How to turn off gzip compression for SSL traffic
Bob S.
farseas at gmail.com
Sun Aug 18 13:01:27 UTC 2013
I thought that "if" statements slowed nginx down?
On Sun, Aug 18, 2013 at 6:27 AM, howard chen <howachen at gmail.com> wrote:
> Hi,
>
> Thanks for the insight.
>
> Finally I solved by:
>
> if ($scheme = https) {
> gzip off;
> }
>
> Separating into two servers require to duplicate the rules like rewrite,
> which is cumbersome.
>
> Thanks anyway
>
>
>
>
> On Sat, Aug 17, 2013 at 8:43 PM, Igor Sysoev <igor at sysoev.ru> wrote:
>
>> On Aug 17, 2013, at 8:59 , howard chen wrote:
>>
>> Hi,
>>
>> As you know, due the breach attack (http://breachattack.com), HTTP
>> compression is no longer safe (I assume nginx don't use SSL compression by
>> default?), so we should disable it.
>>
>>
>> Yes, modern nginx versions do not use SSL compression.
>>
>> Now, We are using config like the following:
>>
>> gzip on;
>> ..
>>
>> server {
>> listen 127.0.0.1:80 <http://127.0.0.1/> default_server;
>> listen 127.0.0.1:443 default_server ssl;
>>
>>
>>
>> With the need to split into two servers section, is it possible to turn
>> off gzip when we are using SSL?
>>
>>
>> You have to split the dual mode server section into two server server
>> sections and set "gzip off"
>> SSL-enabled on. There is no way to disable gzip in dual mode server
>> section, but if you really
>> worry about security in general the server sections should be different.
>>
>>
>> --
>> Igor Sysoev
>> http://nginx.com/services.html
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130818/22c49a0d/attachment.html>
More information about the nginx
mailing list