mod_pagespeed configuração para descarregamento de SSL

Question

mod_pagespeed configuração para descarregamento de SSL

#1 resposta do (0 votos)

1

Em nosso cluster de servidores web Apache, temos a configuração mod_pagespeed com memcached e sharding de domínio para o domínio sem cookies.

Nossos servidores da web ficam atrás de um balanceador de carga com sessões não aderentes e descarga de SSL. Com o descarregamento do SSL, o balanceador de carga solicita sempre os servidores da Web em http regular, mas envia os respectivos cabeçalhos X-Forwarded. Os servidores da web Apache não estão configurados para SSL / https.

Tudo funciona muito bem com mod_pagespeed para http regular, mas não para https. Acessando o site por meio de https:

CSS é marcado, combinado e assim por diante
JS NÃO é marcado e combinado
Algumas mídias (png, jpeg, gif) são marcadas, outras não
Os recursos não são direcionados para os domínios fragmentados

Anexei minhas várias configurações, note que mod_pagespeed está habilitado no vhost individual - eu tirei vhosts não relevantes da configuração abaixo.

Na configuração abaixo, alterei nosso domínio principal para example.com e nosso domínio sem cookies para nocookie.com

Apache

Version     : 2.2.15
Release     : 39.el6.centos

mod_pagespeed version:

1.9.32.14

/etc/httpd/conf.d/vhost.conf

## Virtual Hosts
#

<Directory "/hostroot/www/vhost/*/httpdocs">
    Order allow,deny
    Allow from all
    Options FollowSymLinks
    AllowOverride none
</Directory>

NameVirtualHost *:80

<VirtualHost _default_:80>
    ServerAdmin [email protected]
    DocumentRoot "/hostroot/www/vhost/default/httpdocs"
    ServerName webserver.example.com

    ErrorLog "/var/log/httpd/vhost/default/error_log"
#    CustomLog "/var/log/httpd/vhost/default/access_log" common
    CustomLog "/var/log/httpd/vhost/default/access_log" combined env=!forwarded
    CustomLog "/var/log/httpd/vhost/default/access_log" proxy env=forwarded
</VirtualHost>



<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName example.com
    ServerAlias www.example.com
    ServerAlias www1.example.com
    ServerAlias www2.example.com
    ServerAlias www3.example.com
    ServerAlias www4.example.com
    ServerAlias www5.example.com
    ServerAlias www6.example.com
    ServerAlias www7.example.com
    ServerAlias www8.example.com
    ServerAlias www9.example.com
    ServerAlias m.example.com
    ServerAlias wap.example.com
    ServerAlias mobil.example.com
    ServerAlias mob.example.com
    ServerAlias app.example.com
    ServerAlias ap.example.com

    DocumentRoot "/hostroot/www/vhost/example_com/httpdocs/public/default"
    DirectoryIndex index.php

    # This should be omitted in the production environment
    SetEnv APPLICATION_DOMAIN www.example.com
#    SetEnv APPLICATION_ENV production
#    SetEnv APPLICATION_LAYOUT default

#    SetEnvIf X-Forwarded-Proto https HTTPS=on

    ErrorLog "/var/log/httpd/vhost/example_com/error_log"
#    CustomLog "/var/log/httpd/vhost/example_com/access_log" common
    CustomLog "/var/log/httpd/vhost/example_com/access_log" combined env=!forwarded
    CustomLog "/var/log/httpd/vhost/example_com/access_log" proxy env=forwarded

    ModPagespeed on
    ModPagespeedDomain www.example.com
    ModPagespeedLoadFromFileMatch "^(http|https)://www.example.com/(img|lib|css|swg)/" "/hostroot/www/vhost/example_com/httpdocs/public/default/\2/"
    ModPagespeedShardDomain nocookie.com s1.nocookie.com,s2.nocookie.com,s3.nocookie.com
    ModPagespeedMapRewriteDomain nocookie.com www.example.com
    ModPagespeedRespectXForwardedProto on
#    ModPagespeedEnableFilters insert_image_dimensions
    ModPagespeedDisableFilters convert_png_to_jpeg,inline_images,convert_jpeg_to_webp
    Header unset ETag
    FileETag None

    # Enable expirations
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 year"

    <Directory "/hostroot/www/vhost/example_com/httpdocs/public/default">
        RewriteEngine On

        # Redirect to www.example.com if no-sub or sub is not www, stop further rewrites
        RewriteCond %{HTTP_HOST} !^www([0-9]*)\.example\.com [NC]
        RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]

        # If actual resource serve it and stop further rewrites
        RewriteCond %{REQUEST_FILENAME} -s [OR]
        RewriteCond %{REQUEST_FILENAME} -l [OR]
        RewriteCond %{REQUEST_FILENAME} -d [OR]
        RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|swf|php|ico|txt|pdf|xml|woff|ttf|eot|svg)$
        RewriteRule ^.*$ - [NC,L]

        # Remove trailing slash, set permanent redirect and stop further rewrites
        # Condition is only needed, if directories is not handled by previous rewrites
        #RewriteCond %{REQUEST_FILENAME} !-d
#        RewriteRule ^(.*)/$ /$1 [R=301,L]

        # Bootstrap to index.php
        RewriteRule ^.*$ index.php [NC,L]
    </Directory>
    <IfModule mod_alias.c>
        Alias /apple-touch-icon-57x57.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-57x57.png
        Alias /apple-touch-icon-60x60.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-60x60.png
        Alias /apple-touch-icon-72x72.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-72x72.png
        Alias /apple-touch-icon-76x76.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-76x76.png
        Alias /apple-touch-icon-114x114.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-114x114.png
        Alias /apple-touch-icon-120x120.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-120x120.png
        Alias /apple-touch-icon-144x144.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-144x144.png
        Alias /apple-touch-icon-152x152.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-152x152.png
        Alias /apple-touch-icon-180x180.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-180x180.png
        Alias /apple-touch-icon-precomposed.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-precomposed.png
        Alias /apple-touch-icon.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon.png
        Alias /browserconfig.xml /hostroot/www/vhost/example_com/favicons/browserconfig.xml
        Alias /crossdomain.xml /hostroot/www/vhost/example_com/favicons/crossdomain.xml
        Alias /favicon-16x16.png /hostroot/www/vhost/example_com/favicons/favicon-16x16.png
        Alias /favicon-32x32.png /hostroot/www/vhost/example_com/favicons/favicon-32x32.png
        Alias /favicon-96x96.png /hostroot/www/vhost/example_com/favicons/favicon-96x96.png
        Alias /favicon-160x160.png /hostroot/www/vhost/example_com/favicons/favicon-160x160.png
        Alias /favicon-192x192.png /hostroot/www/vhost/example_com/favicons/favicon-192x192.png
        Alias /favicon.ico /hostroot/www/vhost/example_com/favicons/favicon.ico
        Alias /mstile-70x70.png /hostroot/www/vhost/example_com/favicons/mstile-70x70.png
        Alias /mstile-144x144.png /hostroot/www/vhost/example_com/favicons/mstile-144x144.png
        Alias /mstile-150x150.png /hostroot/www/vhost/example_com/favicons/mstile-150x150.png
        Alias /mstile-310x150.png /hostroot/www/vhost/example_com/favicons/mstile-310x150.png
        Alias /mstile-310x310.png /hostroot/www/vhost/example_com/favicons/mstile-310x310.png
    </IfModule>
</VirtualHost>

<VirtualHost *:80>
    ServerAdmin [email protected]
    ServerName nocookie.com
    ServerAlias *.nocookie.com

    DocumentRoot "/hostroot/www/vhost/example_com/httpdocs/public/default"
    DirectoryIndex nocookie-index.htm

    ErrorLog "/var/log/httpd/vhost/nocookie_com/error_log"
#    CustomLog "/var/log/httpd/vhost/nocookie_com/access_log" common
    CustomLog "/var/log/httpd/vhost/nocookie_com/access_log" combined env=!forwarded
    CustomLog "/var/log/httpd/vhost/nocookie_com/access_log" proxy env=forwarded

    ModPagespeed on
    ModPagespeedDomain nocookie.com
    ModPagespeedLoadFromFileMatch "^(http|https)://s[0-9]+.nocookie.com/(img|lib|css|swg)/" "/hostroot/www/vhost/example_com/httpdocs/public/default/\2/"
    ModPagespeedRespectXForwardedProto on
#    ModPagespeedEnableFilters insert_image_dimensions
    ModPagespeedDisableFilters convert_png_to_jpeg,inline_images
    Header unset ETag
    FileETag None

    # Enable expirations
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
    ExpiresByType image/x-icon "access plus 1 year"
    ExpiresByType image/gif "access plus 1 month"
    ExpiresByType image/png "access plus 1 month"
    ExpiresByType image/jpg "access plus 1 month"
    ExpiresByType image/jpeg "access plus 1 month"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 year"

    # Disable PHP
    php_admin_flag engine off

    # CORS setting
    <FilesMatch "\.(ttf|otf|eot|woff)$">
        SetEnvIf Origin "^http(s)?://(.+\.)?(example|nocookie)\.com(:\d+)?$" AccessControlAllowOrigin=$0
        Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
    </FilesMatch>

    <Directory "/hostroot/www/vhost/example_com/httpdocs/public/default">
        RewriteEngine On

        # If actual resource serve it and stop further rewrites
        RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|swf|php|ico|txt|pdf|xml|woff|ttf|eot|svg)$
        RewriteRule ^.*$ - [NC,L]

        # Bootstrap to index.php
        RewriteRule ^.*$ http://www.example.com/ [NC,L]
    </Directory>
    <IfModule mod_alias.c>
        Alias /apple-touch-icon-57x57.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-57x57.png
        Alias /apple-touch-icon-60x60.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-60x60.png
        Alias /apple-touch-icon-72x72.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-72x72.png
        Alias /apple-touch-icon-76x76.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-76x76.png
        Alias /apple-touch-icon-114x114.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-114x114.png
        Alias /apple-touch-icon-120x120.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-120x120.png
        Alias /apple-touch-icon-144x144.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-144x144.png
        Alias /apple-touch-icon-152x152.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-152x152.png
        Alias /apple-touch-icon-180x180.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-180x180.png
        Alias /apple-touch-icon-precomposed.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-precomposed.png
        Alias /apple-touch-icon.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon.png
        Alias /browserconfig.xml /hostroot/www/vhost/example_com/favicons/browserconfig.xml
        Alias /crossdomain.xml /hostroot/www/vhost/example_com/favicons/crossdomain.xml
        Alias /favicon-16x16.png /hostroot/www/vhost/example_com/favicons/favicon-16x16.png
        Alias /favicon-32x32.png /hostroot/www/vhost/example_com/favicons/favicon-32x32.png
        Alias /favicon-96x96.png /hostroot/www/vhost/example_com/favicons/favicon-96x96.png
        Alias /favicon-160x160.png /hostroot/www/vhost/example_com/favicons/favicon-160x160.png
        Alias /favicon-192x192.png /hostroot/www/vhost/example_com/favicons/favicon-192x192.png
        Alias /favicon.ico /hostroot/www/vhost/example_com/favicons/favicon.ico
        Alias /mstile-70x70.png /hostroot/www/vhost/example_com/favicons/mstile-70x70.png
        Alias /mstile-144x144.png /hostroot/www/vhost/example_com/favicons/mstile-144x144.png
        Alias /mstile-150x150.png /hostroot/www/vhost/example_com/favicons/mstile-150x150.png
        Alias /mstile-310x150.png /hostroot/www/vhost/example_com/favicons/mstile-310x150.png
        Alias /mstile-310x310.png /hostroot/www/vhost/example_com/favicons/mstile-310x310.png
    </IfModule>
</VirtualHost>

/etc/httpd/conf.d/pagespeed.conf

<IfModule !mod_version.c>
  LoadModule version_module /usr/lib64/httpd/modules/mod_version.so
</IfModule>

<IfVersion < 2.4>
  LoadModule pagespeed_module /usr/lib64/httpd/modules/mod_pagespeed.so
</IfVersion>
<IfVersion >= 2.4.2>
  LoadModule pagespeed_module /usr/lib64/httpd/modules/mod_pagespeed_ap24.so
</IfVersion>
<IfModule !mod_deflate.c>
 LoadModule deflate_module /usr/lib64/httpd/modules/mod_deflate.so
</IfModule>
<IfModule pagespeed_module>
    ModPagespeed off
    ModPagespeedInheritVHostConfig on
    AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html
    ModPagespeedFileCachePath "/var/cache/mod_pagespeed/"
    ModPagespeedLogDir "/var/log/pagespeed"
    # ModPagespeedSslCertDirectory "/etc/pki/tls/certs"
    # ModPagespeedSslCertFile /etc/pki/tls/cert.pem
    ModPagespeedMemcachedServers "10.220.30.70:11211,10.220.30.71:11211"
    ModPagespeedCreateSharedMemoryMetadataCache "/var/cache/mod_pagespeed/" 51200
    # ModPagespeedRewriteLevel PassThrough
    # ModPagespeedDisableFilters rewrite_images
    # ModPagespeedEnableFilters rewrite_javascript,rewrite_css
    # ModPagespeedEnableFilters collapse_whitespace,elide_attributes
    # ModPagespeedForbidFilters rewrite_images
    # ModPagespeedRewriteDeadlinePerFlushMs 10

    ModPagespeedXHeaderValue "enabled"
    ModPagespeedImplicitCacheTtlMs 2592000000

    # ModPagespeedDomain
    # ModPagespeedDownstreamCachePurgeLocationPrefix
    # ModPagespeedDownstreamCachePurgeMethod PURGE
    # ModPagespeedDownstreamCacheRewrittenPercentageThreshold 95
    # ModPagespeedDownstreamCacheRebeaconingKey
    # ModPagespeedFileCacheSizeKb          102400
    # ModPagespeedFileCacheCleanIntervalMs 3600000
    # ModPagespeedLRUCacheKbPerProcess     1024
    # ModPagespeedLRUCacheByteLimit        16384
    # ModPagespeedCssFlattenMaxBytes       102400
    # ModPagespeedCssInlineMaxBytes        2048
    # ModPagespeedCssImageInlineMaxBytes   0
    # ModPagespeedImageInlineMaxBytes      3072
    # ModPagespeedJsInlineMaxBytes         2048
    # ModPagespeedCssOutlineMinBytes       3000
    # ModPagespeedJsOutlineMinBytes        3000
    # ModPagespeedMaxCombinedCssBytes      -1
    # ModPagespeedMaxCombinedJsBytes       92160
    ModPagespeedFileCacheInodeLimit        500000
    # ModPagespeedImageMaxRewritesAtOnce      8
    # ModPagespeedNumRewriteThreads 4
    # ModPagespeedNumExpensiveRewriteThreads 4
    # ModPagespeedRewriteRandomDropPercentage 90
    # ModPagespeedJsPreserveURLs on
    # ModPagespeedImagePreserveURLs on
    # ModPagespeedCssPreserveURLs on
    # ModPagespeedFilters in_place_optimize_for_browser
    # ModPagespeedPrivateNotVaryForIE on
    # ModPagespeedImageRecompressionQuality 85
    # ModPagespeedJpegRecompressionQuality -1
    # ModPagespeedJpegRecompressionQualityForSmallScreens 70
    # ModPagespeedWebpRecompressionQuality 80
    # ModPagespeedWebpRecompressionQualityForSmallScreens 70
    # ModPagespeedWebpTimeoutMs 5000
    # ModPagespeedImageLimitOptimizedPercent 100
    # ModPagespeedImageLimitResizeAreaPercent 100
    # ModPagespeedMaxInlinedPreviewImagesIndex -1
    # ModPagespeedMinImageSizeLowResolutionBytes 3072
    # ModPagespeedMaxSegmentLength 250
    # ModPagespeedCombineAcrossPaths off
    # ModPagespeedAvoidRenamingIntrospectiveJavascript off
    # ModPagespeedEnableFilters canonicalize_javascript_libraries
    # ModPagespeedLibrary 43 1o978_K0_LNE5_ystNklf http://www.modpagespeed.com/rewrite_javascript.js
    # ModPagespeedLoadFromFile "http://example.com/static/" "/hostroot/www/static/"
    # ModPagespeedEnableFilters add_instrumentation
    # ModPagespeedReportUnloadTime on
    # ModPagespeedRespectVary on
    # ModPagespeedStatistics off
    <Location /pagespeed_admin>
        Order deny,allow
        Deny from all
        SetEnvIF X-Forwarded-For "10.10.200.2" AllowIP
        Allow from env=AllowIP
        Allow from 192.168.1.0/24
        SetHandler pagespeed_admin
    </Location>
    <Location /pagespeed_global_admin>
        Order deny,allow
        Deny from all
        SetEnvIF X-Forwarded-For "10.10.200.2" AllowIP
        Allow from env=AllowIP
        Allow from 192.168.1.0/24
        SetHandler pagespeed_global_admin
    </Location>
    ModPagespeedStatisticsLogging on
    ModPagespeedMessageBufferSize 100000
</IfModule>

load-balancing apache-2.2 mod-pagespeed

por Phliplip 07.08.2017 / 09:47

1 resposta

Tags load-balancing apache-2.2 mod-pagespeed

Cisco ASA-5508 FP - Relatório de uso da Internet Fedora 26: Docker, NetworkManager, ordem de inicialização do dnsmasq

score 0 · Answer 1

Ok, por tentativa e erro, consegui resolver isso.

Se tiver alterado meu ModPagespeedLoadFromFileMatch , isso cuidará do JS não marcado / combinado e também do arquivo de mídia que não corresponde, por exemplo. da raiz do domínio.

ModPagespeedLoadFromFileMatch "^(http|https)://www\.example\.com(.*)(gif|jpe?g|png|js|css|swf|ico|txt|pdf|xml|woff|ttf|eot|svg)$" "/hostroot/www/vhost/example_com/httpdocs/public/default\2\3"

...

Eu forcei o sharding de domínio para https com a seguinte regra atualizada, no vhost principal:

ModPagespeedShardDomain nocookie.com https://s1.nocookie.com,https://s2.nocookie.com,https://s3.nocookie.com

...

Eu adicionei (uncommented) seguindo a regra, em ambos os vhosts:

SetEnvIf X-Forwarded-Proto https HTTPS=on

Eu removi a seguinte regra em ambos os vhosts:

ModPagespeedRespectXForwardedProto on