Download speed is apparently slower than python's SimpleHTTPServer

Hi,
I try to download the same video (300MB) via two ways and the download rates are so different,

1. Nextcloud -> 100 - 300 KB/s
2. Python SimpleHTTPServer -> 700 - 1200 KB/s
   At the same time, using Speedtest to test the network, I got 20 Mbit/s uploading rate.
   I’m running Nextcloud with Nginx + Mariadb + Redis on Orange Pi (debian). I have tried the server tuning tutorial but the problem still exists.
   Can anyone give me some ideas to adjust my Nextcloud? Thank you very much

Below are useful information for you to get the picture of my condition.

1. Nginx configuration

   upstream php-handler {
        server  unix:/run/php/php7.0-fpm.sock;
   }
   
   
   server {
       server_name cloud;
       root /var/www/html/nextcloud;
       index index.php;
       autoindex off;
       server_tokens off;
       sendfile on;
       large_client_header_buffers 4 32k;
       client_max_body_size 512M;
       error_log /var/log/nginx/nextcloud_error.log error;
       access_log off;
       error_page 404 = /404.php;
   
       location /404.html {
           internal;
       }
   
       open_file_cache max=10000 inactive=1m;
       open_file_cache_valid 2m;
       open_file_cache_min_uses 2;
       open_file_cache_errors on;
       
       # Enable gzip but do not remove ETag headers
       gzip on;
       gzip_vary on;
       gzip_comp_level 4;
       gzip_min_length 256;
       gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
       gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
   
       location = /robots.txt {
           allow all;
           log_not_found off;
           access_log off;
       }
   
       location / {
           rewrite ^ /index.php$uri;
       }
       
       location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
               deny all;
       }
       
       location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
               deny all;
       }
       
       location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+)\.php(?:$|/) {
               fastcgi_split_path_info ^(.+\.php)(/.*)$;
               include fastcgi_params;
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               fastcgi_param PATH_INFO $fastcgi_path_info;
               # fastcgi_param HTTPS on;
               #Avoid sending the security headers twice
               fastcgi_param modHeadersAvailable true;
               fastcgi_param front_controller_active true;
               fastcgi_pass php-handler;
               fastcgi_intercept_errors on;
               fastcgi_request_buffering off;
               fastcgi_read_timeout 60s;
               fastcgi_connect_timeout 60s;
               fastcgi_send_timeout 60s;     
       }
       
       location ~ ^/(?:updater|ocs-provider)(?:$|/) {
           try_files $uri/ =404;
           index index.php;
       }
   
       location ~ \.(?:css|js|woff|svg|gif)$ {
           try_files $uri /index.php$request_uri;
           add_header Cache-Control "public, max-age=15778463";
           # Optional: Don't log access to assets
           access_log off;
       }
       
       location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ {
           try_files $uri /index.php$request_uri;
           # Optional: Don't log access to other assets
           access_log off;
       }
   
       location ^~ /.well-known/acme-challenge/ {
           allow all;
       }
       listen 80;
       if ($scheme = http) {
          # Force redirection to HTTPS.
           return 301 https://$host:443$request_uri;
       }
       listen 443 ssl http2;
       ssl_certificate  fullchain.pem;
       ssl_certificate_key privkey.pem;
           # PFS (Perfect Forward Secrecy)
       ssl_protocols TLSv1.2;
       ssl_prefer_server_ciphers on;
       ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
       
       # HSTS (HTTP Strict Transport Security)
       add_header Strict-Transport-Security "max-age=15768000; includeSubdomains";
       # Content Security Policy (CSP)
       add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.draw.io/; img-src 'self' data: https://source.unsplash.com/ https://usercontent.apps.nextcloud.com/  https://images.unsplash.com/;font-src 'self' data:;";
       add_header X-Frame-Options "SAMEORIGIN";
       add_header X-Content-Type-Options "nosniff";
       add_header X-XSS-Protection "1; mode=block";
       add_header X-Permitted-Cross-Domain-Policies none;
       add_header X-Robots-Tag none;
       add_header X-Download-Options "noopen";
   }
   

2. config/config.php

   'auth.bruteforce.protection.enabled' => false,
   
   'memcache.local' => '\\OC\\Memcache\\Redis',
   
   'redis' =>
   
   array (
   
   'host' => '/var/run/redis/redis.sock',
   
   'port' => 0,
   
   'timeout' => 0.0,
   
   ),
   
   'filelocking.enabled' => true,
   
   'memcache.locking' => '\\OC\\Memcache\\Redis',