Where to compress text files and filter access
mdounin at mdounin.ru
Fri Dec 30 00:16:57 UTC 2022
On Wed, Dec 28, 2022 at 11:05:01PM +0000, Mik J via nginx wrote:
> What is the best practice for these two situations:
> 1. Compress text files, should I make the compression on the
> reverse proxy or on the backend server ?
In most cases, it makes sense to compress things on the frontend
In particular, this is because of at least the following factors:
1) Frontend servers are usually not just reverse proxies, but also
serve some static resources. As such, compression is anyway needs
to be configured on frontend servers.
2) Frontend servers often used with multiple different backends.
Further, in some cases they are used to generate responses based
on subrequests to different requests, such as with SSI. This
makes compression on frontend servers easier or even the only
3) Frontend servers are often used to cache backend responses, and
proper caching of compressed responses might be problematic and/or
inefficient (in particular, because the only mechanism available
Note well that by default nginx uses HTTP/1.0 when connecting to
upstream servers, and this in turn will disable gzip with default
settings. This naturally results in compression being done on
frontend servers when nginx with default settings is used both as
a backend and a frontend.
In some cases, it might make sense to compress on the backend
servers, for example, to ensure that CPU usage for compression is
balanced among multiple backend servers, or to minimize traffic
between frontends and backends. These are mostly about specific
> 2. Deny access to specific files for example, files starting
> with a dot .file, should I write the rule on the reverse proxy
> or on the backend server ?
I would recommend both. In particular, rules on the backend
server will ensure that the access is denied where the file
resides, making things safe even if the frontend servers is
somehow bypassed. Rules on the frontend server ensure that
requests are denied efficiently.
More information about the nginx