Nginx:仅针对https禁用gzip压缩

由于BREACH漏洞,我希望为TLSstream量禁用gzip压缩,但对于常规HTTPstream量则不能。

我可以将每个Nginx server部分分成两个单独的TLS和非TLS部分,并在那里configurationgzip,但是在同一个web服务器上运行的十几个站点中,我不希望每个服务器部分都这样做。

是否可以禁用所有HTTPS请求的gzip压缩,而不创build多个server部分(例如从http部分)?

尝试这个

 if ($scheme = https) { gzip off; } 

参考

不幸的是,我认为最好的答案是把你的服务器分成http和https。 我有我的networking服务器上的十几个网站,我有服务器每个域三个服务器块 – https:// www服务的stream量,其他三个只是转发( http:// www。http ://,https:// )。

一般来说,您不希望在http和https上提供相同的内容,至less在没有明确哪些内容是规范的 (即主要的)内容的情况下。

下面的configuration显然只是与这个答案有关,而不是一个完整的configuration。

 # Main Nginx config file http { gzip on; # https site, usually in a file with any other servers for this domain server { server_name www.example.com; listen 443 ssl http2; gzip off; } # http site that forwards to https server { server_name www.example.com example.com; listen 80; server_name example.com www.example.com; access_log /var/log/nginx/access.log; return 301 https://www.example.com$request_uri; } # https / non www server skipped as it's obvious } 

减less重复

如果你真的想在http和https服务于同一个网站,并希望减less像你的位置configuration的东西重复,你可以做这样的事情。 server_name并进入包含的文件,但有点不透明。

  # https site, usually in a file with any other servers for this domain server { server_name www.example.com; listen 443 ssl http2; gzip off; # include the locations, which is common to http and https include /etc/nginx/sites-enabled/example_com_location.conf; } # http site that forwards to https server { server_name www.example.com example.com; listen 80; server_name example.com www.example.com; include /etc/nginx/sites-enabled/example_com_location.conf; }