Extreamly slow local access after setting up ssl

bcarter · May 3, 2019, 11:44pm

I am not sure if anyone else has this issue, but now that I have enabled ssl accessing the front end of homeassistant from my local network is very, very slow. It takes almost 2 minutes for lovelace an the panel to show up and all I see is an icon and the words “loading data”

if I access from outside my local network, it is nearly instantaneous. oh and also sub second to access using a mobile app.

I am not able to find anything that would account for this. Though I am also getting massive amounts of the following errors in my log

2019-05-03 17:21:28 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)
2019-05-03 17:21:29 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)
2019-05-03 17:21:29 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)
2019-05-03 17:21:29 ERROR (MainThread) [homeassistant.core] Error doing job: SSL handshake failed
Traceback (most recent call last):
  File "uvloop/sslproto.pyx", line 500, in uvloop.loop.SSLProtocol._on_handshake_complete
  File "uvloop/sslproto.pyx", line 484, in uvloop.loop.SSLProtocol._do_handshake
  File "/usr/local/lib/python3.7/ssl.py", line 763, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: HTTP_REQUEST] http request (_ssl.c:1056)

Does anyone have thoughts? at this point I am likely to remove the ssl and go back to only using ssh tunnels, but then the mobile app is exposed… I donno

tom_l · May 4, 2019, 12:17am

You don’t mention:

How you enabled SSL
How you are accessing HA internally, ip address?
Your network set up, router etc…

bcarter · May 4, 2019, 12:28am

Fair @tom_l, I am not sure what information would help, so I will just answer what you think you need.

I enabled SSL using letsencrypt and certbot. for my domain, then using the following configuration.yaml

http:
  ssl_certificate: /config/ssl/fullchain.pem
  ssl_key: /config/ssl/privkey.pem
  base_url: mydomain:8123

I am accessing the same way internally and externally, though I did try both the domain name and the IP (of course the IP gives a SSL warning) no change though in wait time.
My network is … an ISP provided router and modem that has the port forwarded for HA, the HA server is wired to the router, and then an internal mesh wifi set up that does not implement any firewalls that is used to connect laptops and phones.

tom_l · May 4, 2019, 1:12am

So does your ISP provide a static IP address?

I edited my reply. I missed that you do have your own domain name.

bcarter · May 4, 2019, 1:15am

Nope, but I have a domain that Handles the dynamic ip.

Edit because you edited hahaha

tom_l · May 4, 2019, 1:16am

Does your router support NAT loopback (hairpinning)?

bcarter · May 4, 2019, 1:18am

Ooooh good question… I don’t know I will find out. But what would the loopback do?

tom_l · May 4, 2019, 1:19am

When you request the domain name the router recognises the external to internal IP translation and forwards you directly to the local address.

bcarter · May 4, 2019, 1:20am

I will find out!

bcarter · May 4, 2019, 5:00pm

so @tom_l, my router does not have loopback, and I miss spoke at the beginning as my configuration does not seem to allow me to connect on an internal IP at all… HA is not server up on the IP anymore since setting up the “HTTP:” block. so the loopback likely would not work either (depending on how it was passing on the packets)

any thoughts?

bcarter · May 4, 2019, 5:10pm

well… the problem went away… I did not change anything, so something else must have been causing this and NOT HA… but thank you so much for your help @tom_l!

Stooovie · October 14, 2019, 8:51am

Same here, slow after setting up SSL via DuckDNS addon. So far the issue hasn’t gone away.