Reverse proxy cuts performance in half

I have a Nextcloud instance which achieves around 35MB/s upload and 110MB/s download when accessed directly.

However, when adding NGINX to the equation performance is reduced to around 20MB/s upload and 50MB/s download. They are hosted in different VMs, but in the same server and subnet. It’s clear that the problem is related to the reverse proxy, but I don’t know what can I do to increase performance (VM already has plenty of resources).

Using NPM if that matters.

3 thoughts on “Reverse proxy cuts performance in half”

  1. A few things to check on the Nginx side:

    First, do an iperf3 test between your nginx and Nextcloud servers to look for lower level issues and rule out that layer.

    Use HTTP/2 if you’re not already.

    Disable proxy buffering for the connection

    Enable mimetype appropriate compression for the connection (GZIP by content type)

    Follow the Nginx tuning info in c-reiger.de setup guides.

    Hope this helps out

    Reply
  2. Try enabling keepalives on your web pool if you haven’t already. It made a huge difference when I was in a similar situation.

    Just be aware that if you use NTLM auth you’ll need to account for that somehow (plug-in, Nginx+, etc.) otherwise your authentication context will be shared among the live connections. You will have users seeing each other’s sessions.

    Edit: Just to clarify I mean keepalives between Nginx and the upstream server. It makes a huge difference not having the overhead of reestablishing those connections for each request.

    Reply
  3. If the problem is local only, you may need to look into hairpin NAT. If your router does not support this, you may need to set custom DNS entries for your servers. For example, I use pihole, and I can set custom entries for each subdomain to my nginx server through the web portal. You can also global set every subdomain to resolve to the nginx server through an entry in dnsmasq like this:

    address=/custom.domain.net/ip\_address\_of\_nginx\_server

    The second method may break some things, but it works for me for everything but matrix/element. None of this is really noticeable until high throughput situations like file transfers occur.

    Reply

Leave a Comment