search

restic / rest-server

Rest Server is a high performance HTTP server that implements restic's REST backend API.
BSD 2-Clause "Simplified" License
922 stars 138 forks source link

TLS overhead x4 #205

Closed gr8den closed 1 year ago

gr8den commented 1 year ago

Hello! When I enable --tls option in rest-server speed of backup become slower ~4 times (1MB/s vs 4MB/s)

Other options: --append-only, .htpasswd auth used, self-signed cert Ping between restic and rest-server machines ~90ms

Setting -o rest.connections= to 2 or 10 change almost nothing when it is used with --tls option But using -o rest.connections=10 & --tls=0 increase performance to 11MB/s (maximum bandwidth)

Rest-server version: https://github.com/restic/rest-server/commit/a8cd3f218de825125ad845a64244a68e402d3c0c Restic version: restic 0.14.0 compiled with go1.19 on darwin/amd64

MichaelEischer commented 1 year ago

I don't suppose the server is anyhow CPU-bound?

Does the performance also drop if both restic and the rest-server run on the same host? Does setting

GODEBUG=http2client=0  # disable HTTP/2 client support
GODEBUG=http2server=0  # disable HTTP/2 server support

on the client/server side help?

deajan commented 1 year ago

Maybe worth mentionning, I let Haproxy offload the TLS encryption, it's probably way more optimized since it's it's primary job. You should give that a go. On the plus side, haproxy directly implements with letsencrypt.

MichaelEischer commented 1 year ago

Not enough information to reproduce.