Forum: NGINX gzip client & proxy with sub_filter sanity check.

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
A22d31b5ab0fc6870e72a12be631e1ef?d=identicon&s=25 Steve Wilson (Guest)
on 2012-10-18 20:50
(Received via mailing list)
After some playing with debian's current version of nginx I've reached
the conclusion it's not possible without the gunzip module.

Below is my current test configuration, in short I'm trying to reduce
the server bandwidth by having proxy upstream requests and client
responses gzipped, however I need to rewrite some content in-line.

Is this the best way to go about this or am I over complicating it?

server {
        listen   80;
        listen   [::]:80 default_server ipv6only=on;
        server_name localhost;
        gzip on;
        location / {
                proxy_pass http://127.0.0.1:8000;
                proxy_set_header Accept-Encoding "";
        }
}

server {
        listen 127.0.0.1:8000;
        server_name site1;
        location / {
                proxy_pass http://127.0.0.1:8001;
                sub_filter foo bar;
                sub_filter_once off;
                proxy_set_header Accept-Encoding "";
        }
}
server {
        listen 127.0.0.1:8001;
        server_name site2;
        gunzip on;
        location / {
                proxy_pass http://www.example.org;
                proxy_set_header Accept-Encoding gzip;
        }
}


nginx -V:
nginx version: nginx/1.3.7
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-log-path=/var/log/nginx/access.log \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--lock-path=/var/lock/nginx.lock \
--pid-path=/var/run/nginx.pid \
--with-pcre-jit \
--with-debug \
--with-file-aio \
--with-http_addition_module \
--with-http_dav_module \
--with-http_gunzip_module \
--with-http_flv_module \
--with-http_geoip_module \
--with-http_gzip_static_module \
--with-http_image_filter_module \
--with-http_mp4_module \
--with-http_perl_module \
--with-http_random_index_module \
--with-http_realip_module \
--with-http_secure_link_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_sub_module \
--with-http_xslt_module \
--with-ipv6 \
--with-sha1=/usr/include/openssl \
--with-md5=/usr/include/openssl \
--with-mail \
--with-mail_ssl_module \
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-auth-pam \
--add-module=/root/build/nginx-1.3.7/debian/modules/chunkin-nginx-module
\
--add-module=/root/build/nginx-1.3.7/debian/modules/headers-more-nginx-module
\
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-development-kit
\
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-echo \
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-push-stream-module
\
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-lua \
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-upload-module\
 --add-module=/root/build/nginx-1.3.7/debian/modules/nginx-upload-progress
\
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-upstream-fair\
 --add-module=/root/build/nginx-1.3.7/debian/modules/nginx-dav-ext-module
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-syslog \
--add-module=/root/build/nginx-1.3.7/debian/modules/nginx-cache-purge
A8108a0961c6087c43cda32c8616dcba?d=identicon&s=25 Maxim Dounin (Guest)
on 2012-10-18 21:01
(Received via mailing list)
Hello!

On Thu, Oct 18, 2012 at 07:49:36PM +0100, Steve Wilson wrote:

>         listen   80;
>         listen 127.0.0.1:8000;
>         server_name site1;
>         location / {
>                 proxy_pass http://127.0.0.1:8001;
>                 sub_filter foo bar;
>                 sub_filter_once off;
>                 proxy_set_header Accept-Encoding "";
>         }
> }

These two server{} blocks may be safely joined together.

> server {
>         listen 127.0.0.1:8001;
>         server_name site2;
>         gunzip on;
>         location / {
>                 proxy_pass http://www.example.org;
>                 proxy_set_header Accept-Encoding gzip;
>         }
> }

And probably we want to implement something like

    gunzip always;

to allow such processing in a single server block.

[...]

> --with-sha1=/usr/include/openssl \
> --with-md5=/usr/include/openssl \

Just a side note: this is incorrect.  As per ./configure help:

  --with-md5=DIR                     set path to md5 library sources
  --with-sha1=DIR                    set path to sha1 library sources

Obviously you don't have any sources to build in
/usr/include/openssl.  Just remove these configure arguments.


--
Maxim Dounin
http://nginx.com/support.html
A22d31b5ab0fc6870e72a12be631e1ef?d=identicon&s=25 Steve Wilson (Guest)
on 2012-10-18 21:18
(Received via mailing list)
On 18/10/2012 20:00, Maxim Dounin wrote:
>>
>>         }
>>         }
>> }
>
> These two server{} blocks may be safely joined together.

Ah yeah, looking at it now I can see this as the content for sub_filter
is already gunzipped.

> And probably we want to implement something like
>
>     gunzip always;
>
> to allow such processing in a single server block.

;)

> Obviously you don't have any sources to build in
> /usr/include/openssl.  Just remove these configure arguments.
>
>

I should have perhaps mentioned that I use the nginx-extras package from
debian in production to get the configure line and just added in the
gunzip flag myself for testing.

Having read through some of the enabled options I'll probably end up
creating our own nginx build to remove some unwanted options.

Steve.
This topic is locked and can not be replied to.