8
网站开通https后,iphone用户反映访问很慢?
source link: https://blog.star7th.com/2022/05/2453.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
网站开通https后,iphone用户反映访问很慢?
在某些情况下,iphone用户访问我们(站长)https网站的时候会很慢,一直卡着甚至无响应。如果排除了用户网络问题、网站服务本身问题,那么很可能跟https证书有关。
默认情况下,客户端访问https站点的时候会尝试去OCSP服务器查询证书有效情况。由于Let’s Encrypt OCSP 的服务器在国外,导致查询证书有效性的时间过长。这种情况下我们可以考虑开启服务器OCSP Stapling来加快速度,意思是让客户端不去检测有效性,而是由服务器去检查。
下面给出一个nginx配置OCSP Stapling的例子。
server {
listen 443 ssl ;
ssl_certificate /root/star7th.com/fullchain.cer;
ssl_certificate_key /root/star7th.com/star7th.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
# 开启 OCSP Stapling ---当客户端访问时 NginX 将去指定的证书中查找 OCSP 服务的地址,
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 202.96.134.133 valid=300s;
resolver_timeout 2s;
ssl_trusted_certificate /root/star7th.com/fullchain.cer;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 180m;
server_name blog.star7th.com;
root /www/;
index index.html index.php index.htm;
charset utf8; # 编码
}
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK