nginx reverse proxy: How to pass through "accept-encoding" header to back end servers

nginx

Using nginx in front of IIS 8.5.

IIS 8.5 has compression configured and working great.

But when we hit it through nginx (config below), gzip is lost (from the perspective of the web browser).

Part 1: Solution attempt #1 was to enable gzip on nginx, which brought back gzip from browser perspective, but now (we fear) has either (a) imposed double-gzip overhead (gzip in iis, unzip on nginx, re-gzip on nginx); or, (b) gzip is now on nginx, which is not ideal (because we have better control on iis, and iis can make better decisions of what is static and what is dynamic, and therefore cache better, etc.). The config for solution #1 can be seen here: nginx: gzip on server is lost during proxy

Addendum 1: Per nginx docs (https://www.nginx.com/resources/admin-guide/compression-and-decompression/): " NGINX ... does not “double compress” responses that are already compressed"

This is good, in that double-zipping will not occur.

Part 2: So what we really want is for the accept-encoding header to pass through, from browser through nginx to iis, let iis do all the zipping, and pass the gzipped responses through nginx without any gzip overhead happening on nginx. Our running config is below.

The question: How do we achieve part 2 in nginx 1.7.9?

Running reverse proxy config, which strips all gzip (e.g. it seems to strip the accept-encoding header):

http {

upstream sandbox_site {
    least_conn;
    # we pipe to back end on port 80 only, so that nginx handles all ssl
    server 192.168.2.16:80 max_fails=1 fail_timeout=60s;  # sbox3-site is .2.16
}

server {
    # This is sandbox.myapp.com block **************************************
    listen 192.168.2.27:80;
    server_name sandbox.myapp.com;

    location / {
    proxy_pass http://sandbox_site;
        proxy_redirect     off;
        proxy_set_header   Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

server {
    # This is SSL version of sandbox.myapp.com block **************************************
    listen 192.168.2.27:443 ssl;
    server_name sandbox.myapp.com;

    ssl_certificate      new-sandbox-myapp-com.cer;
    ssl_certificate_key  new-sandbox-myapp-com.key;

    ssl_protocols SSLv3 TLSv1;
    ssl_ciphers HIGH:!aNULL:!MD5;

    location / {
        proxy_pass http://sandbox_site;
        proxy_redirect     off;
        proxy_set_header   Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;            
    }
}

For sure the topic starter has already found the answer, but I'll post them for the sake of other audience.

The first solution (enabling gzip in nginx itself) will not result in duplicate compression. Nginx is smart enough to see that the upstream already did compression and not try compression twice.

The part 2 solution only missed one bit in the proxy configuration, that is:

proxy_http_version 1.1;

With this bit added, everything will work as expected (nginx will deliver gzipped content from upstream)

Related

Why can my IAM user create a bucket but not upload to it?
Why do some r10k configuration files start their YAML lines with :?
how to create a SSL certificate chain from my own CA?
How to install nginx 1.9x with HTTP 2 support (1.95 or higher) on Ubuntu 15.10
AWS RDS keeps backing up my server on creation
What user should run the gunicorn process?
Running dmesg on Docker results in "dmesg: read kernel buffer failed: Permission denied"
Set up IIS as forward proxy for HTTPS requests
How to hash based on host + path in Varnish?
How does Docker work as far as being able to edit Apache config files and similar stuff?
Nginx point subdirectory to root
5 seconds for hostname -f and a strange DNS request