Hi! So, I am facing a issue with getting wrong speeds in HTTPS, while using caddy with wildcards

[fedonr]

So basically, I used the Openspeedtest on local IP it works great, but the speeds come very low when using a proxy like I do with Caddy with Wildcards, that allows me to get automatic https from letsencrypt.

And the speeds are coming up low on both download and upload, but especially for uploads.

I have attacked my Caddyfile config for the openspeedtest part, my docker run code, and both result with LAN IP and Https domain using Caddy and DUckdns

And I have LAN of 100Mbps up and down both, so the one with local IP always comes correct, while for the caddy domain, it comes correct for downloads for 70% of times, but for uploads it is always this low

[openspeedtest]

Check https://github.com/openspeedtest/Speed-Test/issues/76 (Disable HTTP2/3) HTTP1.1 recommended.

Also check https://github.com/openspeedtest/Speed-Test/issues/72

[fedonr]

Okay so I tired

@x host x.x.duckdns.org handle @x { reverse_proxy { to x.x.x.x:49159 transport http { versions disable } } }

Ended up getting the same results where download speed was somewhat correct, nearing 100 Mbps and upload speed was less then 8 Mbps

Now I also tried

@x host x.x.duckdns.org handle @x { reverse_proxy { to x.x.x.x:49159 transport http { versions disable h2 h3 } } }

Same results as above

And here I tried

@x host x.x.duckdns.org handle @x { reverse_proxy { to x.x.x.x:49159 transport http { versions h2c disable versions h3 disable } } }

Here, I again got the correct download speeds, but the upload speed came up unrealistically higher around 3459 Mbps

[openspeedtest]

Did you try this solution? https://github.com/openspeedtest/Speed-Test/issues/72#issuecomment-1482462508 Caddy dropped some flags in the recent version. Caddy version?

[fedonr]

Awesome! So doing that worked, but it would make my all wildcards and domains to be on http1.1, is there a way I can do it only for the wildcard that I have for openspeedtest?

Edit : I dont know the Caddy Version but I am using the latest Caddy Docker image from Dockerhub

[openspeedtest]

I believe it is not possible to selectively deactivate H2/H3 for a single subdomain. Assign OpenSpeedTest to its own dedicated IP address / subdomain.

[fedonr]

Bro, I tested it and this issue persists even with Librespeed, so it seems that it is a universal issue both openspeedtest and librespeed when used with reverse proxy via Caddy.

And I came across this video where he states the same that, he had same issue on Librespeed when used with Caddy or Traefik. And it seems this issue doesn't occur on nginx based on what he mentions

https://youtu.be/zyBT_nOnsKA

[openspeedtest]

Yes, I had a similar experience when I tested it last year. That's why it's advisable to run OpenSpeedTest on a dedicated subdomain, IP, or server. Additionally, it's recommended to run it without a reverse proxy to achieve optimal performance. I plan to incorporate automatic SSL (using Let's Encrypt) into our Docker image. This means all you have to do is provide an A record for your subdomain and then start the Openspeedtest server.

[fedonr]

Great! I would be glad to await for that feature, thank you for making that great tool.

Okay so as of now, I am ready to forgo HTTPS here, and I can rather do the DNS rewrite by assigning dedicated IP here, but as DNS rewrite only responds to port 80, is there a way to make it work for port 3000? I would be using Adguardhome for DNS rewrite.

[openspeedtest]

Yes you can https://github.com/openspeedtest/Docker-Image#container-port-for-http-is-3000

[fedonr]

Yes, I know about port mapping, but as I would be assigning OST to a dedicated IP, all the port mapping would do is assigning the port 80 to it on a host IP (which is already being used in my case), so I was thinking is I can run it on port 80 with dedicated IP, maybe I think I can do it via macvlan, I would try that out.

[fedonr]

Hey, thanks a lot for the quick support and I figured it out, basically I did the bind mount for nginx/conf.d and changed the listen port to 80 instead of 3000 in openspeedtest-server.conf and used it with docker macvlan to give a dedicated IP, now using adguard I am able to do the DNS Rewrite

[openspeedtest]

Awesome 👍

[fedonr]

Thanks a lot for constant support bhai. Will be waiting for the feature to have automatic Letsencrypt SSL integrated. Closing this ticket now. Thanks a lot.

[openspeedtest]

@fedonr This version is in the Beta phase, so it is intended for testing purposes only.

sudo docker run -e ENABLE_SSL=True -e DOMAIN_NAME=example.com -e USER_EMAIL=you@example.com --restart=unless-stopped --name openspeedtest -d -p 80:3000 -p 443:3001 openspeedtest/beta:v1

[fedonr]

Great! Thank you, I would test it out today and would let you know, currently I'm out, I'll test it as soon as I get home, give me few hours.

[fedonr]

Yes bro, so as I checked I won't be able to check it, as letsencypt require a DNS challenge for DuckDns domains, where I need to pass a duckdns Api key as well, so for me lets encrypt fails as I only use Duckdns domains.

[openspeedtest]

Indeed, you require a Public IPV4/6 address with Ports 80 and 443 open. I believe you can make adjustments to the docker image by installing duckdns certbot. I will check if there is a simple option available for the DNS challenge, as each host may have a slightly different configuration.

[fedonr]

Yes so I also tired passing API Key for DNS as token, which was working with Caddy. But that too fails. Just a heads up

sudo docker run -e ENABLE_SSL=True -e DOMAIN_NAME=xyz.duckdns.org -e USER_EMAIL=xyz@gmail.com --restart=unless-stopped --name openspeedtest -d -p 8081:3000 -p 443:3001 \ -e TOKEN=api key(duckdns token) \ -e LOG_FILE=/data/access.log \ -e DUCKDNS_DOMAIN=https://xyz.duckdns.org \ -e DUCKDNS_TOKEN=api key(duckdns token) \ openspeedtest/beta:v1

[openspeedtest]

Does Caddy take care of HTTPS automatically? If so, you won't need to enable SSL in the OpenSpeedTest docker image. I believe you need to have port 80 open, although I'm not entirely certain.

[fedonr]

I am not that savvy, but as far as I know I run caddy as Docker Image, you can add a DNS module in docker build which has DuckDNS's DNS (or you can download the DNS module and bind mount to point container there) : https://www.youtube.com/watch?v=pH_LZVfuSWo (this guy does the same with Vaultwarden and Caddy, so you can refer the caddy part here, rather than using docker build to add module, he downloads and bind mounts)

Container has 80 and 443 ports which I can map like any other dockers.

And then you just need to pass Domain, email and Token as I did above in your image.

[openspeedtest]

If possible, I will soon add DNS challenge.

[fedonr]

Hello, I hope you are doing great. I recently switched to Nginx Proxy Manager from Caddy, it seems more stable here at start, but still faced the same issue from 2nd Test, is there anyway to make it work with Nginx Proxy Manager (using Private IP). I saw you comment "Warning! If you run it behind a reverse proxy you should increase post body content length to 35 Megabytes or more.", however that example has Traefik, unsure how to do it in Nginx Proxy Manager. I tried adding "client_max_body_size 10G;" in Advanced Tab of Proxy Host and also disabled HTTP/2 Support.

[openspeedtest]

@fedonr When I checked last time, you didn't have to do anything on Nginx Proxy Manager. it just worked without any issues. Remove all custom config and restart NPM.

[fedonr]

Yes so even I assumed it works as when I use 100 Mbps LAN cable speed works as as expected, only when I switch to Gigabit Ethernet, the upload speeds again starts showing up drops to 2 Mbps after 1st test (on first test it worked normally). I'll still do some digging and check. I'm running Private IP port 3000 in reverse proxy with Duckdns Domain using NPM.

[openspeedtest]

we need http 1.1

[fedonr]

Yes i did keep HTTP/2 support disabled there, however I enabled force SSL? Shall I turn that off too?

[openspeedtest]

@fedonr Give it a try and make sure the service is running on HTTP 1.1.

[fedonr]

Hello, so I am using NPM to get easy to use URLs and SSL for my Containers, but I am not able to figure out how to force HTTP/1.1 as no matter if I enable or disable HTTP/2 support in Web GUI, the page always loads with h2 Protocol

I am using openspeedtest as one of the wildcards for the domain I have via Duckdns for all my containers. Here is my config

# ------------------------------------------------------------
# speedcheck.testnas.duckdns.org
# ------------------------------------------------------------

map $scheme $hsts_header {
    https   "max-age=63072000; preload";
}

server {
  set $forward_scheme http;
  set $server         "openspeedtest";
  set $port           3000;

  listen 80;
listen [::]:80;

listen 443 ssl;
listen [::]:443 ssl;

  server_name speedcheck.testnas.duckdns.org;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

  access_log /data/logs/proxy-host-16_access.log proxy;
  error_log /data/logs/proxy-host-16_error.log warn;

  location / {

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;

    # Proxy!
    include conf.d/include/proxy.conf;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

[fedonr]

Hello, tried the same on a different host still the same, using the similar config.

[openspeedtest]

Look at browser console and make sure you are using http 1.1

[fedonr]

Yes, that is what I am not sure about, as in the config file I ensured I use http 1.1 protocol in nginx (with the limited knowledge I have), but whenever I open the url in browser it uses h2 Protocol, I am not sure how to make it http 1.1, if you can guide me there it would be a great help.

Look at browser console and make sure you are using http 1.1

[vishnunuk]

@fedonr Turn Off HTTP2. using NPM or caddy?

[fedonr]

@vishnunuk thank you so much for the quick revert, as I have started using NPM, I only know the part where there is a toggle in NPM Web GUI for proxy host that says Http/2 support, which I have kept OFF, I do not know if there is any other way to turn it off. The other way I found was to ensure there is http1.1 mentioned in config file and not http2 or h2, which I also ensured from above config file.

Please correct me if I am wrong, if there is any other way to turn off http2 in NPM. Thank you so much once again

[vishnunuk]

@fedonr check https://github.com/jlesage/docker-nginx-proxy-manager/issues/209 Make sure you are using the latest version of NPM. Also, ask this question in the NPM community. When I tested it last time, it worked without any issues. Additionally, try using a different browser or an incognito window after making changes to the NPM configuration.

[fedonr]

Seems that's the issue with NPM and it is still ongoing I'll run OpenSpeedTest without URL or https as of now. Eagerly waiting for a feature of DNS Challenge being implemented via Letsencrypt as I saw it is already in the works by you. Thanks once again for the reverts.