Skip to main content

CPanel NGINX 10x slower?

Comments

23 comments

  • cPDavidL
    Greetings, The configuration installed by default is a conservative known-stable config. It is entirely likely that the ea-nginx configurations will need to be optimized. This 3rd party page has more information on how to do this: How to Configure Nginx and php-fpm for High Traffic Websites
    0
  • servtastic
    Hey, Thanks for the follow up, but this isn't about high traffic. or tweaking config. This is about ea-nginx choking the server when installed and making connections 10x slower. As mentioned I installed enginetron and it bumped req per sec from 140 to 200 (ish) so I can see that an nginx cache helps. With a default Droplet, default cpanel install - adding ea-nginx (easyapache 4) kills the http response times I've done this test multiple times on 2 different default installs and get the same result - adding ea-nginx = 10 slower.
    0
  • cPRex Jurassic Moderator
    That's definitely interesting, although I can't say I've seen other similar reports of that type of slowness. If you'd like us to do some more in-depth testing, it would be a good idea to submit a ticket to our team so we can see one of the systems you are working with and examine that in real-time.
    0
  • servtastic
    Fired up a new instance, documented all steps to install cp, ran tests with and without nginx and am getting the exact same issue. Put in a ticket - let's see if they believe me this time.
    0
  • cPRex Jurassic Moderator
    Could you post the ticket number here so I can follow along?
    0
  • servtastic
    Ooops - sorry - should be #94323369
    0
  • cPRex Jurassic Moderator
    Thanks - I'm following along now so I'll be sure to keep this thread updated once I hear something.
    0
  • cPRex Jurassic Moderator
    Our team was able to trace the issue to a problem with the proxy_cache_lock setting causing issues with the testing. There were several additional things mentioned in the ticket as well, but at least we were able to determine the issue isn't slowness that is present by default :D
    0
  • Serhat
    I had to disable ngnix as soon as I enable it because of extreme slowness. Any recommendations?
    0
  • cPRex Jurassic Moderator
    @NovemberRain - did you have any luck working through the guide that was posted earlier? How to Configure Nginx and php-fpm for High Traffic Websites
    0
  • servtastic
    I have decided to give up on nginx for now - which is a shame but it currently adds more problems than solutions. No http2 out of the box. Really weird but there it is. Clearing cache. I use WP Rocket (WPR) on every site and I *really* like rocket-nginx (a tweak where nginx delivers the WPR cache file directly.) However, without the direct delivery, clearing WPR cache doesn't clear nginx cleanly. Not easily customizable. I have cpnginx on another box and can change main nginx configs from a UI. Having to manage nginx from the command line is a time suck as it is yet another structure / software to learn. eg. If I want to change the cache time from 60 mins to 5 secs, I should be able to do that from a UI - this is cpanel after all. And with enough cpu (digital ocean, optimized, 8gig/4core), plus php8, Apache is fast enough. Using the event MPM, for me a typical WP site loads in 500ms and even a fully loaded woocommerce site with a dozen woo plugins and jetpack can be under a second (in the USA.) I'll live with that for now and look at nginx once cp96 comes out for centos7 (or not)
    0
  • gnusys
    I believe the default Cpanel Nginx setup is a proxy to the apache configuration. Please check the Nginx error_log when you're run the benchmark. Does it show errors?
    0
  • cPRex Jurassic Moderator
    I believe the default Cpanel Nginx setup is a proxy to the apache configuration

    That's correct - the supported version at this time is the reverse proxy configuration outlined here: NGINX with Reverse Proxy | cPanel & WHM Documentation
    0
  • servtastic
    ... and a follow up issue with nginx as currently configured (if I understand the docs correctly.) Nginx accepts the inbound connection and responds, but does not pass any logs back to apache. If that is the case, then mod_security (inside of apache) does not get any information for that connection. Which means mod_security rules do not get applied to nginx cache connections. Example: Connection 1: legitimate IP requests a file / pages. File/page gets proxied by nginx. Connection 2-10+: bad ips, non valid requests, should be blocked by apache. Do not get blocked by nginx which happily serves the file/page to requestors that should be blocked. Again, if I am reading the docs right, isn't Nginx bypassing mod_security in some cases by not logging back to apache?
    0
  • servtastic
    Informal testing on the old instance I am about to destroy (digitalocean, 4core/8gig/basic.) I have confirmed the behavior mentioned in my previous post. 1. apache only - logging works, no http2 module, no http2 (confirmed with tools.keycdn.com) 2. apache only - logging works, installed http2 via easyapache / http2 working (confirmed with tools.keycdn.com) 3. install ea-nginx via easyapache (see errors below) 4. nginx proxy, no logging in apache logs, no http2 (confirmed with tools.keycdn.com) I would appear Nginx does not provide http2 (out of the box) and negates apache providing http2 when nginx is enabled. Plus does not log to apache logs, in theory negating some mod security / LFD rules. Notes: Nginx was provisioned (eventually) by EasyApache but was restarted by chkserv with the following warning May 15 14:36:43 ns1.servtastic.net nginx[28344]: nginx: [warn] could not build optimal server_names_hash, you should increase either server_names_hash_max_size: 1024 or server_names_hash_bucket_size: 128; ignoring server_names_hash_bucket_size
    0
  • cPRex Jurassic Moderator
    I believe that's a known issue, which is why we have this experimental option we're working on: ModSecurity" 3 | cPanel & WHM Documentation
    0
  • uk01
    Interesting, we just tried easy Apache nginx on 2 servers Magento 2 server Shared host server after activating on both Google page speed tests were significantly lower so we deactivated straight away for now. then came across this thread
    0
  • cPRex Jurassic Moderator
    That's very interesting - there isn't a logical reason that it would be slower. I suppose it's possible the very first requests could be slower, but once the cache is built up it should be much quicker as Apache is reading from that instead of handling each request as new. Could you submit a ticket to our team so we could do some more testing with this on your server?
    0
  • uk01
    I"m unable to submit a ticket at present as these are busy servers, a shared host and busy Magento site. We tried it overnight. Totally logical what you are saying though, however I ran the Google speed test a few times to ensure the test website was cached. eg Speedtest without nginx 70/100 With nginx 44/100 (after several tests)
    0
  • cPRex Jurassic Moderator
    If you can get a ticket submitted at some point, we're happy to do the work at a certain time as our support works 24x7 and we can schedule tasks.
    0
  • hydn79
    has this been solved?
    0
  • cPRex Jurassic Moderator
    @hydn79 - I'm not sure there was an issue to solve in this thead. While some users reported slower performance with nginx, it's definitely not the norm of what we're seeing. My best advice would be to try it for yourself and see how it behaves on your machine. It's easy to remove by uninstalling the RPM if you aren't happy with the performance.
    0
  • IndicHosts.net
    eg Speedtest without nginx 70/100 With nginx 44/100 (after several tests)

    Reverse proxy is another software added to the stack which then adds to the latency. So the slowness, Reverse proxy only makes sense when used with a working cache. If the caching is not needed or the requests are not being served by cache... reverse proxy will always be slower! Even LiteSpeed is faster when used with LSCache else plain apache with php-fpm tuned will out do a reverse proxy
    0

Please sign in to leave a comment.