Ssl_requirement: transitions from https to http and vice versa are slooooow

Hi,

I’m using rails 1.2.5 along with nginx and mongrel_cluster to serve
both encrypted and unencrypted content.

I installed the ssl_requirement plugin to force https on certain pages/
actions.

ssl_requirement works, but whenever I go from an unencrypted page on
my site to an encrypted page (or vice versa) the time to render the
page is HUUUGE (around 1 minute for some simple html that should
normally take about 1 second to render).

e.g., if I am viewing this page: https://blahblah.com/stuff and I
click on a link within that page that links to
http://blahblah.com/otherstuff,
my browser will churn for about 1 minute before rendering the new
page.

some interesting points.

  1. this does not happen when going from https to https, nor does it
    take place when going from http to http.

  2. if I click on the hyperlink a second time while I’m waiting for
    the new page to render, it renders almost immediately (i.e. I can
    “coax” the new page into loading by clicking on it twice).

Any ideas as to what’s causing this lag?

my nginx config file is shown below along with the top/relevant
portion of my controller that uses ssl_requirement

############begin top of controller #########
class AccountController < ApplicationController
layout “account”
before_filter :login_from_cookie
ssl_required :signup, :login
##########end top of controller ##############

##########begin nginx virtual host config file ##############

Nginx virtual host configuration file

to be included by nginx.conf

Load balance to mongrels

upstream mongrel_cluster {
server 0.0.0.0:8000;
server 0.0.0.0:8001;
server 0.0.0.0:8002;
}

Begin virtual host configuration

server {

Familiar HTTP settings

listen 80;
server_name e.com *.e.com;
root /home/e2/a2/public;
access_log /var/log/nginx/e.com.access.log main;
error_page 500 502 503 504 /500.html;
client_max_body_size 50M;

First rewrite rule for handling maintenance page

if (-f $document_root/system/maintenance.html) {
rewrite ^(.)$ /system/maintenance.html last;
break;
}
location / {
index index.html index.htm;
# Forward information about the client and host
# Otherwise our Rails app wouldn’t have access to it
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
# Directly serve static content
location ~ ^/(images|javascripts|stylesheets)/ {
expires 10y;
}
if (-f $request_filename) {
break;
}
# Directly serve cached pages
if (-f $request_filename.html) {
rewrite (.
) $1.html break;
}
# Otherwise let Mongrel handle the request
if (!-f $request_filename) {
proxy_pass http://mongrel_cluster;
break;
}
}
}

server {

listen 443;
ssl on;
#path to certificate
ssl_certificate /etc/ssl/certs/myssl.crt;
#path to ssl key
ssl_certificate_key /etc/ssl/myssl.key;

server_name e.com *.e.com;
root /home/e2/a2/public;
access_log /var/log/nginx/e.com.access.log main;
error_page 500 502 503 504 /500.html;
client_max_body_size 50M;

First rewrite rule for handling maintenance page

if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}

location / {
index index.html index.htm;
# Forward information about the client and host
# Otherwise our Rails app wouldn’t have access to it
# set X-FORWARDED_PROTO so ssl_requirement plugin works
proxy_set_header X-FORWARDED_PROTO https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_max_temp_file_size 0;
# Directly serve static content
location ~ ^/(images|javascripts|stylesheets)/ {
expires 10y;
}
if (-f $request_filename) {
break;
}
# Directly serve cached pages
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
# Otherwise let Mongrel handle the request
if (!-f $request_filename) {
proxy_pass http://mongrel_cluster;
break;
}
}

}