What happens when you attempt to access via lynx
or curl
from the local host or from a machine on the network?
Also, look at this block from Apache:
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
I would recommend getting rid of that whole block, restarting Apache & trying again. I have had odd hangs as well when Apache does some deny
actions against a localhost or a local IP address. Weird DNS lookup issues can hang Apache on a per request basis. And a delay of 12 seconds per page makes me think that is the cause. But it's not 100% clear from your config if the block I am pointing out is the culprit or not. But do some kind of search for DNS lookup related tasks connected to Apache.
Also, it's hard to say what settings should be on your server without observing your sites real traffic, but I suggest that your KeepAlive
settings seem resource heavy. I would recommend changing as so:
KeepAlive On
MaxKeepAliveRequests 50
KeepAliveTimeout 2
I would also recommend lowering MaxClients
and adding ServerLimit
adjusting MaxRequestsPerChild
as well in your main apache2.conf
like so:
<IfModule mpm_prefork_module>
StartServers 5
MinSpareServers 5
MaxSpareServers 10
ServerLimit 90
MaxClients 90
MaxRequestsPerChild 2000
</IfModule>
<IfModule mpm_worker_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 64
ThreadLimit 64
ThreadsPerChild 25
ServerLimit 90
MaxClients 90
MaxRequestsPerChild 2000
</IfModule>
<IfModule mpm_event_module>
StartServers 2
MinSpareThreads 25
MaxSpareThreads 64
ThreadLimit 64
ThreadsPerChild 25
ServerLimit 90
MaxClients 90
MaxRequestsPerChild 2000
</IfModule>
Also, I highly recommend installing Munin on your machine to get a grip on resource usage. Saves a lot of headaches & gives a good broad perspective on things.
I don't think 2.6 seconds is terribly slow for your average site that wasn't created by a team of full time engineers (See: google.com).
Your problem is probably in I/O, either network or disk or memory or etc.
You're going to have to trace through the application stack. This involved looking into your web server software (apache httpd, ngnix, etc), the php stack, the php code, and any backend storage mechanisms like File systems and MySQL that support the stack.
The delay could be caused by a slow disk, an unindexed mysql query, a bottleneck at the network, or even an optimized loop or function in the code. I don't think we will be able to help you much in this unless you can provide details about your environment and ask specific questions.
Best Answer
It sounds like you are CPU bound on the key exchange. Common problem. When a client connects over SSL/TLS for the first time a (very computationally expensive) key exchange is made. After this key exchange has been completed the clients can reuse the keys obtained in the exchange in the following communication. This is why the first request over HTTPS takes so much time to complete.
There is very little you can do about this situation, other than adding resources. More CPU will speed up the calculations of the key exchange. More memory is always good. You can also configure Apache to keep generated keys in memory for longer, to avoid having clients redo the key exchange.
You could also get some marginal improvements to the performance by changing cipher suits or tweaking keylengths, but it is usually not worth the hassle.
If you are going to be running over this kind of load for a longer time it may be a good idea to offload the SSL/TLS calculations. You can get a separate box (using your favourite proxy), a SSL acceleration card or even a specialized SSL/TLS offloading box.