Website Performance Boot Camp

Jon Jensen
End Point Corporation
endpointdev.com

Utah Open Source Conference, May 3–5, 2012

Why care?

Give better user experience
Convert more in ecommerce
Cope with slower mobile networks
SEO performance factor

Less-visible reasons

Reduce bandwidth costs
Same resources scale to more users
Reduce CPU load and I/O
Reduce disk space used for logs

Architecture impact

Some optimization techniques
lead to a cleaner architecture.

Others make things more complicated,
so maybe should be delayed.

General principles

Re-using is faster than not
Doing less is faster than doing more
Doing nothing is fastest

What to watch

Load time, bytes, HTTP requests
For both initial and repeat loads

An example

Using webpagetest.org:

479popcorn.com before tuning

An example

479popcorn.com after tuning

Web software stack layers

Browser
Web servers
App servers
Databases

Browser layer

JavaScript
JS libraries
images
fonts
CSS
HTML

Ideal goal

If nothing is faster than nothing,
ideally we’d like to serve nothing at all.

How?

Full-page caching

Cache the entire page and every asset on it
entirely in the browser
for as long as the user is using the site.

If we succeed

The browser won’t make
any more requests to the server
except e.g. Google Analytics tracking code.
And that’s fast and not our scalability problem.

Dynamic content

Probably your site has some dynamic components.

Use JavaScript

Put into cookies or HTML5 LocalStorage:

Login state
Returning user name
Items in shopping cart

Display with JavaScript.

If so, the page is still fully cacheable.

Cache until login

Still a win to cache the entire page
only for unauthenticated users.
May cover a lot of traffic.

Cache high in the stack

It’s worth the work to cache the whole page. Why?

Caching high > caching low

If you can cache the whole page,
everything lower in the stack
is included — job done.

Ajax?

If only a small part of the page must be dynamic,
maybe fetch only that via Ajax so
everything else is statically cached.

Leverage existing caches

Get JavaScript libraries & web fonts
from Google’s CDN or others.

Users often already have them loaded
You don’t deal with that traffic

Embedded assets

Many HTTP requests for embedded assets are slow
due to TCP round trips,
even with HTTP keepalive.
Worse on mobile networks.

Combining assets

Combine JavaScript and CSS into a few files.
Combine many images of same type into sprites.
See spritebox.net.

Optimize assets

Compress images as highly as reasonable.
Strip unnecessary metadata using editor, pngcrush, etc.
Choose best image format: PNG may be better than JPEG.
Minify JavaScript & CSS.

“Edge” web server layer

CDN service
Home-grown CDN with Varnish or nginx

Commercial CDN

Caches around the world serve nearby users
Can be faster than direct access to the origin server
Often very costly

Subdomain advantages

e.g. c.yourdomain.com:

No cookies sent by browser for requests to that subdomain
Browsers parallelize requests to different subdomains,
so if the clients have a lot of bandwidth, it can make pages load faster.

Homegrown CDN

Commonly-served files cached in RAM by the kernel
Scale out horizontally cheaply by adding servers
Lease many servers with a generous bandwidth allotment;
don’t pay bandwidth overages on one heavily-used server

Why not Apache httpd?

Varnish & nginx scale up to lots of clients without 1:1 process count.
Handle intentional attacks of slow clients like Slowloris.
Handle many legitimate slow clients, e.g. long-running downloads.
Free up scarcer app server instances by sending responses quickly to cache.

“Origin” web server

Even if you’re only using Apache,
some simple tuning can help a lot.

Enable HTTP keepalive


KeepAlive On
KeepAliveTimeout 2

Compress with gzip or deflate

Enable mod_deflate and set:


AddOutputFilterByType DEFLATE \
    text/html text/plain text/xml text/css
    application/json application/x-javascript

Where to compress?

If using a caching reverse proxy, you may be better off
instead letting the cache store a single uncompressed copy
and gzip it to the clients (or not) as needed.

On modern CPUs gzip is really fast.

HTTP Cache-Control & Expires

Mark static assets as cacheable by both
the reverse proxy and the user’s browser.

2-hour example


Cache-Control: max-age=7200
Expires: Wed, 02 May 2012 06:06:18 GMT

For 1-day reverse proxy cache


Cache-Control: max-age=7200,s-maxage=86400

Set cache headers in Apache


ExpiresActive On
ExpiresDefault "access plus 2 hours"

Why 2 hours?

Contra advice about a month or even a year…

URL changes, mistakes, tradeoffs, new/old app.

Compromise of 1–8 hours seems good.

ETags?

Apache generates unique ETags per server.

That’s ok if you have only one server. :)

Worth keeping if done right.

App server caching

Caching in memcached or files (local or NFS):

Text fragments
Data, e.g. results of queries

Disable development helps

Precompile code
Don’t look for changed classes or views
Don’t check for database schema changes
Remove unneeded code and 3rd-party modules

Statelessness

Don’t write to the filesystem
Scale horizontally (more app servers) without trouble
Can use cloud app hosting, e.g. Heroku, Google App Engine

Sessions

Create/fetch/update sessions only for requests that need it.
Or get rid of server-side sessions and use client-side sessions.
HTML5 LocalStorage vs. cookies: no extra HTTP traffic.

Work with your framework

Most web frameworks have conventions for these things.

Optimize for what matters

Which pages does everyone go through?

Which functions are busiest?

Database tools

Query tuning
Indexes
Replication
Sharding … under duress

Slow queries

But also tons of fast queries
that collectively bog down the system.

Use query log analysis tools.

Sneaky bottlenecks

Locks that block popular reads
Tables that have grown a lot
Missing indexes that force full table scans
Unused indexes that slow down writes

But wouldn’t it be nice

… for the database speed not to matter much?

Cache at the highest layer of the stack possible,
and work down as needed.

It’s a win

if you never have to tune your database
because it is so rarely hit.

It’s a win

if you rarely use server-side sessions.

It’s a win

if your app server is bored.

It’s a win

if your main web server
is bored because a CDN
handled most traffic.

It’s a win

if the CDN is bored once visitors
have warmed their caches.

It’s a win

if their cache comes pre-warmed
with same jQuery from Google that
other sites use.

Perfection isn’t possible

Things will always be changing.

Measure and do what you can.

Small steps

executed over time add up.

Big plans never executed
are a total waste.

Final esoterica

Firewall state tables

Firewalls can run out of space in their state tables!

DNS problems

Test forward & reverse DNS resolution on each host.

Logging shouldn’t use DNS, but maybe it is!

Investigate

Be curious.

Investigate your hunches.

The “impossible” often isn’t,
both for good and bad.

Front-side tools

Tools suggested by attendees

JPEGmini
GTmetrix: runs Page Speed & YSlow
CloudFlare: newish CDN

Questions?

Twitter: @jonjensen0

jon@endpointdev.com

Check out our Liquid Galaxy demo
here at the conference!