Using nginx in front of IIS 8.5.
IIS 8.5 has compression configured and working great.
But when we hit it through nginx (config below), gzip is lost (from the perspective of the web browser).
Part 1: Solution attempt #1 was to enable gzip on nginx, which brought back gzip from browser perspective, but now (we fear) has either (a) imposed double-gzip overhead (gzip in iis, unzip on nginx, re-gzip on nginx); or, (b) gzip is now on nginx, which is not ideal (because we have better control on iis, and iis can make better decisions of what is static and what is dynamic, and therefore cache better, etc.). The config for solution #1 can be seen here: nginx: gzip on server is lost during proxy
Addendum 1: Per nginx docs (https://www.nginx.com/resources/admin-guide/compression-and-decompression/): " NGINX ... does not “double compress” responses that are already compressed"
This is good, in that double-zipping will not occur.
Part 2: So what we really want is for the accept-encoding header to pass through, from browser through nginx to iis, let iis do all the zipping, and pass the gzipped responses through nginx without any gzip overhead happening on nginx. Our running config is below.
The question: How do we achieve part 2 in nginx 1.7.9?
Running reverse proxy config, which strips all gzip (e.g. it seems to strip the accept-encoding header):
http {
upstream sandbox_site {
least_conn;
# we pipe to back end on port 80 only, so that nginx handles all ssl
server 192.168.2.16:80 max_fails=1 fail_timeout=60s; # sbox3-site is .2.16
}
server {
# This is sandbox.myapp.com block **************************************
listen 192.168.2.27:80;
server_name sandbox.myapp.com;
location / {
proxy_pass http://sandbox_site;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
# This is SSL version of sandbox.myapp.com block **************************************
listen 192.168.2.27:443 ssl;
server_name sandbox.myapp.com;
ssl_certificate new-sandbox-myapp-com.cer;
ssl_certificate_key new-sandbox-myapp-com.key;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://sandbox_site;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
For sure the topic starter has already found the answer, but I'll post them for the sake of other audience.
The first solution (enabling gzip in nginx itself) will not result in duplicate compression. Nginx is smart enough to see that the upstream already did compression and not try compression twice.
The part 2 solution only missed one bit in the proxy configuration, that is:
With this bit added, everything will work as expected (nginx will deliver gzipped content from upstream)