Tue, 25 May 2004
mod_gzip with mod_ssl
Unfortunately, there’s an incompatibility with mod_ssl and mod_gzip when running on Apache 1.3. In order to get them to work, you need to setup the proxy hack.
The general idea is that you split your SSL host into two virtual hosts: the frontend does the SSL, and the backend virtual host that does the compression.
First, load the Apache proxy module:
LoadModule proxy_module /usr/lib/apache/1.3/libproxy.so
It should go after your auth modules, but prior to ssl or gzip.
Tell Apache to listen on a high port:
Listen 10443
Setup the proxied vhost. :
<VirtualHost _default_:10443>
ServerName secure.example.com
# Whatever other config you need for this host...
</VirtualHost>
Then, setup the front-end. You should apply any mod_rewrite rules here, not in the backend. :
<VirtualHost 10.0.0.1:443>
ServerName secure.example.com
SSLEngine On
# Whatever other SSL config you need for this vhost.
ProxyRequests Off
ProxyPass / http://secure.example.com:10443/
ProxyPassReverse / http://secure.example.com:10443/
mod_gzip_on No
</VirtualHost>
It works pretty well, although you will see two entries in your access log per HTTPS request. You can strip the duplicates by removing entries from your webserver’s IP address prior to log processing.
Note that the backend virtual host should not be accessible externally, so you should use a per-host firewall or set Apache access restrictions on it to limit access to localhost only.
[/config/libapache-mod-gzip] permanent link
Fri, 21 May 2004
mod_gzip Config
mod_gzip is an Apache httpd module that compresses HTTP traffic on the fly. This can lead to significant bandwidth savings, and can make your web pages appear to load faster. On modern systems, it consumes a small amount of CPU and memory resources. In other words, it’s a win.
Unfortunately, due to various browser and Apache module bugs, you can’t just slap it in your server and call it a day.
To begin, first you must load the module. It should be loaded after all of your other modules. :
LoadModule gzip_module /usr/lib/apache/1.3/mod_gzip.so
You should then make a new LogFormat that contains the gzip compression stats (so that you can verify that it’s working, and so you can brag about how much bandwidth you’re saving). :
LogFormat "%v %h %l %u %t \"%r\" %>s %b \"%{Referer}i\"
\"%{User-Agent}i\" \"mod_gzip %{mod_gzip_result}n
In:%{mod_gzip_input_size}n Out:%{mod_gzip_output_size}n\""
vhost-combined-mod_gzip
If your log processing software is cool enough to handle the additional fields, then you can use this for your access.log, otherwise you’ll need to make a new CustomLog.
You then need to add a global mod_gzip configuration section:
<IfModule mod_gzip.c>
# Turn on mod_gzip processing by default.
mod_gzip_on Yes
# If a file is smaller than 300 bytes, just send it.
mod_gzip_minimum_file_size 300
# If a file is larger than 10MB, just send it.
mod_gzip_maximum_file_size 10485760
# If a file is smaller than 1MB, do the compress in memory.
mod_gzip_maximum_inmem_size 102400
# This is only useful for debugging
mod_gzip_keep_workfiles No
# Let mod_gzip check to see if there's already a static compressed
# version of the resource. If there is, just send that one instead of
# re-compressing the uncompressed version.
mod_gzip_can_negotiate Yes
# De-chunk output from CGIs and other Apache modules so that we can
# compress it. It's better if the CGIs that you want to compress don't
# chunk their output in the first place, though.
mod_gzip_dechunk Yes
# Now, we teach mod_gzip when to compress or not.
# NO: broken browsers which request gzipped content but then can't
# handle it.
mod_gzip_item_exclude reqheader "User-agent: Mozilla/4.0[678]"
# YES: HTML docs
mod_gzip_item_include file \.html$
mod_gzip_item_include file \.htm$
# YES: CGI scripts
mod_gzip_item_include file \.cgi$
mod_gzip_item_include handler cgi-script
# YES: text files, Apache directory listings
mod_gzip_item_include mime httpd/unix-directory
mod_gzip_item_include mime text/
# NO: images are already compressed
mod_gzip_item_exclude mime image/
# NO: Due to browser bugs, external CSS and JavaScript documents can't
# be compressed, ever.
mod_gzip_item_exclude file \.css$
mod_gzip_item_exclude file \.js$
</IfModule>
That’s it; your Apache will now gzip documents on the fly if the browser requests them.