3.0.12 Slow ; Browser Errors; Laravel Log Errors

Self Hosted
Akaunting Version: 3.0.12
Server: Ubuntu 22.04
PHP Version: 8.2.4
MySQL Version: 8.0.32-0ubuntu0.22.04.2
Browser: Brave Version 1.50.114 Chromium: 112.0.5615.49 (Official Build) (64-bit)

It's taking forever (30+ seconds) to go from page to page in the application. It didn't use to be like this. Now the software is almost unusable.

These are the errors we get in the browser console:

edit:1603 Refused to load the image 'https://assets.akaunting.com/software/admin/tips/bank-feeds.png' because it violates the following Content Security Policy directive: "default-src 'self' data: blob: *.google.com *.gstatic.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

edit:1 Refused to load the image 'https://assets.akaunting.com/software/admin/tips/bank-feeds.png' because it violates the following Content Security Policy directive: "default-src 'self' data: blob: *.google.com *.gstatic.com". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.

DevTools failed to load source map: Could not load content for https://akaunting.aaaaaaa.bbb/public/akaunting-js/popper.min.js.map: Unexpected token '

..continued because this forum software is terrible

DevTools failed to load source map: Could not load content for https://akaunting.aaaaaaa.bbb/public/akaunting-js/popper.min.js.map: Unexpected token '

And we get lots of these errors in the Laravel log

[2023-04-10 06:48:17] production.ERROR: Attempted to lazy load [document] on model [App\Models\Banking\Transaction]. {"userId":1,"exception":"[object] (Exception(code: 0): Attempted to lazy load [document] on model [App\\Models\\Banking\\Transaction]. at /d01/www/akaunting/vendor/laravel/framework/src/Illuminate/Foundation/helpers.php:681)

Same here re: unusable. Not only do I click and wait *forever*, but the autoloader takes over my screen even when the data is clearly loaded in the background. Further, the UX makes no sense - can't even right click > open in new tab on an invoice?

My console errors:
DevTools failed to load source map: Could not parse content for https://akaunting.mysite.ca/public/akaunting-js/popper.min.js.map: Unexpected token '

Update: We performed some server maintenance - specifically, we installed PHP FPM and tweaked MySQL config - and noticed a *massive* speed boost on all our PHP web apps ..... .. . . . except Akaunting, which is actually slower. 20 seconds to login, and now nearly 38 seconds to click between pages.

Specifically, this appears at least a dozen times:
LOG.warning: addslashes(): Passing null to parameter #1 ($strong) of type string is deprecated in /home/public_html/akaunting/app/View/Components/DeleteLink.php on line 221

And here's my server specs - note that both opcache and fpm are installed...
Xeon 8 core 3.8Ghz
32GB RAM (of which 20GB and 22 instances are dedicated to SQL)

PHP
8.1.13
MySQL
10.3.27-MariaDB
Memory Limit
128M
Execution Time
30
PHP OS
Linux
PHP SAPI
fpm-fcgi
PHP Timezone
UTC
Requirements
[]
PHP Extensions
array:45 [▼
0 => "Core"
1 => "date"
2 => "libxml"
3 => "openssl"
4 => "pcre"
5 => "zlib"
6 => "filter"
7 => "hash"
8 => "json"
9 => "pcntl"
10 => "Reflection"
11 => "SPL"
12 => "session"
13 => "standard"
14 => "cgi-fcgi"
15 => "bcmath"
16 => "calendar"
17 => "ctype"
18 => "curl"
19 => "dom"
20 => "fileinfo"
21 => "ftp"
22 => "gd"
23 => "iconv"
24 => "imap"
25 => "intl"
26 => "mbstring"
27 => "mysqlnd"
28 => "PDO"
29 => "Phar"
30 => "posix"
31 => "SimpleXML"
32 => "soap"
33 => "sockets"
34 => "sqlite3"
35 => "tokenizer"
36 => "xml"
37 => "xmlwriter"
38 => "xsl"
39 => "zip"
40 => "mysqli"
41 => "pdo_mysql"
42 => "pdo_sqlite"
43 => "xmlreader"
44 => "Zend OPcache"
]

My entire team is crippled by the speed, and we've had enough so we took an even deeper look. It appears that a random page of data is 5MB (!!!) in size. This is huge for a media-light page, but it suggests there are a LOT of libraries ... and possibly a compression issue. I checked /akaunting/.htaccess and, sure enough, there was no compression enabled server-side. I added it and GUESS WHAT!!! PAGE LOADS ARE HUMANE!!!!

Without further adieu and in the hopes that it may help others, here is my modified .htaccess:

# Prevent Directory Listing

IndexIgnore *


### Begin: Compression THIS MUST BE THE FIRST BLOCK BEFORE ANY REWRITING ###


AddType "text/javascript" .gzip


AddType "text/css" .gzip

AddEncoding gzip .gzip


# Force compression for mangled `Accept-Encoding` request headers


SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAV$
RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding



# Compress all output labeled with one of the following media types.
#
# (!) For Apache versions below version 2.3.7 you don't need to
# enable `mod_filter` and can remove the ``
# and `` lines as `AddOutputFilterByType` is still in
# the core directives.
#
# https://httpd.apache.org/docs/current/mod/mod_filter.html#addoutputfilterbytype


AddOutputFilterByType DEFLATE application/atom+xml \
application/javascript \
application/json \
application/ld+json \
application/manifest+json \
application/rdf+xml \
application/rss+xml \
application/schema+json \
application/vnd.geo+json \
application/vnd.ms-fontobject \
application/x-font-ttf \
application/x-javascript \
application/x-web-app-manifest+json \
application/xhtml+xml \
application/xml \
font/eot \
font/opentype \
image/bmp \
image/svg+xml \
image/vnd.microsoft.icon \
image/x-icon \
text/cache-manifest \
text/css \
text/html \
text/javascript \
text/plain \
text/vcard \
text/vnd.rim.location.xloc \
text/vtt \
text/x-component \
text/x-cross-domain-policy \
text/xml



AddEncoding gzip svgz



### End: Compression ###

### Begin: Browser caching of resource files ###

# This affects Frontend and Backend and increases performance.


ExpiresActive on
ExpiresDefault "access plus 1 year"

ExpiresByType text/css "access plus 1 year"

ExpiresByType application/json "access plus 0 seconds"
ExpiresByType application/ld+json "access plus 0 seconds"
ExpiresByType application/schema+json "access plus 0 seconds"
ExpiresByType application/vnd.geo+json "access plus 0 seconds"
ExpiresByType application/xml "access plus 0 seconds"
ExpiresByType text/xml "access plus 0 seconds"

ExpiresByType image/vnd.microsoft.icon "access plus 1 week"
ExpiresByType image/x-icon "access plus 1 week"

ExpiresByType text/x-component "access plus 1 month"

ExpiresByType text/html "access plus 0 seconds"

ExpiresByType application/javascript "access plus 1 year"
ExpiresByType application/x-javascript "access plus 1 year"
ExpiresByType text/javascript "access plus 1 year"

ExpiresByType application/manifest+json "access plus 1 week"
ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
ExpiresByType text/cache-manifest "access plus 0 seconds"

ExpiresByType audio/ogg "access plus 1 year"
ExpiresByType image/bmp "access plus 1 year"
ExpiresByType image/gif "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 year"
ExpiresByType image/png "access plus 1 year"
ExpiresByType image/svg+xml "access plus 1 year"
ExpiresByType image/webp "access plus 1 year"
ExpiresByType video/mp4 "access plus 1 year"
ExpiresByType video/ogg "access plus 1 year"
ExpiresByType video/webm "access plus 1 year"

ExpiresByType application/atom+xml "access plus 1 hour"
ExpiresByType application/rdf+xml "access plus 1 hour"
ExpiresByType application/rss+xml "access plus 1 hour"

ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
ExpiresByType font/eot "access plus 1 year"
ExpiresByType font/opentype "access plus 1 year"
ExpiresByType application/x-font-ttf "access plus 1 year"
ExpiresByType application/font-woff "access plus 1 year"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType font/woff "access plus 1 year"
ExpiresByType application/font-woff2 "access plus 1 year"

ExpiresByType text/x-cross-domain-policy "access plus 1 week"



### End: Browser caching of resource files ###


# Prevent Directory Listing

Options -MultiViews -Indexes


RewriteEngine On

# Prevent Direct Access to Protected Files

# Apache 2.2 syntax

Order deny,allow
Deny from all

# Apache 2.4 syntax

Require all denied



# Prevent Direct Access To Protected Folders
RewriteRule ^(app|bootstrap|config|database|overrides|resources|routes|storage|tests)/(.*) / [L,R=301]

# Prevent Direct Access To modules/vendor Folders Except Assets
RewriteRule ^(modules|vendor)/(.*)\.((?!ico|gif|jpg|jpeg|png|js\b|css|less|sass|font|woff|woff2|eot|ttf|svg|xls|xlsx).)*$ / [L,R=301]

# Redirect Trailing Slashes If Not A Folder...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)/$ /$1 [L,R=301]

# Send Requests To Front Controller...
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^ index.php [L]

# Handle Authorization Header
RewriteCond %{HTTP:Authorization} .
RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]




# php -- BEGIN cPanel-generated handler, do not edit
# Set the “ea-php81” package as the default “PHP” programming language.

AddHandler application/x-httpd-ea-php81 .php .php8 .phtml

# php -- END cPanel-generated handler, do not edit

Whoops, I should note, the forum is (rightfully) filtering the ifmodules, so I'll try to put them in this way...

- Wrap indexignore in ifmodule:
- Before #Force compression, add an ifmodule:
- After text/xml, close the ifmodule:
- Wrap the AddEncoding gzip svgz in ifmodule: AND THEN add another closing
- Before "#Prevent directory listing", add and ifmodule:
- Before " ExpiresActive on", add and ifmodule:
- After cross-domain-policy "access plus 1 week", close the ifmodule:
- Before "# Prevent Directory Listing", wrap an if:
# Prevent Directory Listing
- After Options -MultiViews -Indexes, close the if:
- After HTTP:Authorization}], close the ifmodule: