donnie
donnie
PostsComments
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
Haha I can't wait to drop "cipher suite" and "elliptic curve cartography" into casual conversation tonight and watch the eyes roll back into heads 🙂
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
Oh...my...god. I think it's something in my home network 🤦‍♂️. I had tried a VPN to check location wasn't a factor but I hadn't attempted any of this outside my current network. I just switched my phone over to mobile carrier netowrk only and everything ran just fine in http and https. fml. @Henrik, I'm so sorry to have wasted your time, I should have caught this earlier.
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
So I just tried the same speedtest with a separate server using Coolify. First with Traefik configured as the proxy and then with Caddy. Both had the exact same results where the https speed was severealy restricted. I don't know what's going on 🤦‍♂️
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
@Henrik do you have a significant slow down on your own Dokploy instances when using https? Is this something you just live with or is it an issue you're not experiencing?
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
That doesn't appear to have any effect unfortunately :/
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
I hear what you're saying but does it not feel crazy to accept a massive reduction in bandwidth performance (-10x)? This severely impacts the applications and services I want to run on my server. Videos chop when streaming, downloads take forever and websites take a long time to load. I feel like there is something fundamentally wrong here as I'm sure most don't face these bottlenecks otherwise there would be more of an uproar no? I've pretty much run out of ideas, this issue is a blocker for me and my projects so, while I really don't want to, I think I'll have to do the walk of shame back to commercial hosting offerings :/
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
Okay, I've tried to just set the maxVersion to TLS 1.2 but it just seems to break things. Here is my /etc/dokploy/traefik/traefik.yml file with the updated settings (entryPoints > websecure > http > tls), does this look correct? 
providers:
  swarm:
    exposedByDefault: false
    watch: true
  docker:
    exposedByDefault: false
    watch: true
    network: dokploy-network
  file:
    directory: /etc/dokploy/traefik/dynamic
    watch: true
entryPoints:
  web:
    address: ':80'
  websecure:
    address: ':443'
    http3:
      advertisedPort: 443
    http:
      tls:
        certResolver: letsencrypt
        options:
          default:
            maxVersion: VersionTLS12
api:
  insecure: true
certificatesResolvers:
  letsencrypt:
    acme:
      storage: /etc/dokploy/traefik/dynamic/acme.json
      httpChallenge:
        entryPoint: web
providers:
  swarm:
    exposedByDefault: false
    watch: true
  docker:
    exposedByDefault: false
    watch: true
    network: dokploy-network
  file:
    directory: /etc/dokploy/traefik/dynamic
    watch: true
entryPoints:
  web:
    address: ':80'
  websecure:
    address: ':443'
    http3:
      advertisedPort: 443
    http:
      tls:
        certResolver: letsencrypt
        options:
          default:
            maxVersion: VersionTLS12
api:
  insecure: true
certificatesResolvers:
  letsencrypt:
    acme:
      storage: /etc/dokploy/traefik/dynamic/acme.json
      httpChallenge:
        entryPoint: web
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
I tried adding different curvePreferences and cipherSuites to traefik.yml & dynamic/dokploy.yml to no avail. To be honest I'm not exactly sure what and where I should be updating these settings. Here is what I was attempting to add and I tried many variations of this: 
tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
      curvePreferences:
        - CurveP521
        - CurveP384
tls:
  options:
    default:
      minVersion: VersionTLS12
      cipherSuites:
        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
        - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
      curvePreferences:
        - CurveP521
        - CurveP384
@Henrik if you have any insight on what exactly I should be using for settings and where to place those in the dokploy traefik config files I'm all ears.
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
I will have a look at the ECC as you suggest @Henrik and see if that makes a difference.
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
Yes, I believe my VPS does support AES-IN, the results of sudo grep -o aes /proc/cpuinfo are: 
aes
aes
aes
aes
aes
aes
aes
aes
aes
aes
aes
aes
25 replies
DDokploy
Created by donnie on 4/9/2025 in #old-help
Significant HTTPS slow down
This seems exactly like the issue I'm experiencing: https://community.traefik.io/t/very-bad-upload-speed-when-using-traefik-with-tsl-ssl/15082
25 replies