Gzip client & proxy with sub_filter sanity check

aris · October 18, 2012, 8:50pm

After some playing with debian’s current version of nginx I’ve reached
the conclusion it’s not possible without the gunzip module.

Below is my current test configuration, in short I’m trying to reduce
the server bandwidth by having proxy upstream requests and client
responses gzipped, however I need to rewrite some content in-line.

Is this the best way to go about this or am I over complicating it?

server {
listen 80;
listen [::]:80 default_server ipv6only=on;
server_name localhost;
gzip on;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header Accept-Encoding “”;
}
}

server {
listen 127.0.0.1:8000;
server_name site1;
location / {
proxy_pass http://127.0.0.1:8001;
sub_filter foo bar;
sub_filter_once off;
proxy_set_header Accept-Encoding “”;
}
}
server {
listen 127.0.0.1:8001;
server_name site2;
gunzip on;
location / {
proxy_pass http://www.example.org;
proxy_set_header Accept-Encoding gzip;
}
}

nginx -V:
nginx version: nginx/1.3.7
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx
–conf-path=/etc/nginx/nginx.conf
–error-log-path=/var/log/nginx/error.log
–http-client-body-temp-path=/var/lib/nginx/body
–http-fastcgi-temp-path=/var/lib/nginx/fastcgi
–http-log-path=/var/log/nginx/access.log
–http-proxy-temp-path=/var/lib/nginx/proxy
–http-scgi-temp-path=/var/lib/nginx/scgi
–http-uwsgi-temp-path=/var/lib/nginx/uwsgi
–lock-path=/var/lock/nginx.lock
–pid-path=/var/run/nginx.pid
–with-pcre-jit
–with-debug
–with-file-aio
–with-http_addition_module
–with-http_dav_module
–with-http_gunzip_module
–with-http_flv_module
–with-http_geoip_module
–with-http_gzip_static_module
–with-http_image_filter_module
–with-http_mp4_module
–with-http_perl_module
–with-http_random_index_module
–with-http_realip_module
–with-http_secure_link_module
–with-http_stub_status_module
–with-http_ssl_module
–with-http_sub_module
–with-http_xslt_module
–with-ipv6
–with-sha1=/usr/include/openssl
–with-md5=/usr/include/openssl
–with-mail
–with-mail_ssl_module
–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-auth-pam
–add-module=/root/build/nginx-1.3.7/debian/modules/chunkin-nginx-module

–add-module=/root/build/nginx-1.3.7/debian/modules/headers-more-nginx-module

–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-development-kit

–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-echo
–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-push-stream-module

–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-lua
–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-upload-module
–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-upload-progress

–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-upstream-fair
–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-dav-ext-module
–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-syslog
–add-module=/root/build/nginx-1.3.7/debian/modules/nginx-cache-purge

interactivenyc · October 18, 2012, 9:01pm

Hello!

On Thu, Oct 18, 2012 at 07:49:36PM +0100, Steve W. wrote:

    listen   80;
    listen 127.0.0.1:8000;
    server_name site1;
    location / {
            proxy_pass http://127.0.0.1:8001;
            sub_filter foo bar;
            sub_filter_once off;
            proxy_set_header Accept-Encoding "";
    }

}

These two server{} blocks may be safely joined together.

server {
listen 127.0.0.1:8001;
server_name site2;
gunzip on;
location / {
proxy_pass http://www.example.org;
proxy_set_header Accept-Encoding gzip;
}
}

And probably we want to implement something like

gunzip always;

to allow such processing in a single server block.

[…]

–with-sha1=/usr/include/openssl
–with-md5=/usr/include/openssl \

Just a side note: this is incorrect. As per ./configure help:

–with-md5=DIR set path to md5 library sources
–with-sha1=DIR set path to sha1 library sources

Obviously you don’t have any sources to build in
/usr/include/openssl. Just remove these configure arguments.

–
Maxim D.

interactivenyc · October 18, 2012, 9:18pm

On 18/10/2012 20:00, Maxim D. wrote:

    }
    }
}
These two server{} blocks may be safely joined together.

Ah yeah, looking at it now I can see this as the content for sub_filter
is already gunzipped.

And probably we want to implement something like
gunzip always;
to allow such processing in a single server block.

Obviously you don’t have any sources to build in
/usr/include/openssl. Just remove these configure arguments.

I should have perhaps mentioned that I use the nginx-extras package from
debian in production to get the configure line and just added in the
gunzip flag myself for testing.

Having read through some of the enabled options I’ll probably end up
creating our own nginx build to remove some unwanted options.

Steve.