You are here
digg_de - Fri, 2018/06/29 - 13:00
Hi,
I use the turnkey lamp and have problems to enable compression by mode_deflate on a apache2 server. I don't have any idea why it is not working:
Modules are enabled:
# apache2ctl -M Loaded Modules: ... deflate_module (shared) expires_module (shared) filter_module (shared) mime_module (shared) ...
000-default.conf:
...
<Directory /var/www/>
Options -Indexes +FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
...
.htaccess
# Deflate Compression by MimeType
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/javascript
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/x-font-woff
</IfModule>
# Deflate Compression by FileType
<IfModule mod_deflate.c>
<FilesMatch "\.(js|jpg|jpeg|gif|png|svg|css|eot|ttf|woff)$">
ExpiresActive on
ExpiresDefault "access plus 1 month"
SetOutputFilter DEFLATE
</FilesMatch>
</IfModule>
# turns cache on for 1 month
<IfModule mod_expires.c>
ExpiresActive On
ExpiresByType text/css "access plus 1 month"
ExpiresByType text/javascript "access plus 1 month"
ExpiresByType application/javascript "access plus 1 month"
ExpiresByType application/x-font-woff "access plus 1 year"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/svg+xml "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 month"
</IfModule>
<IfModule mod_headers.c>
<filesmatch "\\.(ico|jpe?g|png|gif|svg|swf|eot|ttf|woff)$">
Header set Cache-Control "max-age=2592000, public"
</filesmatch>
<filesmatch "\\.(css)$">
Header set Cache-Control "max-age=604800, public"
</filesmatch>
<filesmatch "\\.(js)$">
Header set Cache-Control "max-age=604800, public"
</filesmatch>
</IfModule>
PageSpeed Insights says: compression not active for svg-, css-, js- and html-files? Can someone help? Thanks!
Forum:
Tags:
I'm no expert on this, just stabbing in the dark...
IIRC compression over SSL is a security concern (I forget the name, BREACH vulnerability perhaps?) so we disabled it by default. If you're using SSL, then perhaps that's it?
Otherwise, TBH, I'm not sure.
Perhaps you could just have a grep through the Apache conf files and see if anything comes up? E.g.:
'-i' is case-insensitive, '-r' is recursive.
Yes, I'm using SSL
I changed the line in the /etc/apache2/mods-available/ssl.conf:
After restarting apache PageSpeed Insight says the same: compression not active. But if this is a security problem I will search for more info.
Thanks al lot!!!!
No problem
If you find anything of value, please share. If you keep in mind that TurnKey is Debian under the hood, hopefully you should be able to find plenty of info.
AFAIK compression via plain HTTP is not an issue, just via HTTPS. I assume that at some point in the future it will be resolved, but AFAIK compression via HTTPS still stands as a security risk.
We implemented that some time ago now, so perhaps Debian have pushed some update that locks it down further (beyond the change we made)?
We try to pre-configure all our servers following "best practice", but that's not always as straight forward as it seems. Sometimes, even what constitutes "best practice" is contentious. And with most things security, there is often a trade-off when you tighten the screws.
If you have any feedback regarding something that we're being a bit over vigilant about, please let us know and we'll at least revisit it.
Add new comment