1

I setup stunnel on OSX to tunnel traffic to my Django dev server because Facebook needs HTTPS these days but I noticed it's being absurdly slow. It seems like it can only handle a single connection at a time and even the connection is slow when I'm connecting to localhost. I've tried using some performance tips found online and so my config is setup as:

pid=
# foreground=yes
cert=./cacert.pem
key=./privkey.pem
libwrap=no
debug=0
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1

[https]
accept=8443
connect=8000

Is there a way to get more performance or more suitable way of setting up HTTPS for my dev server?

Kit Sunde
  • 946
  • 3
  • 12
  • 31
  • Any reason you didn't just set up your HTTP server to serve HTTPS as well? Seems that'd be the simplest way to me. – Matthew Scharley Nov 08 '11 at 02:44
  • Whats the system load? How can you be sure that its stunnels fault? Its also possible that Facebook is slow, some areas are pretty bad for Facebook, what with a good 600,000,000 users. – Silverfire Nov 08 '11 at 03:06
  • Do you know how to use packet capture tools like wireshark to identify potential problems? – Silverfire Nov 08 '11 at 03:07
  • @MatthewScharley The django dev server doesn't support HTTPS, it's bare bones. – Kit Sunde Nov 08 '11 at 03:18
  • @Silverfire There is no server load, it's running locally on my machine with only me sending requests to it. It runs way faster over HTTP it doesn't need to go through stunnel. – Kit Sunde Nov 08 '11 at 03:18
  • @KitSunde In a live environment, it's not uncommon to have Django/Rails/etc servers running against localhost and have them reverse proxied by a 'real' HTTP server like apache or nginx. Is that viable? Nginx is pretty darn slim, but I don't know what sort of specs your dev machine has. – Matthew Scharley Nov 08 '11 at 04:31
  • @MatthewScharley I would prefer to just have Djangos dev server running over setting up nginx locally, but that's certainly an option if there's no reasonable alternative. I use the latest Macbook Air for development which seem to handle just about anything I can throw at it. :) – Kit Sunde Nov 08 '11 at 05:06
  • give us netstat -s on both client and server, top might help. your isp might be throttling encrypted connections if they don't trust you. – The Unix Janitor Nov 08 '11 at 05:19
  • @user37899 My dev machine is both the client and the server. I'm just connecting to my dev machine on localhost:8443 which gets tunneled to localhost:8000. There's no ISP inbetween. My computer is running smooth as silk, this is entirely an issue with stunnel, especially the issue where it will only allow me to run one connection through it while the others remain pending. – Kit Sunde Nov 08 '11 at 05:58

1 Answers1

0

I was never able to solve this on my mac, but I remember faintly that I figured stunnel had some issue with OSX that I couldn't work around. In the end I ended up using nginx.

Kit Sunde
  • 946
  • 3
  • 12
  • 31