caddy-frontend: Enable compression by default

The `gzip` declaration uses defaults, which seems reasonable.

/reviewed-on nexedi/slapos!352

software/caddy-frontend/TODO.rst

@@ -42,13 +42,6 @@ Generally things to be done with ``caddy-frontend``:
     BrowserMatch "^gnome-vfs" redirect-carefully
     BrowserMatch "^XML Spy" redirect-carefully
     BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully
- * Implement gzip/defalte on resources::
-
-    # Deflate
-    AddOutputFilterByType DEFLATE text/html text/plain text/xml text/css text/javascript application/x-javascript application/javascript
-    BrowserMatch ^Mozilla/4 gzip-only-text/html
-    BrowserMatch ^Mozilla/4\.0[678] no-gzip
-    BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
  * check, and if needed apply, Apache-like SSL configuration switches::
 
     # SSL Configuration

software/caddy-frontend/buildout.hash.cfg

@@ -38,7 +38,7 @@ md5sum = 8d318af17da5631d4242c0d6d1531066
 
 [template-caddy-frontend-configuration]
 filename = templates/Caddyfile.in
-md5sum = 9404959e500a868aab1a217503117047
+md5sum = 6689d96fc18d9aad78d77fe87770d4da
 
 [template-custom-slave-list]
 filename = templates/apache-custom-slave-list.cfg.in
@@ -50,11 +50,11 @@ md5sum = f20d6c3d2d94fb685f8d26dfca1e822b
 
 [template-default-slave-virtualhost]
 filename = templates/default-virtualhost.conf.in
-md5sum = fa7dc8481f0c3066045c1dd5a8a3191a
+md5sum = e9eccaa99077d9bc12b538d40f5421b0
 
 [template-cached-slave-virtualhost]
 filename = templates/cached-virtualhost.conf.in
-md5sum = bfcc2bcfe9151b9d3f25c4616e2c4f4f
+md5sum = 0e7d8df879ec363f771740d017cb7512
 
 [template-log-access]
 filename = templates/template-log-access.conf.in
@@ -90,7 +90,7 @@ md5sum = 69d65e461cd7cd5ef5b1ccd0098b50c8
 
 [template-nginx-notebook-slave-virtualhost]
 filename = templates/nginx-notebook-slave.conf.in
-md5sum = b97ec5b84d5e0d3a76871c15b5bcce2e
+md5sum = 21a102ac2ee98f9a7f168fa0a1390068
 
 [template-apache-lazy-script-call]
 filename = templates/apache-lazy-script-call.sh.in

software/caddy-frontend/templates/Caddyfile.in

@@ -8,6 +8,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
 :{{ https_port }} {
   tls {{ login_certificate }} {{ login_key }}
   bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
   status 404 /
   log / {{ access_log }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ error_log }} {
@@ -17,6 +19,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
 
 :{{ http_port }} {
   bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
   status 404 /
   log / {{ access_log }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ error_log }} {
@@ -27,6 +31,8 @@ import {{ slave_with_cache_configuration_directory }}/*.conf
 # Access to server-status Caddy-style
 https://[{{ global_ipv6 }}]:{{ https_port }}/server-status, https://{{ local_ipv4 }}:{{ https_port }}/server-status {
   tls {{ login_certificate }} {{ login_key }}
+  # Compress the output
+  gzip
   bind {{ local_ipv4 }}
   basicauth "{{ username }}" {{ password }} {
     "Server Status"

software/caddy-frontend/templates/cached-virtualhost.conf.in

@@ -12,6 +12,8 @@
 # SSL-disabled backends
 {{ http_backend_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}
@@ -34,6 +36,8 @@
 # SSL-enabled backends
 {{ https_backend_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}

software/caddy-frontend/templates/default-virtualhost.conf.in

@@ -20,6 +20,8 @@
 # SSL enabled hosts
 {{ https_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}
@@ -121,6 +123,8 @@
 # SSL-disabled hosts
 {{ http_host_list|join(', ') }} {
   bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
 {%- if ssl_proxy_verify and 'ssl_proxy_ca_crt' in slave_parameter %}
     status 501 /
 {%- endif %}

software/caddy-frontend/templates/nginx-notebook-slave.conf.in

@@ -7,6 +7,8 @@
 # SSL-enabled
 https://{{ slave_parameter.get('custom_domain') }}:{{ nginx_https_port }} {
   bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
   log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ slave_parameter.get('error_log') }}
 
@@ -37,6 +39,8 @@ https://{{ slave_parameter.get('custom_domain') }}:{{ nginx_https_port }} {
 # SSL-disabled
 http://{{ slave_parameter.get('custom_domain') }}:{{ nginx_http_port }} {
   bind {{ local_ipv4 }}
+  # Compress the output
+  gzip
   log / {{ slave_parameter.get('access_log') }} "{remote} {>REMOTE_USER} [{when}] \"{method} {uri} {proto}\" {status} {size} \"{>Referer}\" \"{>User-Agent}\" {latency_ms}"
   errors {{ slave_parameter.get('error_log') }}
 

software/caddy-frontend/test/test.py

@@ -782,6 +782,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
     self.assertFalse('remote_user' in j['Incoming Headers'].keys())
 
+    self.assertEqual(
+      result.headers['Content-Encoding'],
+      'gzip'
+    )
+
     self.assertEqual(
       result.headers['Set-Cookie'],
       'secured=value;secure, nonsecured=value'
@@ -797,6 +802,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
       raise ValueError('JSON decode problem in:\n%s' % (result.text,))
     self.assertFalse('remote_user' in j['Incoming Headers'].keys())
 
+    self.assertEqual(
+      result_http.headers['Content-Encoding'],
+      'gzip'
+    )
+
     self.assertEqual(
       result_http.headers['Set-Cookie'],
       'secured=value;secure, nonsecured=value'
@@ -1295,6 +1305,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
         raise ValueError('JSON decode problem in:\n%s' % (result.text,))
       self.assertFalse('remote_user' in j['Incoming Headers'].keys())
 
+      self.assertEqual(
+        result.headers['Content-Encoding'],
+        'gzip'
+      )
+
       self.assertEqual(
         result.headers['Set-Cookie'],
         'secured=value;secure, nonsecured=value'
@@ -1310,6 +1325,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
         raise ValueError('JSON decode problem in:\n%s' % (result.text,))
       self.assertFalse('remote_user' in j['Incoming Headers'].keys())
 
+      self.assertEqual(
+        result_http.headers['Content-Encoding'],
+        'gzip'
+      )
+
       self.assertEqual(
         result_http.headers['Set-Cookie'],
         'secured=value;secure, nonsecured=value'
@@ -1724,7 +1744,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
     self.assertEqual(
       headers,
       {'Age': '0', 'Content-type': 'text/json',
-       'Set-Cookie': 'secured=value;secure, nonsecured=value'}
+       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'}
     )
 
     result_direct = self.fakeHTTPResult(
@@ -1739,6 +1760,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
       raise ValueError('JSON decode problem in:\n%s' % (result_direct.text,))
     self.assertFalse('remote_user' in j['Incoming Headers'].keys())
 
+    self.assertEqual(
+      result_direct.headers['Content-Encoding'],
+      'gzip'
+    )
+
     self.assertEqual(
       result_direct.headers['Set-Cookie'],
       'secured=value;secure, nonsecured=value'
@@ -1758,6 +1784,11 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
         result_direct_https_backend.text,))
     self.assertFalse('remote_user' in j['Incoming Headers'].keys())
 
+    self.assertEqual(
+      result_direct_https_backend.headers['Content-Encoding'],
+      'gzip'
+    )
+
     self.assertEqual(
       result_direct_https_backend.headers['Set-Cookie'],
       'secured=value;secure, nonsecured=value'
@@ -1806,7 +1837,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
     self.assertEqual(
       headers,
       {'Age': '0', 'Content-type': 'text/json',
-       'Set-Cookie': 'secured=value;secure, nonsecured=value'}
+       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'}
     )
 
     try:
@@ -1856,7 +1888,8 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
     self.assertEqual(
       headers,
       {'Age': '0', 'Content-type': 'text/json',
-       'Set-Cookie': 'secured=value;secure, nonsecured=value'}
+       'Set-Cookie': 'secured=value;secure, nonsecured=value',
+       'Content-Encoding': 'gzip', 'Vary': 'Accept-Encoding'}
     )
 
   def test_enable_http2_false(self):
@@ -1899,8 +1932,10 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
     self.assertEqual(
       headers,
       {
+        'Vary': 'Accept-Encoding',
         'Content-Type': 'text/json',
-        'Set-Cookie': 'secured=value;secure, nonsecured=value'
+        'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Content-Encoding': 'gzip',
       }
     )
 
@@ -1947,8 +1982,10 @@ class TestSlave(SlaveHttpFrontendTestCase, TestDataMixin):
     self.assertEqual(
       headers,
       {
+        'Vary': 'Accept-Encoding',
         'Content-type': 'text/json',
-        'Set-Cookie': 'secured=value;secure, nonsecured=value'
+        'Set-Cookie': 'secured=value;secure, nonsecured=value',
+        'Content-Encoding': 'gzip',
       }
     )