1. The problem I’m having:
I’ve noticed that Caddy no longer enables compression on text/html from reverse proxy/php-fpm. I am pretty sure this worked in the past, but can’t say definitely it was so.
Caddy properly compresses files served via file_server.
2. Error messages and/or full log output:
# curl -IvL --compressed "https://wiki.tnonline.net/w/Btrfs/Mount_Options"
* Host wiki.tnonline.net:443 was resolved.
* IPv6: 2001:470:28:704::100
* IPv4: 155.4.110.241
* Trying [2001:470:28:704::100]:443...
* Connected to wiki.tnonline.net (2001:470:28:704::100) port 443
* found 146 certificates in /etc/ssl/certs/ca-certificates.crt
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* ALPN: curl offers h2,http/1.1
* SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: wiki.tnonline.net (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: EC/ECDSA
* certificate version: #3
* subject: CN=wiki.tnonline.net
* start date: Mon, 05 Feb 2024 02:17:54 GMT
* expire date: Sun, 05 May 2024 02:17:53 GMT
* issuer: C=US,O=Let's Encrypt,CN=E1
* ALPN: server accepted h2
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://wiki.tnonline.net/w/Btrfs/Mount_Options
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: wiki.tnonline.net]
* [HTTP/2] [1] [:path: /w/Btrfs/Mount_Options]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [accept-encoding: deflate, gzip, br, zstd]
> HEAD /w/Btrfs/Mount_Options HTTP/2
> Host: wiki.tnonline.net
> User-Agent: curl/8.5.0
> Accept: */*
> Accept-Encoding: deflate, gzip, br, zstd
>
< HTTP/2 200
HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
alt-svc: h3=":443"; ma=2592000
< cache-control: private, must-revalidate, max-age=0
cache-control: private, must-revalidate, max-age=0
< content-language: en-GB
content-language: en-GB
< content-type: text/html; charset=UTF-8
content-type: text/html; charset=UTF-8
< expires: Thu, 01 Jan 1970 00:00:00 GMT
expires: Thu, 01 Jan 1970 00:00:00 GMT
< last-modified: Sat, 10 Feb 2024 21:54:54 GMT
last-modified: Sat, 10 Feb 2024 21:54:54 GMT
< server: Caddy
server: Caddy
< strict-transport-security: max-age=31968000; preload
strict-transport-security: max-age=31968000; preload
< vary: Accept-Encoding, Cookie
vary: Accept-Encoding, Cookie
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-frame-options: DENY
x-frame-options: DENY
< x-request-id: 9afc6cbe94d750be90f84df5
x-request-id: 9afc6cbe94d750be90f84df5
< date: Sat, 10 Feb 2024 23:10:35 GMT
date: Sat, 10 Feb 2024 23:10:35 GMT
# curl -IvL --compressed "https://wiki.tnonline.net/mediawiki/load.php?lang=en-gb&modules=startup&only=scripts&raw=1&skin=timeless"
* Host wiki.tnonline.net:443 was resolved.
* IPv6: 2001:470:28:704::100
* IPv4: 155.4.110.241
* Trying [2001:470:28:704::100]:443...
* Connected to wiki.tnonline.net (2001:470:28:704::100) port 443
* found 146 certificates in /etc/ssl/certs/ca-certificates.crt
* GnuTLS ciphers: NORMAL:-ARCFOUR-128:-CTYPE-ALL:+CTYPE-X509:-VERS-SSL3.0
* ALPN: curl offers h2,http/1.1
* SSL connection using TLS1.3 / ECDHE_RSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: wiki.tnonline.net (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: EC/ECDSA
* certificate version: #3
* subject: CN=wiki.tnonline.net
* start date: Mon, 05 Feb 2024 02:17:54 GMT
* expire date: Sun, 05 May 2024 02:17:53 GMT
* issuer: C=US,O=Let's Encrypt,CN=E1
* ALPN: server accepted h2
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://wiki.tnonline.net/mediawiki/load.php?lang=en-gb&modules=startup&only=scripts&raw=1&skin=timeless
* [HTTP/2] [1] [:method: HEAD]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: wiki.tnonline.net]
* [HTTP/2] [1] [:path: /mediawiki/load.php?lang=en-gb&modules=startup&only=scripts&raw=1&skin=timeless]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [accept-encoding: deflate, gzip, br, zstd]
> HEAD /mediawiki/load.php?lang=en-gb&modules=startup&only=scripts&raw=1&skin=timeless HTTP/2
> Host: wiki.tnonline.net
> User-Agent: curl/8.5.0
> Accept: */*
> Accept-Encoding: deflate, gzip, br, zstd
>
< HTTP/2 200
HTTP/2 200
< alt-svc: h3=":443"; ma=2592000
alt-svc: h3=":443"; ma=2592000
< cache-control: public, max-age=300, s-maxage=300, stale-while-revalidate=60
cache-control: public, max-age=300, s-maxage=300, stale-while-revalidate=60
< content-type: text/javascript; charset=utf-8
content-type: text/javascript; charset=utf-8
< etag: W/""
etag: W/""
< expires: Sat, 10 Feb 2024 23:12:50 GMT
expires: Sat, 10 Feb 2024 23:12:50 GMT
< server: Caddy
server: Caddy
< sourcemap: /mediawiki/load.php?lang=en-gb&modules=&sourcemap=1&version=
sourcemap: /mediawiki/load.php?lang=en-gb&modules=&sourcemap=1&version=
< strict-transport-security: max-age=31968000; preload
strict-transport-security: max-age=31968000; preload
< x-content-type-options: nosniff
x-content-type-options: nosniff
< x-frame-options: DENY
x-frame-options: DENY
< x-request-id: f814586745d1c25d00fbb0e7
x-request-id: f814586745d1c25d00fbb0e7
< date: Sat, 10 Feb 2024 23:07:50 GMT
date: Sat, 10 Feb 2024 23:07:50 GMT
3. Caddy version:
v2.7.6 => /usr/src/caddy/git/caddy@(devel)
4. How I installed and ran Caddy:
Caddy is built from git sources using:
xcaddy build --with github.com/caddyserver/caddy/v2=/usr/src/caddy/git/caddy --with github.com/ueffel/caddy-brotli --with github.com/caddyserver/transform-encoder --with github.com/caddyserver/cache-handler --with github.com/kirsch33/realip --with github.com/git001/caddyv2-upload
a. System environment:
Gentoo Linux, AMD64,
b. Command:
c. Service/unit/compose file:
d. My complete Caddy config:
## Main section
{
# debug
auto_https off
log {
output file /var/log/caddy/caddy_main.log {
roll_disabled
}
format json
}
}
## Snippets
(main) {
tls /etc/letsencrypt/live/{args[0]}/fullchain.pem /etc/letsencrypt/live/{args[0]}/privkey.pem {
curves x25519 secp521r1 secp384r1 secp256r1
}
log {
output file /var/log/caddy/{args[0]}_443.log {
roll_disabled
}
format json
}
encode zstd br gzip
}
(main80) {
log {
output file /var/log/caddy/{args[0]}_80.log {
roll_disabled
}
format json
}
encode zstd br gzip
}
## Hosts section
import vhosts/*.caddy
file vhosts/wiki.tnonline.net/caddy
wiki.tnonline.net:443 {
import main wiki.tnonline.net
@title {
not file {
try_files {path} {path}/
split_path .php
}
path_regexp title ^/(.*)$
}
@cache {
path /mediawiki/resources/assets/* /mediawiki/resources/assets/*/* /mediawiki/> }
rewrite @title /mediawiki/index.php?title={re.title.1}&{query}
redir / /w/Main_Page
route {
header @cache {
Cache-Control max-age=31536000
Strict-Transport-Security "max-age=31968000; preload"
X-Frame-Options DENY
}
header {
Strict-Transport-Security "max-age=31968000; preload"
X-Frame-Options DENY
#X-Content-Type-Options nosniff
}
}
root * /var/www/domains/wiki.tnonline.net/htdocs
php_fastcgi unix//var/run/php-fpm/fpm-wiki.socket
file_server {
precompressed br zstd gzip
}
}
