate.crt
ServerAdmin [email protected]
DocumentRoot /var/www/environmentaldashboard.org/
ErrorDocument 404 /404.php
RewriteEngine On
<Directory /var/www/>
RewriteCond %{REQUEST_FILENAME}.php -f
RewriteRule !.*\.php$ %{REQUEST_FILENAME}.php [QSA,L]
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:80>
ServerName environmentaldashboard.org
ServerAlias www.environmentaldashboard.org
Redirect permanent / https://environmentaldashboard.org/
</VirtualHost>
編輯
grep -Ev '(rv_cron|15min|PHP Warning)' /var/log/apache2/error.log | tail -n10000
返回這個:https://pastebin.com/qZ5e5e1n
和
journalctl -xef | grep -Ev '(rv_cron|15min|buildingosd)'
返回這個:
top -d 30 | head -n50返回:
top - 19:02:38 up 8:35, 1 user, load average: 1.71, 1.98, 2.08
Tasks: 281 total, 1 running, 280 sleeping, 0 stopped, 0 zombie
%Cpu(s): 27.9 us, 3.8 sy, 0.0 ni, 55.1 id, 6.5 wa, 0.0 hi, 1.6 si, 5.0 st
KiB Mem : 4046472 total, 1300152 free, 1373280 used, 1373040 buff/cache
KiB Swap: 0 total, 0 free, 0 used. 2336100 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
8736 www-data 20 0 386056 22976 12248 S 55.6 0.6 0:06.03 apache2
15772 root 20 0 256696 81752 7072 S 22.2 2.0 1:34.52 buildingosd
14534 root 20 0 279284 104372 7104 S 16.7 2.6 2:04.70 buildingosd
19708 root 20 0 40680 3736 3116 R 16.7 0.1 0:00.05 top
1340 mysql 20 0 1583808 395376 18808 S 5.6 9.8 87:05.74 mysqld
23451 www-data 20 0 384072 20896 12156 S 5.6 0.5 0:18.71 apache2
1 root 20 0 37760 5756 3956 S 0.0 0.1 0:10.64 systemd
2 root 20 0 0 0 0 S 0.0 0.0 0:00.02 kthreadd
3 root 20 0 0 0 0 S 0.0 0.0 0:05.22 ksoftirqd/0
5 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/0:0H
7 root 20 0 0 0 0 S 0.0 0.0 3:30.70 rcu_sched
8 root 20 0 0 0 0 S 0.0 0.0 0:00.00 rcu_bh
9 root rt 0 0 0 0 S 0.0 0.0 0:00.13 migration/0
10 root rt 0 0 0 0 S 0.0 0.0 0:00.76 watchdog/0
11 root rt 0 0 0 0 S 0.0 0.0 0:00.91 watchdog/1
12 root rt 0 0 0 0 S 0.0 0.0 0:00.14 migration/1
13 root 20 0 0 0 0 S 0.0 0.0 1:13.13 ksoftirqd/1
15 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kworker/1:0H
16 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kdevtmpfs
17 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 netns
18 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 perf
19 root 20 0 0 0 0 S 0.0 0.0 0:00.10 khungtaskd
20 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 writeback
21 root 25 5 0 0 0 S 0.0 0.0 0:00.00 ksmd
22 root 39 19 0 0 0 S 0.0 0.0 0:05.73 khugepaged
23 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 crypto
24 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kintegrityd
25 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
26 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kblockd
27 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 ata_sff
28 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 md
29 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 devfreq_wq
34 root 20 0 0 0 0 S 0.0 0.0 0:00.00 kswapd0
35 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 vmstat
36 root 20 0 0 0 0 S 0.0 0.0 0:00.00 fsnotify_mark
37 root 20 0 0 0 0 S 0.0 0.0 0:00.00 ecryptfs-kthrea
53 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 kthrotld
54 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 acpi_thermal_pm
55 root 20 0 0 0 0 S 0.0 0.0 0:00.00 vballoon
56 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
57 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
58 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
59 root 0 -20 0 0 0 S 0.0 0.0 0:00.00 bioset
top -d 30以下是更新時的一些貼:
答案1
編輯:
我不認為這與證書有關,因為原始 openssl 連接最多需要 5 秒才能連接,然後很快返回;https://hastebin.com/ejipapehux.rb
$ openssl s_client -connect environmentaldashboard.org:443 -CAfile /etc/ssl/certs/ca-bundle.trust.crt | ts -s "%.S"
depth=0 C = US, ST = Ohio, L = Oberlin, O = Environmental Dashboard, CN = 104.131.103.232
verify error:num=18:self signed certificate
verify return:1
depth=0 C = US, ST = Ohio, L = Oberlin, O = Environmental Dashboard, CN = 104.131.103.232
verify return:1
05.800695 CONNECTED(00000003)
05.800967 ---
05.801019 Certificate chain
05.801060 0 s:/C=US/ST=Ohio/L=Oberlin/O=Environmental Dashboard/CN=104.131.103.232
響應初始請求需要 5 秒或更長時間Hello,因此我會檢查伺服器並查看發生了什麼;
您可以透過控制台存取機器嗎?