caddy-frontend: Enable compression by default

The `gzip` declaration uses defaults, which seems reasonable. /reviewed-on nexedi/slapos!352

caddy-frontend: Enable compression by default
The `gzip` declaration uses defaults, which seems reasonable. /reviewed-on nexedi/slapos!352
ab8705f4 · Łukasz Nowak · Łukasz Nowak · 5f71094e · ab8705f4 · ab8705f4
Commit ab8705f4 authored Jul 09, 2018 by Łukasz Nowak Committed by Łukasz Nowak Jul 11, 2018
7 changed files
--- a/software/caddy-frontend/TODO.rst
+++ b/software/caddy-frontend/TODO.rst
@@ -42,13 +42,6 @@ Generally things to be done with ``caddy-frontend``:
    BrowserMatch "^gnome-vfs" redirect-carefully
    BrowserMatch "^XML Spy" redirect-carefully
    BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
- * Implement gzip/defalte on resources::
-
-    # Deflate
-    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
-    BrowserMatch ^Mozilla/4 gzip-only-text/html
-    BrowserMatch ^Mozilla/4\.0[678] no-gzip
-    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
 * check, and if needed apply, Apache-like SSL configuration switches::

    # SSL Configuration

--- a/software/caddy-frontend/buildout.hash.cfg
+++ b/software/caddy-frontend/buildout.hash.cfg
@@ -38,7 +38,7 @@ md5sum = 8d318af17da5631d4242c0d6d1531066

 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
-md5sum = 9404959e500a868aab1a217503117047
+md5sum = 6689d96fc18d9aad78d77fe87770d4da

 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b

 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = fa7dc8481f0c3066045c1dd5a8a3191a
+md5sum = e9eccaa99077d9bc12b538d40f5421b0

 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = bfcc2bcfe9151b9d3f25c4616e2c4f4f
+md5sum = 0e7d8df879ec363f771740d017cb7512

 [template-log-access]
 filename = templates/template-log-access.conf.in
@@ -90,7 +90,7 @@ md5sum = 69d65e461cd7cd5ef5b1ccd0098b50c8

 [template-nginx-notebook-slave-virtualhost]
 filename = templates/nginx-notebook-slave.conf.in
-md5sum = b97ec5b84d5e0d3a76871c15b5bcce2e
+md5sum = 21a102ac2ee98f9a7f168fa0a1390068

 [template-apache-lazy-script-call]
 filename = templates/apache-lazy-script-call.sh.in

--- a/software/caddy-frontend/templates/Caddyfile.in
+++ b/software/caddy-frontend/templates/Caddyfile.in
@@ -8,6 +8,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
 :{{ https_port }} {
  tls {{ login_certificate }} {{ login_key }}
  bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
  status 404 /
  log / {{ access_log }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
  errors {{ error_log }} {
@@ -17,6 +19,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf

 :{{ http_port }} {
  bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
  status 404 /
  log / {{ access_log }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
  errors {{ error_log }} {
@@ -27,6 +31,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
 # Access to server-status Caddy-style
 https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
  tls {{ login_certificate }} {{ login_key }}
+  # Compress the output
+  gzip
  bind {{ local_ipv4 }}
  basicauth "{{ username }}" {{ password }} {
    "Server Status"

--- a/software/caddy-frontend/templates/cached-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/cached-virtualhost.conf.in
@@ -12,6 +12,8 @@
 # SSL-disabled backends
 {{ http_backend_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
 {%- endif %}
@@ -34,6 +36,8 @@
 # SSL-enabled backends
 {{ https_backend_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
 {%- endif %}

--- a/software/caddy-frontend/templates/default-virtualhost.conf.in
+++ b/software/caddy-frontend/templates/default-virtualhost.conf.in
@@ -20,6 +20,8 @@
 # SSL enabled hosts
 {{ https_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
 {%- endif %}
@@ -121,6 +123,8 @@
 # SSL-disabled hosts
 {{ http_host_list|join(', ') }} {
  bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
    status 501 /
 {%- endif %}

--- a/software/caddy-frontend/templates/nginx-notebook-slave.conf.in
+++ b/software/caddy-frontend/templates/nginx-notebook-slave.conf.in
@@ -7,6 +7,8 @@
 # SSL-enabled
 https://{{ slave_parameter.get('custom_domain') }}:{{ nginx_https_port }} {
  bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
  log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
  errors {{ slave_parameter.get('error_log') }}

@@ -37,6 +39,8 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ nginx_https_port }} {
 # SSL-disabled
 http://{{ slave_parameter.get('custom_domain') }}:{{ nginx_http_port }} {
  bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
  log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
  errors {{ slave_parameter.get('error_log') }}


--- a/software/caddy-frontend/test/test.py
+++ b/software/caddy-frontend/test/test.py
@@ -782,6 +782,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())

+    self.assertEqual(
+      result.headers['Content-Encoding'],
+      'gzip'
+    )
+
    self.assertEqual(
      result.headers['Set-Cookie'],
      'secured=value;secure, nonsecured=value'
@@ -797,6 +802,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
      raise ValueError('JSON decode problem in:\n%s' % (result.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())

+    self.assertEqual(
+      result_http.headers['Content-Encoding'],
+      'gzip'
+    )
+
    self.assertEqual(
      result_http.headers['Set-Cookie'],
      'secured=value;secure, nonsecured=value'
@@ -1295,6 +1305,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
        raise ValueError('JSON decode problem in:\n%s' % (result.text,))
      self.assertFalse('remote_user' in j['Incoming Headers'].keys())

+      self.assertEqual(
+        result.headers['Content-Encoding'],
+        'gzip'
+      )
+
      self.assertEqual(
        result.headers['Set-Cookie'],
        'secured=value;secure, nonsecured=value'
@@ -1310,6 +1325,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
        raise ValueError('JSON decode problem in:\n%s' % (result.text,))
      self.assertFalse('remote_user' in j['Incoming Headers'].keys())

+      self.assertEqual(
+        result_http.headers['Content-Encoding'],
+        'gzip'
+      )
+
      self.assertEqual(
        result_http.headers['Set-Cookie'],
        'secured=value;secure, nonsecured=value'
@@ -1724,7 +1744,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(
      headers,
      {'Age': '0', 'Content-type': 'text/json',
-       'Set-Cookie': 'secured=value;secure, nonsecured=value'}
+       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'}
    )

    result_direct = self.fakeHTTPResult(
@@ -1739,6 +1760,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
      raise ValueError('JSON decode problem in:\n%s' % (result_direct.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())

+    self.assertEqual(
+      result_direct.headers['Content-Encoding'],
+      'gzip'
+    )
+
    self.assertEqual(
      result_direct.headers['Set-Cookie'],
      'secured=value;secure, nonsecured=value'
@@ -1758,6 +1784,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
        result_direct_https_backend.text,))
    self.assertFalse('remote_user' in j['Incoming Headers'].keys())

+    self.assertEqual(
+      result_direct_https_backend.headers['Content-Encoding'],
+      'gzip'
+    )
+
    self.assertEqual(
      result_direct_https_backend.headers['Set-Cookie'],
      'secured=value;secure, nonsecured=value'
@@ -1806,7 +1837,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(
      headers,
      {'Age': '0', 'Content-type': 'text/json',
-       'Set-Cookie': 'secured=value;secure, nonsecured=value'}
+       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'}
    )

    try:
@@ -1856,7 +1888,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(
      headers,
      {'Age': '0', 'Content-type': 'text/json',
-       'Set-Cookie': 'secured=value;secure, nonsecured=value'}
+       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'}
    )

  def test_enable_http2_false(self):
@@ -1899,8 +1932,10 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(
      headers,
      {
+        'Vary': 'Accept-Encoding',
        'Content-Type': 'text/json',
-        'Set-Cookie': 'secured=value;secure, nonsecured=value'
+        'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Content-Encoding': 'gzip',
      }
    )

@@ -1947,8 +1982,10 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
    self.assertEqual(
      headers,
      {
+        'Vary': 'Accept-Encoding',
        'Content-type': 'text/json',
-        'Set-Cookie': 'secured=value;secure, nonsecured=value'
+        'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Content-Encoding': 'gzip',
      }
    )