В нашем кластере веб-серверов Apache у нас есть настройка mod_pagespeed с memcached и сегментирование домена на домен без файлов cookie.
Наши веб-серверы находятся за балансировщиком нагрузки с нелипкими сессиями и разгрузкой SSL. При разгрузке SSL балансировщик нагрузки всегда запрашивает веб-серверы по обычному http, но отправляет соответствующие заголовки X-Forwarded. Веб-серверы Apache не настроены для SSL / https.
Все отлично работает с mod_pagespeed для обычного http, но не для https. Однако доступ к веб-сайту через https:
Я прикрепил свои различные конфигурации, обратите внимание, что mod_pagespeed включен для отдельного vhost - я удалил нерелевантные vhosts из конфигурации ниже.
В приведенной ниже конфигурации я изменил наш основной домен на example.com
и наш домен без файлов cookie nocookie.com
Apache
Version : 2.2.15
Release : 39.el6.centos
версия mod_pagespeed:
1.9.32.14
/etc/httpd/conf.d/vhost.conf
## Virtual Hosts
#
<Directory "/hostroot/www/vhost/*/httpdocs">
Order allow,deny
Allow from all
Options FollowSymLinks
AllowOverride none
</Directory>
NameVirtualHost *:80
<VirtualHost _default_:80>
ServerAdmin noreply@example.com
DocumentRoot "/hostroot/www/vhost/default/httpdocs"
ServerName webserver.example.com
ErrorLog "/var/log/httpd/vhost/default/error_log"
# CustomLog "/var/log/httpd/vhost/default/access_log" common
CustomLog "/var/log/httpd/vhost/default/access_log" combined env=!forwarded
CustomLog "/var/log/httpd/vhost/default/access_log" proxy env=forwarded
</VirtualHost>
<VirtualHost *:80>
ServerAdmin noreply@example.com
ServerName example.com
ServerAlias www.example.com
ServerAlias www1.example.com
ServerAlias www2.example.com
ServerAlias www3.example.com
ServerAlias www4.example.com
ServerAlias www5.example.com
ServerAlias www6.example.com
ServerAlias www7.example.com
ServerAlias www8.example.com
ServerAlias www9.example.com
ServerAlias m.example.com
ServerAlias wap.example.com
ServerAlias mobil.example.com
ServerAlias mob.example.com
ServerAlias app.example.com
ServerAlias ap.example.com
DocumentRoot "/hostroot/www/vhost/example_com/httpdocs/public/default"
DirectoryIndex index.php
# This should be omitted in the production environment
SetEnv APPLICATION_DOMAIN www.example.com
# SetEnv APPLICATION_ENV production
# SetEnv APPLICATION_LAYOUT default
# SetEnvIf X-Forwarded-Proto https HTTPS=on
ErrorLog "/var/log/httpd/vhost/example_com/error_log"
# CustomLog "/var/log/httpd/vhost/example_com/access_log" common
CustomLog "/var/log/httpd/vhost/example_com/access_log" combined env=!forwarded
CustomLog "/var/log/httpd/vhost/example_com/access_log" proxy env=forwarded
ModPagespeed on
ModPagespeedDomain www.example.com
ModPagespeedLoadFromFileMatch "^(http|https)://www.example.com/(img|lib|css|swg)/" "/hostroot/www/vhost/example_com/httpdocs/public/default/\\2/"
ModPagespeedShardDomain nocookie.com s1.nocookie.com,s2.nocookie.com,s3.nocookie.com
ModPagespeedMapRewriteDomain nocookie.com www.example.com
ModPagespeedRespectXForwardedProto on
# ModPagespeedEnableFilters insert_image_dimensions
ModPagespeedDisableFilters convert_png_to_jpeg,inline_images,convert_jpeg_to_webp
Header unset ETag
FileETag None
# Enable expirations
ExpiresActive On
ExpiresDefault "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 year"
<Directory "/hostroot/www/vhost/example_com/httpdocs/public/default">
RewriteEngine On
# Redirect to www.example.com if no-sub or sub is not www, stop further rewrites
RewriteCond %{HTTP_HOST} !^www([0-9]*)\.example\.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301]
# If actual resource serve it and stop further rewrites
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d [OR]
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|swf|php|ico|txt|pdf|xml|woff|ttf|eot|svg)$
RewriteRule ^.*$ - [NC,L]
# Remove trailing slash, set permanent redirect and stop further rewrites
# Condition is only needed, if directories is not handled by previous rewrites
#RewriteCond %{REQUEST_FILENAME} !-d
# RewriteRule ^(.*)/$ /$1 [R=301,L]
# Bootstrap to index.php
RewriteRule ^.*$ index.php [NC,L]
</Directory>
<IfModule mod_alias.c>
Alias /apple-touch-icon-57x57.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-57x57.png
Alias /apple-touch-icon-60x60.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-60x60.png
Alias /apple-touch-icon-72x72.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-72x72.png
Alias /apple-touch-icon-76x76.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-76x76.png
Alias /apple-touch-icon-114x114.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-114x114.png
Alias /apple-touch-icon-120x120.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-120x120.png
Alias /apple-touch-icon-144x144.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-144x144.png
Alias /apple-touch-icon-152x152.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-152x152.png
Alias /apple-touch-icon-180x180.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-180x180.png
Alias /apple-touch-icon-precomposed.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-precomposed.png
Alias /apple-touch-icon.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon.png
Alias /browserconfig.xml /hostroot/www/vhost/example_com/favicons/browserconfig.xml
Alias /crossdomain.xml /hostroot/www/vhost/example_com/favicons/crossdomain.xml
Alias /favicon-16x16.png /hostroot/www/vhost/example_com/favicons/favicon-16x16.png
Alias /favicon-32x32.png /hostroot/www/vhost/example_com/favicons/favicon-32x32.png
Alias /favicon-96x96.png /hostroot/www/vhost/example_com/favicons/favicon-96x96.png
Alias /favicon-160x160.png /hostroot/www/vhost/example_com/favicons/favicon-160x160.png
Alias /favicon-192x192.png /hostroot/www/vhost/example_com/favicons/favicon-192x192.png
Alias /favicon.ico /hostroot/www/vhost/example_com/favicons/favicon.ico
Alias /mstile-70x70.png /hostroot/www/vhost/example_com/favicons/mstile-70x70.png
Alias /mstile-144x144.png /hostroot/www/vhost/example_com/favicons/mstile-144x144.png
Alias /mstile-150x150.png /hostroot/www/vhost/example_com/favicons/mstile-150x150.png
Alias /mstile-310x150.png /hostroot/www/vhost/example_com/favicons/mstile-310x150.png
Alias /mstile-310x310.png /hostroot/www/vhost/example_com/favicons/mstile-310x310.png
</IfModule>
</VirtualHost>
<VirtualHost *:80>
ServerAdmin noreply@example.com
ServerName nocookie.com
ServerAlias *.nocookie.com
DocumentRoot "/hostroot/www/vhost/example_com/httpdocs/public/default"
DirectoryIndex nocookie-index.htm
ErrorLog "/var/log/httpd/vhost/nocookie_com/error_log"
# CustomLog "/var/log/httpd/vhost/nocookie_com/access_log" common
CustomLog "/var/log/httpd/vhost/nocookie_com/access_log" combined env=!forwarded
CustomLog "/var/log/httpd/vhost/nocookie_com/access_log" proxy env=forwarded
ModPagespeed on
ModPagespeedDomain nocookie.com
ModPagespeedLoadFromFileMatch "^(http|https)://s[0-9]+.nocookie.com/(img|lib|css|swg)/" "/hostroot/www/vhost/example_com/httpdocs/public/default/\\2/"
ModPagespeedRespectXForwardedProto on
# ModPagespeedEnableFilters insert_image_dimensions
ModPagespeedDisableFilters convert_png_to_jpeg,inline_images
Header unset ETag
FileETag None
# Enable expirations
ExpiresActive On
ExpiresDefault "access plus 1 month"
ExpiresByType image/x-icon "access plus 1 year"
ExpiresByType image/gif "access plus 1 month"
ExpiresByType image/png "access plus 1 month"
ExpiresByType image/jpg "access plus 1 month"
ExpiresByType image/jpeg "access plus 1 month"
ExpiresByType text/css "access plus 1 month"
ExpiresByType application/javascript "access plus 1 year"
# Disable PHP
php_admin_flag engine off
# CORS setting
<FilesMatch "\.(ttf|otf|eot|woff)$">
SetEnvIf Origin "^http(s)?://(.+\.)?(example|nocookie)\.com(:\d+)?$" AccessControlAllowOrigin=$0
Header set Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
</FilesMatch>
<Directory "/hostroot/www/vhost/example_com/httpdocs/public/default">
RewriteEngine On
# If actual resource serve it and stop further rewrites
RewriteCond %{REQUEST_FILENAME} \.(gif|jpe?g|png|js|css|swf|php|ico|txt|pdf|xml|woff|ttf|eot|svg)$
RewriteRule ^.*$ - [NC,L]
# Bootstrap to index.php
RewriteRule ^.*$ http://www.example.com/ [NC,L]
</Directory>
<IfModule mod_alias.c>
Alias /apple-touch-icon-57x57.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-57x57.png
Alias /apple-touch-icon-60x60.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-60x60.png
Alias /apple-touch-icon-72x72.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-72x72.png
Alias /apple-touch-icon-76x76.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-76x76.png
Alias /apple-touch-icon-114x114.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-114x114.png
Alias /apple-touch-icon-120x120.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-120x120.png
Alias /apple-touch-icon-144x144.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-144x144.png
Alias /apple-touch-icon-152x152.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-152x152.png
Alias /apple-touch-icon-180x180.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-180x180.png
Alias /apple-touch-icon-precomposed.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon-precomposed.png
Alias /apple-touch-icon.png /hostroot/www/vhost/example_com/favicons/apple-touch-icon.png
Alias /browserconfig.xml /hostroot/www/vhost/example_com/favicons/browserconfig.xml
Alias /crossdomain.xml /hostroot/www/vhost/example_com/favicons/crossdomain.xml
Alias /favicon-16x16.png /hostroot/www/vhost/example_com/favicons/favicon-16x16.png
Alias /favicon-32x32.png /hostroot/www/vhost/example_com/favicons/favicon-32x32.png
Alias /favicon-96x96.png /hostroot/www/vhost/example_com/favicons/favicon-96x96.png
Alias /favicon-160x160.png /hostroot/www/vhost/example_com/favicons/favicon-160x160.png
Alias /favicon-192x192.png /hostroot/www/vhost/example_com/favicons/favicon-192x192.png
Alias /favicon.ico /hostroot/www/vhost/example_com/favicons/favicon.ico
Alias /mstile-70x70.png /hostroot/www/vhost/example_com/favicons/mstile-70x70.png
Alias /mstile-144x144.png /hostroot/www/vhost/example_com/favicons/mstile-144x144.png
Alias /mstile-150x150.png /hostroot/www/vhost/example_com/favicons/mstile-150x150.png
Alias /mstile-310x150.png /hostroot/www/vhost/example_com/favicons/mstile-310x150.png
Alias /mstile-310x310.png /hostroot/www/vhost/example_com/favicons/mstile-310x310.png
</IfModule>
</VirtualHost>
/etc/httpd/conf.d/pagespeed.conf
<IfModule !mod_version.c>
LoadModule version_module /usr/lib64/httpd/modules/mod_version.so
</IfModule>
<IfVersion < 2.4>
LoadModule pagespeed_module /usr/lib64/httpd/modules/mod_pagespeed.so
</IfVersion>
<IfVersion >= 2.4.2>
LoadModule pagespeed_module /usr/lib64/httpd/modules/mod_pagespeed_ap24.so
</IfVersion>
<IfModule !mod_deflate.c>
LoadModule deflate_module /usr/lib64/httpd/modules/mod_deflate.so
</IfModule>
<IfModule pagespeed_module>
ModPagespeed off
ModPagespeedInheritVHostConfig on
AddOutputFilterByType MOD_PAGESPEED_OUTPUT_FILTER text/html
ModPagespeedFileCachePath "/var/cache/mod_pagespeed/"
ModPagespeedLogDir "/var/log/pagespeed"
# ModPagespeedSslCertDirectory "/etc/pki/tls/certs"
# ModPagespeedSslCertFile /etc/pki/tls/cert.pem
ModPagespeedMemcachedServers "10.220.30.70:11211,10.220.30.71:11211"
ModPagespeedCreateSharedMemoryMetadataCache "/var/cache/mod_pagespeed/" 51200
# ModPagespeedRewriteLevel PassThrough
# ModPagespeedDisableFilters rewrite_images
# ModPagespeedEnableFilters rewrite_javascript,rewrite_css
# ModPagespeedEnableFilters collapse_whitespace,elide_attributes
# ModPagespeedForbidFilters rewrite_images
# ModPagespeedRewriteDeadlinePerFlushMs 10
ModPagespeedXHeaderValue "enabled"
ModPagespeedImplicitCacheTtlMs 2592000000
# ModPagespeedDomain
# ModPagespeedDownstreamCachePurgeLocationPrefix
# ModPagespeedDownstreamCachePurgeMethod PURGE
# ModPagespeedDownstreamCacheRewrittenPercentageThreshold 95
# ModPagespeedDownstreamCacheRebeaconingKey
# ModPagespeedFileCacheSizeKb 102400
# ModPagespeedFileCacheCleanIntervalMs 3600000
# ModPagespeedLRUCacheKbPerProcess 1024
# ModPagespeedLRUCacheByteLimit 16384
# ModPagespeedCssFlattenMaxBytes 102400
# ModPagespeedCssInlineMaxBytes 2048
# ModPagespeedCssImageInlineMaxBytes 0
# ModPagespeedImageInlineMaxBytes 3072
# ModPagespeedJsInlineMaxBytes 2048
# ModPagespeedCssOutlineMinBytes 3000
# ModPagespeedJsOutlineMinBytes 3000
# ModPagespeedMaxCombinedCssBytes -1
# ModPagespeedMaxCombinedJsBytes 92160
ModPagespeedFileCacheInodeLimit 500000
# ModPagespeedImageMaxRewritesAtOnce 8
# ModPagespeedNumRewriteThreads 4
# ModPagespeedNumExpensiveRewriteThreads 4
# ModPagespeedRewriteRandomDropPercentage 90
# ModPagespeedJsPreserveURLs on
# ModPagespeedImagePreserveURLs on
# ModPagespeedCssPreserveURLs on
# ModPagespeedFilters in_place_optimize_for_browser
# ModPagespeedPrivateNotVaryForIE on
# ModPagespeedImageRecompressionQuality 85
# ModPagespeedJpegRecompressionQuality -1
# ModPagespeedJpegRecompressionQualityForSmallScreens 70
# ModPagespeedWebpRecompressionQuality 80
# ModPagespeedWebpRecompressionQualityForSmallScreens 70
# ModPagespeedWebpTimeoutMs 5000
# ModPagespeedImageLimitOptimizedPercent 100
# ModPagespeedImageLimitResizeAreaPercent 100
# ModPagespeedMaxInlinedPreviewImagesIndex -1
# ModPagespeedMinImageSizeLowResolutionBytes 3072
# ModPagespeedMaxSegmentLength 250
# ModPagespeedCombineAcrossPaths off
# ModPagespeedAvoidRenamingIntrospectiveJavascript off
# ModPagespeedEnableFilters canonicalize_javascript_libraries
# ModPagespeedLibrary 43 1o978_K0_LNE5_ystNklf http://www.modpagespeed.com/rewrite_javascript.js
# ModPagespeedLoadFromFile "http://example.com/static/" "/hostroot/www/static/"
# ModPagespeedEnableFilters add_instrumentation
# ModPagespeedReportUnloadTime on
# ModPagespeedRespectVary on
# ModPagespeedStatistics off
<Location /pagespeed_admin>
Order deny,allow
Deny from all
SetEnvIF X-Forwarded-For "10.10.200.2" AllowIP
Allow from env=AllowIP
Allow from 192.168.1.0/24
SetHandler pagespeed_admin
</Location>
<Location /pagespeed_global_admin>
Order deny,allow
Deny from all
SetEnvIF X-Forwarded-For "10.10.200.2" AllowIP
Allow from env=AllowIP
Allow from 192.168.1.0/24
SetHandler pagespeed_global_admin
</Location>
ModPagespeedStatisticsLogging on
ModPagespeedMessageBufferSize 100000
</IfModule>
Хорошо, методом проб и ошибок мне удалось это решить.
Если изменили мой ModPagespeedLoadFromFileMatch
, это устраняет неотмеченный / комбинированный JS, а также некоторые несоответствующие медиафайлы, т.е. из корня домена.
ModPagespeedLoadFromFileMatch "^(http|https)://www\.example\.com(.*)(gif|jpe?g|png|js|css|swf|ico|txt|pdf|xml|woff|ttf|eot|svg)$" "/hostroot/www/vhost/example_com/httpdocs/public/default\\2\\3"
...
Я принудительно установил сегментирование домена на https с помощью следующего обновленного правила на основном виртуальном хосте:
ModPagespeedShardDomain nocookie.com https://s1.nocookie.com,https://s2.nocookie.com,https://s3.nocookie.com
...
Я добавил (раскомментировал) следующее правило на обоих vhosts:
SetEnvIf X-Forwarded-Proto https HTTPS=on
Я удалил следующее правило на обоих хостах:
ModPagespeedRespectXForwardedProto on