One of my static pages(generated by Hugo) is loading slow on mobile mode, but the exact same page was fine on desktop mode. (google page load speed desktop score 97, but failed Core Web Vitals on mobile)
On the chrome-devtools desktop mode, the stalled time was only 2.6 ms, but on mobile mode was 458.74ms.
There was no initial and SSL connection time on desktop mode, mobile mode 458.61ms initial time, 233.98ms SSL.
Any idea how to fix it?
My server is CentOS 7 64GB RAM, Apache 2.4 event module, 1GB Memcached, mod_pagespeed, + tmpfs.
<IfModule mpm_event_module>
StartServers 30
MinSpareThreads 100
MaxSpareThreads 400
ThreadsPerChild 64
MaxRequestWorkers 256
MaxConnectionsPerChild 0
</IfModule>
Related
I am rerouting the audio input and output of a Qemu guest by using the following:
In Environment:
QEMU_AUDIO_DRV=pa
QEMU_PA_SINK=some_sink
QEMU_PA_SOURCE=some_source
QEMU_AUDIO_DAC_FIXED_FREQ=48000
QEMU_AUDIO_ADC_FIXED_FREQ=48000
some_sink is pactl load-module module-null-sink and some_source is a monitor of another null-sink.
I have also setup the default sampling rate of the hosts Pulseaudio to 48000 such that no resampling occurs:
/etc/pulse/daemon.conf:
default-sample-rate = 48000
Pulseaudio version:
$ pulseaudio --version
pulseaudio 13.99.1
The audio out is NOT output on the machine, but forwarded to another system for processing.
The setup works fine (there is audio in and out), but the Pulseaudio CPU usage (on an Intel Xeon 3.50GHz) as reported by top is constantly between 15%-30%, which to me seems like A LOT.
Not doing any resampling and just forwarding a byte stream seems to me like an inexpensive operation...
Is the high CPU usage expected in this setup - if yes, why?
How could I investigate/troubleshoot the reason of pulseaudio's high CPU usage?
I get this too, although not all the time and only on the machine that actually plays the sound.
I have VMs running zoom, citrix that the play audio through my laptop. Periodically on my laptop CPU goes to 30% or so.
pulseaudio -k; pulseaudio -D; fixes the cpu usage until it happens again.
(Annoyingly, once this is done, citrix sound doesn't work until citrix is restarted)
Since some days, my website won't load on Safari nor Chrome on Mac OS X (at home nor on my clients computers). It's working well on Firefox (Mac OS & Windows) and IE / Edge, but not Chrome (Windows).
It was well working before that and was not updated since weeks.
I'm facing this error on Safari
Failed to load resource: The operation couldn’t be completed. (kCFErrorDomainCFNetwork error 303.)
And this one on Chrome
Failed to load resource: net::ERR_SPDY_PROTOCOL_ERROR
It seem's to be related to HTTP/2 but I don't really know what is the problem.
I saw that a workaround is to clear the cache and cookie.
I did and it works on Chrome the first time I load the website, but when I navigate to another page, the error appear again.
I also flush opened socket without effects.
On Safari, flushing the cache and cookie has no effects.
My hoster (OVH) tells me that the problem is in my code but I cannot figure out where could be the bug.
Do you have any clue about that ?
Thanks a lot
We have had a problem with nginx and HTTP/2 which resulted in the same error in Safari and a similar error in Internet Explorer.
When we tweaked the nginx buffers to be:
http2_max_field_size 16k;
http2_max_header_size 128k;
the issue was gone.
My problem was disappearing after reloading the page. So it always shows the error on the first load after nginx reload.
Error log shown:
2018/10/21 06:26:54 [crit] 9439#9439: *54 open() "/var/cache/nginx/proxy_temp/2/01/0000000012" failed (13: Permission denied) while reading upstream, client: 37.9.113.93, server: anvileight.com, request: "GET /ar/ HTTP/1.1", upstream: "http://unix:/run/a8/gunicorn.sock:/ar/", host: "anvileight.com"
My problem was that nginx has directive:
user deploy deploy;
and indeed, permissions on that folder were incorrect:
ll /var/cache/nginx/proxy_temp
total 40K
drwx------ 102 www-data www-data 4.0K Jan 6 2018 0
drwx------ 102 www-data www-data 4.0K Jan 6 2018 1
When I changed it to
user www-data www-data;
problem has gone
The problem is a result of Safari holding too much local data for the site in question and failing to deal with that correctly. I use archive.org a lot so I had lots of LocalStorage and Cookie data for that site. The fact that this data is only in my main browser Safari and not in any of my other browsers explains why they could browse the site just fine.
So, the solution:
Go into Safari > Preferences > Privacy
Search for the affected domain name (for me this was "archive.org")
Click Remove
The problem goes away!
Here's a video showing the problem before and after: https://imgur.com/gallery/d1P1FCi
This suddenly started happening for me when the files were referenced on my local in a parent directory. Solution was to move to child directory.
I am having troubles with my screen resolution on my fedora 24.
The screen keep getting 1024x768 and the 1280x1024 is unavailable.
digging a little i found, on arch linux forum, this commands:
https://bbs.archlinux.org/viewtopic.php?id=73738
gtf 1280 1024 60
xrandr --newmode "1280x1024_60.00" 108.88 1280 1360 1496 1712 1024 1025 1028 1060 -HSync +Vsync
xrandr --addmode DVI-1 1280x1024_60.00
xrandr --output DVI-1 --mode 1280x1024_60.00
This solves my problem, but the new mode wont persists in a system reboot. Anyone knows how to force this config to me applied even after a system reboot?
Download autorandr to your desktop and try it
For example, I have laptop with hdmi output and second screen:
xrandr --output HDMI-0 --auto --left-of eDP-1-1
autorandr --save workstation1
autorandr --change
Where workstation1 is a custom setup to save. Any other name can be used, home, work, etc.
Or use arandr to save profile in file
you can put the prefered resolution to a file like below:
Create a file in /etc/X11/xorg.conf.d/
40-monitor.conf
Section "Monitor"
Identifier "VGA1"
Option "PreferredMode" "1280x1024"
EndSection
Restart your X system.
If it doesn't work try creating the next two files in the same path, and restarting again:
30-graphic.conf
Section "Device"
Identifier "Intel Integrated"
Driver "intel"
EndSection
50-screen.conf
Section "Screen"
Identifier "Default Screen"
DefaultDepth 24
SubSection "Display"
Depth 24
Modes "1280x1024" "1024x768" "640x480"
EndSubSection
EndSection
Please read here for more details:
https://ask.fedoraproject.org/en/question/8301/how-do-i-change-my-monitors-resolution/
I'm attempting to configure HAProxy to serve an RSA or ECC certificate depending on the client's browser. I initially am trying to get ECC certificates configured, and I noticed that the latest version of Chrome does not support them. Wondering if anyone else is having this problem? I am using OS X 10.11.4 with the following versions:
Chrome (50.0.2661.94) (64-bit) [doesn't work]
Firefox (46.0) (64-bit) [works]
Safari (9.1 11601.5.17.1) (64-bit) [works]
cURL (7.43.0 (x86_64-apple-darwin15.0) libcurl/7.43.0 SecureTransport zlib/1.2.5) [works]
The cURL command I call via curl --ciphers ecdhe_ecdsa_aes_128_sha --ssl --head --tlsv1.2 https://<url> and it returns 200 OK.
And I am using Ubuntu Xenial 16.04 LTS on the server side with the following versions:
[root#haproxy-server]: /etc/haproxy # haproxy -vv
HA-Proxy version 1.6.4 2016/03/13
Copyright 2000-2016 Willy Tarreau <willy#haproxy.org>
Build options :
TARGET = linux2628
CPU = generic
CC = gcc
CFLAGS = -g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2
OPTIONS = USE_ZLIB=1 USE_REGPARM=1 USE_OPENSSL=1 USE_LUA=1 USE_PCRE=1
Default settings :
maxconn = 2000, bufsize = 16384, maxrewrite = 1024, maxpollevents = 200
Encrypted password support via crypt(3): yes
Built with zlib version : 1.2.8
Compression algorithms supported : identity("identity"), deflate("deflate"), raw-deflate("deflate"), gzip("gzip")
Built with OpenSSL version : OpenSSL 1.0.2g 1 Mar 2016
Running on OpenSSL version : OpenSSL 1.0.2g-fips 1 Mar 2016
OpenSSL library supports TLS extensions : yes
OpenSSL library supports SNI : yes
OpenSSL library supports prefer-server-ciphers : yes
Built with PCRE version : 8.38 2015-11-23
PCRE library supports JIT : no (USE_PCRE_JIT not set)
Built with Lua version : Lua 5.3.1
Built with transparent proxy support using: IP_TRANSPARENT IPV6_TRANSPARENT IP_FREEBIND
Available polling systems :
epoll : pref=300, test result OK
poll : pref=200, test result OK
select : pref=150, test result OK
Total: 3 (3 usable), will use epoll.
Here's the screenshot of the exact problem: http://imgur.com/wlmQbIi
Here's the screenshot of the same website with Safari: http://imgur.com/FEwmmj9
And finally, my haproxy.cfg file:
global
log /dev/log local0
log /dev/log local1 notice
user haproxy
group haproxy
chroot /var/lib/haproxy
daemon
stats socket /run/haproxy/admin.sock level admin
maxconn 15000
spread-checks 5
tune.ssl.default-dh-param 2048
tune.ssl.maxrecord 1400
tune.idletimer 1000
ssl-default-bind-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl-default-bind-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
ssl-default-server-ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl-default-server-options no-sslv3 no-tlsv10 no-tlsv11 no-tls-tickets
defaults
log global
mode http
retries 3
balance roundrobin
hash-type map-based
option httplog
option dontlognull
option forwardfor
option http-server-close
option redispatch
option abortonclose
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r
timeout http-request 10s
timeout queue 1m
timeout connect 10s
timeout client 1m
timeout server 30s
timeout http-keep-alive 10s
timeout check 10s
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
frontend http-frontend
bind *:80 accept-proxy
reqadd X-Forwarded-Proto:\ http
use_backend %[req.hdr(host),lower,map_sub(/etc/haproxy/backend.map,test-backend)]
frontend https-frontend
bind *:443 accept-proxy ssl crt /etc/ssl/pem/ecc alpn http/1.1
log-format %ci:%cp\ [%t]\ %ft\ %b/%s\ %Tq/%Tw/%Tc/%Tr/%Tt\ %ST\ %B\ %CC\ %CS\ %tsc\ %ac/%fc/%bc/%sc/%rc\ %sq/%bq\ %hr\ %hs\ %{+Q}r\ ssl_version:%sslv\ ssl_cipher:%sslc\ %[ssl_fc_sni]\ %[ssl_fc_npn]
rspadd Strict-Transport-Security:\ max-age=31536000;\ includeSubdomains;\ preload
rspadd X-Frame-Options:\ DENY
reqadd X-Forwarded-Proto:\ https
use_backend %[req.hdr(host),lower,map_sub(/etc/haproxy/backend.map,test-backend)]
backend test-backend
balance leastconn
redirect scheme https code 301 if !{ ssl_fc }
server test-server 10.10.10.40:80 check
I know this post is not in the right seciton of StackExchange (sorry!) but I wanted to post a potential solution. I think the problem is the elliptic curves support in Chrome vs. Firefox vs. Safari. From the SSLLabs website:
Safari 9 / OS X 10.11: secp256r1, secp384r1, secp521r1
Firefox 44 / OS X: secp256r1, secp384r1, secp521r1
Chrome 48 / OS X: secp256r1, secp384r1
The problem is the private key for the ECC certificate I was testing was generated with secp521r1 (http://imgur.com/dbrJQuW), which the latest version of Chrome on OS X 10.11 doesn't support.
See this issue: https://security.stackexchange.com/questions/100991/why-is-secp521r1-no-longer-supported-in-chrome-others
It seems that only the following two cipher suite are supported by your web server:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
I suppose that missing some cipher suite (at least TLS_RSA_WITH_AES_128_CBC_SHA) is the reason of your problem.
The cipher suite TLS_RSA_WITH_AES_128_CBC_SHA must be supported in TLS 1.2 (see the section 9 Mandatory Cipher Suites or RFC5246). In the same way I would you recommend to see forward and to include protocols
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
and the suites
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
are strictly recommended too. See TLS 1.3 specification. You use Nginx web server, which should support TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 and TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, which are very good because of combination the security and the performance. I'd recommend you to include all the Cipher Suites.
I'd recommend you additionally to use or at least to examine carefully the recommendation of Nginx setting for modern or intermediate web browsers by Mozilla SSL Configuration Generator. You can read more about the suites here.
I have 2 widescreen monitors, one is 19inch and the other is 23 inch.
I have installed Fedora 16 on VirtualBox [Windows 7 Host]. I installed the virtualbox guest additions and got the gnome-shell running, but I am running into some weird behavior. When I place the virtualBox linux guest machine window on the 23 inch and click "Switch to fullscreen", the window swaps monitors and moves to the 19inch monitor and goes fullscreen on that one instead of the 23inch.
How do I get it to go fullscreen on the 23inch ?
Help !
Thanks.
In fullscreen-mode (Host+F) you can press Host+Home to bring up a context menu:
View -> Virtual Screen 1 -> Use Host Screen 2