I'm running Caddy v1 as a reverse proxy and I would like to apply GZIP compression on e.g. JSON responses.
I noticed that the gzip Caddy v1 directive only applies on files Caddy serves its self but not on responses where Caddy runs a reverse proxy with the proxy directive.
0.0.0.0:8080 {
gzip {
ext *
level 9
}
log stdout
errors stdout
proxy /api/v2 127.0.0.1:50010 {
transparent
without /api/v2
}
}
Is there a way to compress the proxied response body or is this not possible with Caddy?
Related
I am using webpack's compression plugin to gzip the content of files(html, js) and then I published gzip files removing the extension .gz to server(AWS/Nginx/Apache).
compression plugin of webpack's configuration:
new CompressionPlugin({
'asset': "[path]",
'algorithm': "gzip",
'test': /\.js$|\.css$|\.html$/,
'threshold': 10240,
'minRatio': 0.8
})
I have tried AWS, Nginx and Apache. on AWS i have to set content-encoding metadata explicitly after uploading the files.
On Nginx there is a much simpler solution - http_gzip_static_module.
location / {
gzip_static on;
rewrite ^/?$ /index.html break;
root /srv/app;
}
by setting gzip_static on to Nginx server it provides correct Content-Type and Content-Encoding being passed to the client.
So in both AWS and on Nginx it's working fine and I am trying to achieve the same thing on apache server but it results in unexpected token in gzip files.
After debugging, I got to understand the files which are gzipped does not have content-encoding: gzip as metadata tags and resulting browser's request to fail.
I want to understand if there is any way in webpack compression plugin or in webpack where we can explicitly add metadata of file? or anyother way I can handle this issue.
I'm building a proxy chain to access an internal proxy from the outside with additional authentication:
Internet -> [Apache Forward Proxy] -> [Internal Squid Proxy] -> Internal Website
The Apache Forward Proxy is doing TLS including Certificate Based Authentication (CBA), the Squid Proxy requires basic auth with username / password. Authentication works as expected for both components.
Challenge is now to get the Apache to act as a Forward Proxy and to forward the Proxy-Authorization header from the user to the internal Proxy.
Here is the current configuration I'm using (mod_proxy and mod_proxy_connect are enabled):
# Enable forward proxy
ProxyRequests On
# Pass all requests on to the squid proxy
ProxyRemote * http://proxy.internal:3128
# Only allow proxy connect to port 443
AllowCONNECT 443
With this setup the Apache doesn't forward the Proxy-Authorization header to the internal proxy. All settings I could find for this topic (Proxy-Chain-Auth, ProxyAddHeaders, rewrite rules etc.) only work in Reverse Proxy mode using ProxyPass. But a Reverse Proxy doesn't fit here since in this mode the Apache modifies the header and the CONNECT for TLS webservers won't work.
The Apache doesn't forward any header fields from the client, in the end a request from the Apache to the internal Proxy looks like this:
CONNECT someserver.de:443 HTTP/1.0\r\n
Proxy-agent: Apache/2.4.18 (Ubuntu)\r\n
\r\n
I'm aware the Proxy-Authorization field is a Hop-by-hop field which is normally not allowed to passed to the next proxy.
Is it still possible to get the Apache to forward a Proxy-Authorization header to the internal Proxy when acting as Forward Proxy?
There is a bug for a related topic in the Apache bugtracker. But this one is to specify the username/password hard-coded in the apache config which is not what I need. I want to forward the client authorization individually.
https://bz.apache.org/bugzilla/show_bug.cgi?id=37355
I am working with a Golang app and Caddy as the HTTP server. The golang app rejects every http connection, it only can be used over HTTPS. This app is a kind of API/service that is consumed by other apps. As, it requires HTTPS I installed Caddy so I can take advantage of the automatic SSL certificate and use proxy to switch between the ports.
The application is running in the port 9000, so, the consumers will only writte mysite.com and caddy should be in charge of redirect that petitions to the port 9000 but maintaining the HTTPS. The configuration in caddy for the site is:
mysite.com {
proxy / :9000 {
max_fails 1
}
log logfile
}
Nevertheless, it seems like when the proxy is made the HTTPS is lost. I checked the logs for the application (no the logs of caddy) and I get this:
http: TLS handshake error from xxx.xxx.xxx.xxx:xxxx: tls: oversized record received with length 21536
So, based in this error, to me looks like the HTTP proxy made by caddy is losing the HTTPS. What can I do?
From the caddy docs
to is the destination endpoint to proxy to. At least one is required,
but multiple may be specified. If a scheme (http/https) is not
specified, http is used. Unix sockets may also be used by prefixing
"unix:".
So maybe it is sending http requests to the proxied https endpoint.
Does
mysite.com {
proxy / https://localhost:9000 {
max_fails 1
}
log logfile
}
fix it?
If that is the case, you may not strictly need your app on :9000 to listen https. It may simplify your deployment or cert management to just have it listen http and have caddy manage all the certs.
We have service posting gzip file to server running behind apache httpd proxy.
Apache is truncating the request body to 64kb.
We are not using multipart/form-data. Is there any way we can modify the apache config to increase the request body limit.
I am using Apache 2.2.15 as reverse proxy and I would like to modify the requested address in the HTTP header.
Clients request:
https://nameA.domain.com (external DNS)
The reverse Proxy should change the request in the HTTP header to the internal host:
http://nameB.OTHERdomain.com (internal host)
I don't know how to manage this.
I added a picture:
SSL setup and everything else works.
I found it.
RequestHeader set Host "nameB.OTHERdomain.com"