Search code examples
sslnginxkubernetescert-manager

TTFB increated by 200+ ms after enabling SSL via Nginx Ingress controller & cert-manager

Right after enabling cert-manager in Ingress Controller by TTFB (time to first byte) increased by 200+ms in most of the regions. Without SSL, it was <200ms to 80% of the regions. After enabling SSL only 30% have TTFB <200ms

without SSL enter image description here

with SSL enter image description here

My Ingress definition:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
  annotations:
    kubernetes.io/ingress.class: nginx
    certmanager.k8s.io/cluster-issuer: letsencrypt-prod
    kubernetes.io/tls-acme: "true"
spec:
  rules:
    - host: gce.wpspeedmatters.com
      http:
        paths:
          - path: /
            backend:
              serviceName: wordpress
              servicePort: 80
  tls:
    - secretName: tls-prod-cert
      hosts:
        - gce.wpspeedmatters.com
Solution

  • Switched to TLS 1.3 and I was able to above shave off extra 50-150ms!

    I wrote a detailed blog post too: https://wpspeedmatters.com/tls-1-3-in-wordpress/

    With TLS 1.3: enter image description here