htaccess Elite

.htaccess tutorial


Board index » Get .htaccess Help » Caching and Optimizing

All times are UTC [ DST ]




Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 
  Print view |  
Author Message
produke
 Post subject: mod_gzip with SSL mini howto
PostPosted: Mar 25th, '07, 17:36 
Offline
User avatar

Joined: Sep 25th, '06, 04:48
Posts: 242
[Mod_gzip] mod_gzip with SSL mini howto
Tim Behrendsen mod_gzip@lists.over.net
Tue, 19 Feb 2002 20:59:05 -0800

Previous message: [Mod_gzip] mod_gzip / SSL HOWTO
Next message: [Mod_gzip] mod_gzip / SSL HOWTO
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

--------------------------------------------------------------------------------

MOD_GZIP WITH SSL MINI HOWTO

Version 0.1 February 19, 2002
Tim Behrendsen
All rights given to the public domain.

INTRODUCTION

This document describes how to run mod_gzip over SSL connections using
mod_ssl. The method described has been tested with Apache 1.3.22 under
RedHat 7.2 (Kernel 2.4.13), mod_gzip 1.3.19.1a, mod_ssl 2.8.5 and OpenSSL
0.9.6b.

THE PROBLEM

One would expect to be able to just plug in mod_gzip into Apache in the
normal way, and have it work with SSL. Unfortunately, due to technical
issues with mod_ssl beyond the scope of this document (apparently mod_ssl
greedily grabs the result before anyone else has a chance), the easy
solution doesn't work.

There are workarounds, however, that give the desired result.

THE SOLUTION

A workaround solution is to use mod_proxy. A front-end SSL-enabled Virtual
Host receives the request, and then uses mod_proxy to pass the result to a
back-end non-SSL virtual host that processes the request, compresses the
content and passes it back. The front-end then happily forwards the data
through the SSL connection.

CONFIGURATION

After installing mod_gzip, enable mod_proxy in the configuration file by
adding (or uncommenting) the following lines to the appropriate areas (after
directives of the same form would be a good place)

LoadModule proxy_module modules/libproxy.so

AddModule mod_proxy.c

The following lines are a good basic configuration for mod_gzip (mostly
taken from the mod_gzip FAQ). Add these into your configuration:

-------------------------------------------
# [ mod_gzip sample configuration ]

# mod_gzip_on [Yes/No]
#
# Use this command to turn mod_gzip 'on' or 'off'.
# The command can go into the base server configuration
# or be used to control if mod_gzip is active inside
# any particular virtual directory or host section.
#
mod_gzip_on Yes

# Size limits

mod_gzip_minimum_file_size 300
mod_gzip_maximum_file_size 0
mod_gzip_maximum_inmem_size 100000

# mod_gzip_item_include type regular_expression
# mod_gzip_item_exclude type regular_expression
#
# Use 'include' and 'exclude' commands to specify which
# items are eligible for compression.
#
# The valid values for 'type' field are...
#
# file, mime, handler, reqheader, rspheader.
#
# The 3rd parameter must be a valid 'regular expression'
# which will be used to 'match' the requested item(s).
#
mod_gzip_item_include file \.htm$
mod_gzip_item_include file \.html$
mod_gzip_item_include mime text/.*
mod_gzip_item_include handler ^perl-script$

# NOTE: The following entry was required to compress negotiated
# home pages in version 1.3.17.1a but is now only needed
# if you would like to compress your directory listings...
#
# mod_gzip_item_include mime httpd/unix-directory
# mod_gzip_dechunk [Yes/No]
#
# If a response is being generated dynamically and
# the response content generator is always using
# 'Transfer-Encoding: chunked' then that response
# cannot normally be 'compressed' since a transport layer
# encoding is already being applied. The "mod_gzip_dechunk Yes"
# option will transparently remove all 'chunked' encoding
# and allow the response to be fully compressed. Certain
# versions of mod_php will need this option set ON for the
# dynamic output to be compressed. Whenever possible just
# make sure this option and the extra step required
# are NOT needed by making sure the response generator is NOT
# using 'Transfer-encoding: chunked'.
#
mod_gzip_dechunk yes

# mod_gzip_min_http [1000/1001/etc...]
#
# Only use this to 'block' browsers that don't support a
# certain minimum level of the HTTP protocol. The option
# uses the same internal 'numeric' value(s) used by Apache
# itself to indicate certain HTTP protocol support level(s).
#
# 1000=HTTP/1.0 1001=HTTP/1.1, etc.
#
# mod_gzip_min_http 1000

# mod_gzip_temp_dir /tmp
#
# Use this option to specify the directory that mod_gzip should
# use for workfiles. Do not add a trailing 'slash' to the name.
#
# Whenever possible ( and for the best performance ) this 'temporary'
# workfile directory should be a valid RAMDISK.
#
# The directory must already exist when Apache starts.
#
# Be sure permissions are set right for whatever directory is
# used as the 'temp_dir'. The User/Group used by the Server during
# runtime ( such as 'www' or 'nobody' ) must have read/write
# access to the directory. If permissions are incorrect then the
# mod_gzip 'result' string will probably be 'RECOVERY' and your
# Apache error_log will contain messages about mod_gzip being
# unable to access work files.
#
# If no 'mod_gzip_temp_dir' is specified then the DEFAULTS are...
#
# /tmp for UNIX
# c:\temp for Win32.
#
mod_gzip_temp_dir /tmp

# mod_gzip_keep_workfiles [Yes/No]
#
# If this option is 'Yes' then mod_gzip will not delete any
# workfiles it may be generating in the 'mod_gzip_temp_dir'
# location. Use this option only for diagnostic purposes.
# The 'default' setting is 'No'.
#
mod_gzip_keep_workfiles No

# [End of mod_gzip sample config]
--------------------------------------------------

Add the following lines to your SSL VirtualHost:

ProxyRequests On
ProxyPass / myhost:4430/
ProxyPassReverse / myhost:4430/
mod_gzip_on No

This directs mod_proxy to send all requests to a back-end virtual host on
port 4430. Change "myhost" to your hostname.

Finally add a virtual host section similar to your primary SSL section, but
without the SSL set-up.

Listen 4430
<VirtualHost _default_:4430>
...host information...
</VirtualHost>

Restart Apache, and that should be it!

NOTE: Make your firewall is configured to block requests to 4430 (or
whatever port you choose), otherwise you have a potential non-SSL backdoor
into your web server.

PROBLEMS

Q: Error log gives:
mod_gzip: EMPTY FILE [/tmp/_3630_118_19.wrk] in sendfile2
mod_gzip: Make sure all named directories exist and have the correct
permissions.

A: This seems to be caused when mod_gzip is enabled for the SSL section.
Make sure it's either disabled using "mod_gzip_on No" or by specifying the
mod_gzip parameters only within the virtual host.

Q: I'm getting redirected to the non-SSL page!

A: Are you using mod_rewrite to fix trailing slashes or other mods? Try
disabling it in the back-end non-SSL virtual host. Keep the rewrites on the
front-end.
Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  Page 1 of 1
  [ 1 post ] 

Board index » Get .htaccess Help » Caching and Optimizing

All times are UTC [ DST ]

Who is online

Users browsing this forum: No registered users and 1 guest

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB