using mod_deflate for all files a good idea?

[drewactual]

is it safe to use apache mod_deflate for all mime types and SMF?

running 2.0.15 on php7 and ssl....

is it truly that much faster?  I know little to nothing about server setups.... my server has it available, and i'm tempted to throw the switch- i just don't want to run into issues creating a mess and having the site down while i clean it up..

i could use a speed boost...

many thanks in advance!!!

[vbgamer45]

You should use mod_httpd2  with Apache since your SSL you will get a big boost that way since it is optimized for ssl. Also make sure you are on the latest 7.1.x
Deflate can be used on the css/js files.  Don't use it on php generated scripts.

https://imagekit.io/demo/http2-vs-http1

https://kinsta.com/learn/what-is-http2/

[drewactual]

thank you Sir!!!!

[vbgamer45]

Also a link check your SSL grade https://www.ssllabs.com/ssltest/analyze.html?d=cfb51.com

in my httpd.conf I use this to get a least an A- on their report
Inside a virtualhost for ssl this is the normal config i used it addition to the keyfile

Code Select Expand


Protocols h2 http/1.1
  SSLEngine on
  SSLProtocol All -SSLv2 -SSLv3
  SSLCompression off
 
  SSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4


SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0




The line Protocols h2 http/1.1 is for http2 support

[drewactual]

Sir, that was good info.. I'll be working on it tonight.

about php output- is zlib.output_compression safe?

[vbgamer45]

I keep on my sites

Code Select Expand


zlib.output_compression = On

; http://php.net/zlib.output-compression-level
zlib.output_compression_level = 6


[drewactual]

@vbhamer45,

I thank you for the assist here- i finally got around to getting http/2 running, and all the compression/deflate set up.. went with gzip compression and zlib handling.  i also got memcache/memcached set up and running- but i haven't spread it across the servers yet, it's resting on just the one... i hope to address that this week. 

at any rate, i learned a lot in this process, and have you to thank for pointing me in the right direction.

edited to add:  i have only scored a B on the test site you provided... it's due to some adverts fed into the site and there isn't a lot i can do about them- i don't want to lose the ability for the automated changes... if i can talk them into fixing the issue, though, i'll be an A without much more effort. 

[vbgamer45]

Glad you have it working. I felt the same it is a good learning experience.

[drewactual]

turns out zlib doesn't play nicely with a couple functions- quote being the most impactful to my site... it doesn't like alerts pro, either. 

for now i've disabled it. 

[drewactual]

Arantor set me straight on this one... i was using SMF's built in compressed output along with zlib... one or the other, basically, and i went with SMF's for simplicity.

[drewactual]

ooooohhhhhhweeeee!!!!!

wanna know what ROCKS?!?!?!?!?!

http/2 and PUSH.... I now push all the heavy css and scripts.. soon, i'll dig out the heavy images and do the same... all from httpd... coupled with caching the same calls, so returning members aren't beaten to death, my pretty heavy page loads quickly!!!!

thank you sir for 'pushing' me in this direction!!!!!

[vbgamer45]

I haven't done much with push what is your config setup for that?

Good guide for people interested as well found at: https://www.smashingmagazine.com/2017/04/guide-http2-server-push/

[drewactual]

Code Select Expand

<FilesMatch>   
    Header add Link "</xxx/xxx/css/index.css>; rel=preload; as=style"
    Header add Link "</Themes/default/css/webkit.css>; rel=preload; as=style"
    Header add Link "</Themes/default/scripts/script.js>; rel=preload; as=script"
    Header add Link "</Themes/xxx/scripts/theme.js>; rel=preload; as=script"
    Header add Link "</xxx/xxx/xxx/xxx.js>; rel=preload; as=script"
    Header add Link "</xxx/xxx/xxx/xx.js>; rel=preload; as=script"
    Header add Link "</xxx/xxx/xxx/xxx.css>; rel=preload; as=style"
    Header add Link "</xxx/xxx/xxx/xxx/xxx/xxx.css>; rel=preload; as=style"
</FilesMatch>

XXX representing the directory's and files...

I only chose the heavier items that are good to have immediately... I DO need to add a list of images, too- and set an expire of at least a year on them now that i have the images i want where and how i want... there is a way to do it that puts a delay on the push, which will be nice for pictures i KNOW a user will encounter sooner or later to get them staged. 

it's seriously that^ easy after mod_HTTP2 is up and running.

and the penalty for hosting images and other static content on the same domain won't be near as stiff once the cache and push is set- actually benefiting the page with the metrics about to be implemented by several authorities, especially where security is concerned. 

right now i'm grading a low A high B, but it's because of content i rely on to keep the lights on being pushed to the page...

edited to add:

the values can be separated by commas and save a few bytes.. example:

Code Select Expand

<FilesMatch>   
    Header add Link "</xxx/xxx/css/index.css>; rel=preload; as=style", "</Themes/default/css/webkit.css>; rel=preload; as=style", "</Themes/default/scripts/script.js>; rel=preload; as=script", "</Themes/xxx/scripts/theme.js>; rel=preload; as=script", "</xxx/xxx/xxx/xxx.js>; rel=preload; as=script", "</xxx/xxx/xxx/xx.js>; rel=preload; as=script", "</xxx/xxx/xxx/xxx.css>; rel=preload; as=style", "</xxx/xxx/xxx/xxx/xxx/xxx.css>; rel=preload; as=style"
</FilesMatch>

but my simple mind parses it better visually by using the first example...

[drewactual]

got the A... upon closer inspection having rc4 available was the issue.

[drewactual]

okay... hopefully last post here on this matter..

i've learned a lot lately. 

if we set the preload, initializing the push, it's a good notion to set the cache on them too... these settings are what i used

Code Select Expand

# One year for image files
<filesMatch ".(jpg|jpeg|png|gif|ico)$">
Header set Cache-Control "max-age=31536000, public"
</filesMatch>
# One month for css and js
<filesMatch ".(css|js)$">
Header set Cache-Control "max-age=2628000, public"
</filesMatch>
<FilesMatch "\.(htm|html|css|js)$">
AddDefaultCharset UTF-8
DefaultLanguage en-US
</FilesMatch>

and then the magic to escape the 'auto reduction' in rank... the protocols/ciphers you offered were very good, but wouldn't allow a secure transport.  these do.  in order to use them, simply update openSSL and apache2.4+, and install nghttp2...

Code Select Expand


ECDHE-ECDSA-AES128-GCM-SHA256
:ECDHE-ECDSA-AES256-GCM-SHA384
:ECDHE-ECDSA-AES128-SHA
:ECDHE-ECDSA-AES256-SHA
:ECDHE-ECDSA-AES128-SHA256
:ECDHE-ECDSA-AES256-SHA384
:ECDHE-RSA-AES128-GCM-SHA256
:ECDHE-RSA-AES256-GCM-SHA384
:ECDHE-RSA-AES128-SHA
:ECDHE-RSA-AES256-SHA
:ECDHE-RSA-AES128-SHA256
:ECDHE-RSA-AES256-SHA384
:DHE-RSA-AES128-GCM-SHA256
:DHE-RSA-AES256-GCM-SHA384
:DHE-RSA-AES128-SHA
:DHE-RSA-AES256-SHA
:DHE-RSA-AES128-SHA256
:DHE-RSA-AES256-SHA256


as of the time of this posting, every one of those offer a secure transport- which is primarily accomplished by avoiding RSA.

the single change (ciphers) bumped me above A- and a flat A, and i'm sure i can tweak it some more to get a straight across 100, but..... i still bring in those adverts and i simply can't account for them.. setting the cache to public an pushing the content took me to speeds i've never seen before- which is basically leveraging the UDP of http2/spdy in mod_http2... would kinda be crazy not to use them, huh?

thank you again, and cheers!!!