Compression not happening on reverse proxy php-fpm

1. The problem I’m having:

I’ve noticed that Caddy no longer enables compression on text/html from reverse proxy/php-fpm. I am pretty sure this worked in the past, but can’t say definitely it was so.

Caddy properly compresses files served via file_server.

2. Error messages and/or full log output:

# curl -IvL --compressed "https://wiki.tnonline.net/w/Btrfs/Mount_Options"
* Host wiki.tnonline.net:443 was resolved.
* IPv6: 2001:470:28:704::100
* IPv4: 155.4.110.241
*   Trying [2001:470:28:704::100]:443...
* Connected to wiki.tnonline.net (2001:470:28:704::100) port 443
* found 146 certificates in /etc/ssl/certs/ca-certificates.crt
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* ALPN: curl offers h2,http/1.1
* SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
*   server certificate verification OK
*   server certificate status verification SKIPPED
*   common name: wiki.tnonline.net (matched)
*   server certificate expiration date OK
*   server certificate activation date OK
*   certificate public key: EC/ECDSA
*   certificate version: #3
*   subject: CN=wiki.tnonline.net
*   start date: Mon, 05 Feb 2024 02:17:54 GMT
*   expire date: Sun, 05 May 2024 02:17:53 GMT
*   issuer: C=US,O=Let's Encrypt,CN=E1
* ALPN: server accepted h2
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://wiki.tnonline.net/w/Btrfs/Mount_Options
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: wiki.tnonline.net]
* [HTTP/2] [1] [:path: /w/Btrfs/Mount_Options]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [accept-encoding: deflate, gzip, br, zstd]
> HEAD /w/Btrfs/Mount_Options HTTP/2
> Host: wiki.tnonline.net
> User-Agent: curl/8.5.0
> Accept: */*
> Accept-Encoding: deflate, gzip, br, zstd
>
< HTTP/2 200
HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
alt-svc: h3=":443"; ma=2592000
< cache-control: private, must-revalidate, max-age=0
cache-control: private, must-revalidate, max-age=0
< content-language: en-GB
content-language: en-GB
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< expires: Thu, 01 Jan 1970 00:00:00 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
< last-modified: Sat, 10 Feb 2024 21:54:54 GMT
last-modified: Sat, 10 Feb 2024 21:54:54 GMT
< server: Caddy
server: Caddy
< strict-transport-security: max-age=31968000;  preload
strict-transport-security: max-age=31968000;  preload
< vary: Accept-Encoding, Cookie
vary: Accept-Encoding, Cookie
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-frame-options: DENY
x-frame-options: DENY
< x-request-id: 9afc6cbe94d750be90f84df5
x-request-id: 9afc6cbe94d750be90f84df5
< date: Sat, 10 Feb 2024 23:10:35 GMT
date: Sat, 10 Feb 2024 23:10:35 GMT
# curl -IvL --compressed "https://wiki.tnonline.net/mediawiki/load.php?lang=en-gb&amp;modules=startup&amp;only=scripts&amp;raw=1&amp;skin=timeless"
* Host wiki.tnonline.net:443 was resolved.
* IPv6: 2001:470:28:704::100
* IPv4: 155.4.110.241
*   Trying [2001:470:28:704::100]:443...
* Connected to wiki.tnonline.net (2001:470:28:704::100) port 443
* found 146 certificates in /etc/ssl/certs/ca-certificates.crt
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* ALPN: curl offers h2,http/1.1
* SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
*   server certificate verification OK
*   server certificate status verification SKIPPED
*   common name: wiki.tnonline.net (matched)
*   server certificate expiration date OK
*   server certificate activation date OK
*   certificate public key: EC/ECDSA
*   certificate version: #3
*   subject: CN=wiki.tnonline.net
*   start date: Mon, 05 Feb 2024 02:17:54 GMT
*   expire date: Sun, 05 May 2024 02:17:53 GMT
*   issuer: C=US,O=Let's Encrypt,CN=E1
* ALPN: server accepted h2
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://wiki.tnonline.net/mediawiki/load.php?lang=en-gb&amp;modules=startup&amp;only=scripts&amp;raw=1&amp;skin=timeless
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: wiki.tnonline.net]
* [HTTP/2] [1] [:path: /mediawiki/load.php?lang=en-gb&amp;modules=startup&amp;only=scripts&amp;raw=1&amp;skin=timeless]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [accept-encoding: deflate, gzip, br, zstd]
> HEAD /mediawiki/load.php?lang=en-gb&amp;modules=startup&amp;only=scripts&amp;raw=1&amp;skin=timeless HTTP/2
> Host: wiki.tnonline.net
> User-Agent: curl/8.5.0
> Accept: */*
> Accept-Encoding: deflate, gzip, br, zstd
>
< HTTP/2 200
HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
alt-svc: h3=":443"; ma=2592000
< cache-control: public, max-age=300, s-maxage=300, stale-while-revalidate=60
cache-control: public, max-age=300, s-maxage=300, stale-while-revalidate=60
< content-type: text/javascript; charset=utf-8
content-type: text/javascript; charset=utf-8
< etag: W/""
etag: W/""
< expires: Sat, 10 Feb 2024 23:12:50 GMT
expires: Sat, 10 Feb 2024 23:12:50 GMT
< server: Caddy
server: Caddy
< sourcemap: /mediawiki/load.php?lang=en-gb&modules=&sourcemap=1&version=
sourcemap: /mediawiki/load.php?lang=en-gb&modules=&sourcemap=1&version=
< strict-transport-security: max-age=31968000;  preload
strict-transport-security: max-age=31968000;  preload
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-frame-options: DENY
x-frame-options: DENY
< x-request-id: f814586745d1c25d00fbb0e7
x-request-id: f814586745d1c25d00fbb0e7
< date: Sat, 10 Feb 2024 23:07:50 GMT
date: Sat, 10 Feb 2024 23:07:50 GMT

3. Caddy version:

v2.7.6 => /usr/src/caddy/git/caddy@(devel)

4. How I installed and ran Caddy:

Caddy is built from git sources using:

xcaddy build --with github.com/caddyserver/caddy/v2=/usr/src/caddy/git/caddy  --with github.com/ueffel/caddy-brotli --with github.com/caddyserver/transform-encoder --with github.com/caddyserver/cache-handler --with github.com/kirsch33/realip --with github.com/git001/caddyv2-upload

a. System environment:

Gentoo Linux, AMD64,

b. Command:

c. Service/unit/compose file:

d. My complete Caddy config:

## Main section
{
        # debug
        auto_https off
        log {
                output file /var/log/caddy/caddy_main.log {
                        roll_disabled
                }
                format json
        }
}
## Snippets
(main) {
        tls /etc/letsencrypt/live/{args[0]}/fullchain.pem /etc/letsencrypt/live/{args[0]}/privkey.pem {
                curves x25519 secp521r1 secp384r1 secp256r1
        }
        log {
                output file /var/log/caddy/{args[0]}_443.log {
                        roll_disabled
                }
                format json
        }
        encode zstd br gzip
}
(main80) {
        log {
                output file /var/log/caddy/{args[0]}_80.log {
                        roll_disabled
                }
                format json
        }
        encode zstd br gzip
}
## Hosts section
import vhosts/*.caddy

file vhosts/wiki.tnonline.net/caddy

wiki.tnonline.net:443 {
    import main wiki.tnonline.net
    @title {
        not file {
            try_files {path} {path}/
            split_path .php
        }
        path_regexp title ^/(.*)$
    }
    @cache {
        path /mediawiki/resources/assets/* /mediawiki/resources/assets/*/* /mediawiki/>    }
    rewrite @title /mediawiki/index.php?title={re.title.1}&{query}
    redir / /w/Main_Page
    route {
        header @cache {
            Cache-Control max-age=31536000
            Strict-Transport-Security "max-age=31968000;  preload"
            X-Frame-Options DENY
        }
        header {
            Strict-Transport-Security "max-age=31968000;  preload"
            X-Frame-Options DENY
            #X-Content-Type-Options nosniff
        }
    }

    root * /var/www/domains/wiki.tnonline.net/htdocs
    php_fastcgi unix//var/run/php-fpm/fpm-wiki.socket
    file_server {
        precompressed br zstd gzip
    }
}

5. Links to relevant resources:

I think that the issue is with curl. I didn’t realise that there is a difference with using -I.

Now I can see data is encoded.

# curl -vL --compressed "https://wiki.tnonline.net/w/Btrfs/Mount_Options" > /dev/null
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host wiki.tnonline.net:443 was resolved.
* IPv6: 2001:470:28:704::100
* IPv4: 155.4.110.241
*   Trying [2001:470:28:704::100]:443...
* Connected to wiki.tnonline.net (2001:470:28:704::100) port 443
* found 146 certificates in /etc/ssl/certs/ca-certificates.crt
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* ALPN: curl offers h2,http/1.1
* SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
*   server certificate verification OK
*   server certificate status verification SKIPPED
*   common name: wiki.tnonline.net (matched)
*   server certificate expiration date OK
*   server certificate activation date OK
*   certificate public key: EC/ECDSA
*   certificate version: #3
*   subject: CN=wiki.tnonline.net
*   start date: Mon, 05 Feb 2024 02:17:54 GMT
*   expire date: Sun, 05 May 2024 02:17:53 GMT
*   issuer: C=US,O=Let's Encrypt,CN=E1
* ALPN: server accepted h2
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://wiki.tnonline.net/w/Btrfs/Mount_Options
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: wiki.tnonline.net]
* [HTTP/2] [1] [:path: /w/Btrfs/Mount_Options]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [accept-encoding: deflate, gzip, br, zstd]
> GET /w/Btrfs/Mount_Options HTTP/2
> Host: wiki.tnonline.net
> User-Agent: curl/8.5.0
> Accept: */*
> Accept-Encoding: deflate, gzip, br, zstd
>
< HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
< cache-control: private, must-revalidate, max-age=0
< content-encoding: zstd
< content-language: en-GB
< content-type: text/html; charset=UTF-8
< expires: Thu, 01 Jan 1970 00:00:00 GMT
< last-modified: Sat, 10 Feb 2024 21:54:54 GMT
< server: Caddy
< strict-transport-security: max-age=31968000;  preload
< vary: Accept-Encoding, Cookie
< vary: Accept-Encoding
< x-content-type-options: nosniff
< x-frame-options: DENY
< x-request-id: 6487061a6a59dff0210a9e99
< date: Sat, 10 Feb 2024 23:58:33 GMT
<
{ [13452 bytes data]
100 13452    0 13452    0     0   232k      0 --:--:-- --:--:-- --:--:--  234k
* Connection #0 to host wiki.tnonline.net left intact
2 Likes

Correct; -I sends a HEAD request, which has no response body, so of course nothing to compress in that case.

2 Likes

Thanks. Sorry for the confusion on the curl command line. :upside_down_face:

1 Like