Hello! On Wed, Dec 28, 2022 at 11:05:01PM +0000, Mik J via nginx wrote:
> What is the best practice for these two situations: > 1. Compress text files, should I make the compression on the > reverse proxy or on the backend server ? In most cases, it makes sense to compress things on the frontend server. In particular, this is because of at least the following factors: 1) Frontend servers are usually not just reverse proxies, but also serve some static resources. As such, compression is anyway needs to be configured on frontend servers. 2) Frontend servers often used with multiple different backends. Further, in some cases they are used to generate responses based on subrequests to different requests, such as with SSI. This makes compression on frontend servers easier or even the only possible solution. 3) Frontend servers are often used to cache backend responses, and proper caching of compressed responses might be problematic and/or inefficient (in particular, because the only mechanism available is Vary). Note well that by default nginx uses HTTP/1.0 when connecting to upstream servers, and this in turn will disable gzip with default settings. This naturally results in compression being done on frontend servers when nginx with default settings is used both as a backend and a frontend. In some cases, it might make sense to compress on the backend servers, for example, to ensure that CPU usage for compression is balanced among multiple backend servers, or to minimize traffic between frontends and backends. These are mostly about specific configurations though. > 2. Deny access to specific files for example, files starting > with a dot .file, should I write the rule on the reverse proxy > or on the backend server ? I would recommend both. In particular, rules on the backend server will ensure that the access is denied where the file resides, making things safe even if the frontend servers is somehow bypassed. Rules on the frontend server ensure that requests are denied efficiently. -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
