Where to compress text files and filter access
Mik J
mikydevel at yahoo.fr
Sat Dec 31 16:34:33 UTC 2022
Hello Maxim,Thank you for this detailed answer.I'll keep it in my personal notes.I wish you a good year for 2023
Le vendredi 30 décembre 2022 à 01:17:11 UTC+1, Maxim Dounin <mdounin at mdounin.ru> a écrit :
Hello!
On Wed, Dec 28, 2022 at 11:05:01PM +0000, Mik J via nginx wrote:
> What is the best practice for these two situations:
> 1. Compress text files, should I make the compression on the
> reverse proxy or on the backend server ?
In most cases, it makes sense to compress things on the frontend
server.
In particular, this is because of at least the following factors:
1) Frontend servers are usually not just reverse proxies, but also
serve some static resources. As such, compression is anyway needs
to be configured on frontend servers.
2) Frontend servers often used with multiple different backends.
Further, in some cases they are used to generate responses based
on subrequests to different requests, such as with SSI. This
makes compression on frontend servers easier or even the only
possible solution.
3) Frontend servers are often used to cache backend responses, and
proper caching of compressed responses might be problematic and/or
inefficient (in particular, because the only mechanism available
is Vary).
Note well that by default nginx uses HTTP/1.0 when connecting to
upstream servers, and this in turn will disable gzip with default
settings. This naturally results in compression being done on
frontend servers when nginx with default settings is used both as
a backend and a frontend.
In some cases, it might make sense to compress on the backend
servers, for example, to ensure that CPU usage for compression is
balanced among multiple backend servers, or to minimize traffic
between frontends and backends. These are mostly about specific
configurations though.
> 2. Deny access to specific files for example, files starting
> with a dot .file, should I write the rule on the reverse proxy
> or on the backend server ?
I would recommend both. In particular, rules on the backend
server will ensure that the access is denied where the file
resides, making things safe even if the frontend servers is
somehow bypassed. Rules on the frontend server ensure that
requests are denied efficiently.
--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx at nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20221231/77d00a4d/attachment.htm>
More information about the nginx
mailing list