Default Nginx config for Magento

Good afternoon,

And a happy new year 2022.

I have met some casualties when I was working on our back-office with high definition pictures, Nginx return 415 error code HTTP for product images when editing.

When I was checked the error log of Nginx, messages lead me to the directive image filter :

2022/01/05 13:59:30 [error] 2137574#2137574: *1241 image filter: too big response: 1479857 while sending response to client

image_filter_buffer #Set the maximum size of the read image buffer, otherwise 415 error will occur.

I think it will be a good idea to include this one in a comment or leave as it is,

Ilan Parmentier

Good afternoon,

I do not know why this URL is blocked :
https://github.com/magenx/Magento-nginx-config/blob/06937db83dbab281d10e554f795d513f75fe613b/magento2/conf_m2/maps.conf#L28

However this URL is used in checkout page cart to estimate shipping rates ?

Thank you,

Ilan

The regex for bad user agents includes this line:

~*(larbin|LeechFTP|Lightspeedsystems|litemage_walker|Link|LinksManager.com|Lipperhey|LinkpadBot|linkwalker|lwp-trivial|ltx71) 1;

However, this also matches the user agent sent by requests from within the iOS LinkedIn app. For example:

Mozilla/5.0 (iPad; CPU OS 12_4_4 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Mobile/15E148 [LinkedInApp]

The simple solution is to remove |Link, though I'm not sure if there's a better solution, as I don't know what agent that was intended to match in the first place.

Hi, You have written really great piece of code...thank you... i learn.... quite much ... but this Issue is to complex for me...still beyond my skills.. Could you pls update the part of manual? (magento2.1.5) "for ssl configuration in nginx.conf you must:"? I've done what you recommended but no success.. I can't bring nginx to SSL I have tried many tricks ... Spent over 2 days about ::) Could you help ? edit: I can sent you access data to my test machine. Fresh dyployed.

1. There is no "Rest Api" configuration for magento. 404 will be returned, if "http://magento.dev/api/rest/products"
2. "SOAP/XML-RPC" is Ok, "http://magento.dev/api/v2_soap/?wsdl=1"

The zones setup in extra_protect.conf prevent Magento's ajax function from doing searches on the fly. Nginx's error log is full of these errors:

limiting requests, excess: 0.288 by zone "zone3", client: 127.0.0.1, server: mystore.com, request: "GET /search/ajax/suggest/?q=test

I'm not a nginx pro, but is there a way to modify the .conf files to create a whitelist or exception for the localhost 127.0.0.1 so it doesn't get denied by the limit requests in extra_protect.conf?

Hi, seems that Magento don't rewrite and resize images both in admin area then frontend. After many searches it can be an nginx issue. Nginx configuration seems to be ok. I have enabled nginx debug, passed all varnish requests and disabled opcache and i have this result: ` % curl -Ivl "https://www.mydomain.com/media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image"

• Trying xxx.xxx.xxx.xxx...
• TCP_NODELAY set
• Connected to www.mydomain.com (xxx.xxx.xxx.xxx) port 443 (#0)
• ALPN, offering h2
• ALPN, offering http/1.1
• successfully set certificate verify locations:
• CAfile: /etc/ssl/cert.pem CApath: none
• TLSv1.2 (OUT), TLS handshake, Client hello (1):
• TLSv1.2 (IN), TLS handshake, Server hello (2):
• TLSv1.2 (IN), TLS handshake, Certificate (11):
• TLSv1.2 (IN), TLS handshake, Server key exchange (12):
• TLSv1.2 (IN), TLS handshake, Server finished (14):
• TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
• TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (OUT), TLS handshake, Finished (20):
• TLSv1.2 (IN), TLS change cipher, Change cipher spec (1):
• TLSv1.2 (IN), TLS handshake, Finished (20):
• SSL connection using TLSv1.2 / ECDHE-RSA-AES256-GCM-SHA384
• ALPN, server accepted to use h2
• Server certificate:
• subject: CN=mydomain.com
• start date: Mar 15 09:21:16 2021 GMT
• expire date: Jun 13 09:21:16 2021 GMT
• subjectAltName: host "www.mydomain.com" matched cert's "www.mydomain.com"
• issuer: C=US; O=Let's Encrypt; CN=R3
• SSL certificate verify ok.
• Using HTTP2, server supports multi-use
• Connection state changed (HTTP/2 confirmed)
• Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
• Using Stream ID: 1 (easy handle 0x7fe85d00d600)

HEAD /media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image HTTP/2 Host: www.mydomain.com User-Agent: curl/7.64.1 Accept: /

• Connection state changed (MAX_CONCURRENT_STREAMS == 128)! < HTTP/2 200 HTTP/2 200 < server: nginx server: nginx < date: Thu, 01 Apr 2021 07:39:54 GMT date: Thu, 01 Apr 2021 07:39:54 GMT < content-type: image/jpeg content-type: image/jpeg < content-length: 25929 content-length: 25929 < last-modified: Wed, 17 Mar 2021 16:07:28 GMT last-modified: Wed, 17 Mar 2021 16:07:28 GMT < etag: "60522940-6549" etag: "60522940-6549" < expires: Thu, 31 Dec 2037 23:55:55 GMT expires: Thu, 31 Dec 2037 23:55:55 GMT < cache-control: max-age=315360000, public cache-control: max-age=315360000, public < accept-ranges: bytes accept-ranges: bytes

<

• Connection #0 to host www.mydomain.com left intact
• Closing connection 0 `

In nginx logs I have: ` 2021/04/01 09:39:54 [notice] 1273459#1273459: 7 "^/static/(version\d/)?(.*)$" does not match "/media/catalog/product/0/1/018084910993.jpg", client: 151.77.185.247, server: www.mydomain.com, request: "HEAD /media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image HTTP/1.1", host: "www.mydomain.com"

2021/04/01 09:39:54 [notice] 1273459#1273459: *7 "/(admin_6g9joz|PMA_PLACEHOLDER)/" does not match "/media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image", client: 151.77.185.247, server: www.mydomain.com, request: "HEAD /media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image HTTP/1.1", host: "www.mydomain.com"

2021/04/01 09:39:54 [notice] 1273459#1273459: 7 "^(./)index.php(/?)(.*)" does not match "/media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image", client: 151.77.185.247, server: www.mydomain.com, request: "HEAD /media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image HTTP/1.1", host: "www.mydomain.com"

2021/04/01 09:39:54 [notice] 1273459#1273459: *7 "^(brand|cat|color|dir|from|limit|price|type|mode|size|manufacturer|product_list_mode|product_list_order|product_list_dir)=.+" does not match "width=320&height=320&store=it&image-type=small_image", client: 151.77.185.247, server: www.mydomain.com, request: "HEAD /media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image HTTP/1.1", host: "www.mydomain.com"

2021/04/01 09:39:54 [warn] 1273459#1273459: *7 using uninitialized "filters" variable, client: 151.77.185.247, server: www.mydomain.com, request: "HEAD /media/catalog/product/0/1/018084910993.jpg?width=320&height=320&store=it&image-type=small_image HTTP/1.1", host: "www.mydomain.com" `

and all images url generate full image with parameters

For some reason when running multiple domains/vhosts it is conflicting and it does not pass the relevant PHP pool?

Now I have created two maps.conf as each domain will have multiple domains/stores.

Now the issue is domain1 using xxxxx pool and when I var_dump

$params = $_SERVER;
var_dump($_SERVER);
exit;

For domain1 it returns the following:

array(
   39)   {
[
         "USER"
      ]      => string(9)      "xxxxxx"[
         "HOME"
      ]      => string(15)      "/home/xxxxxx"[
         "HTTP_COOKIE"
      ]      => string(340)      "_ga=GA1.3.2089969139.1586092654; _gid=GA1.3.1706564775.1586092654; _fbp=fb.2.1586092653868.278218693; _hjid=e84418d7-c956-41fc-9e4e-d5c6022e4160; mage-cache-storage=%7B%7D; mage-cache-storage-section-invalidation=%7B%7D; _hjIncludedInSample=1; X-Magento-Vary=e3cb9ab3566a693edff3edf82caa39b1ed79e8ba; section_data_ids=%7B%22gtm%22%3A7000%7D"[
         "HTTP_ACCEPT_LANGUAGE"
      ]      => string(23)      "en-GB,en;q=0.9,ar;q=0.8"[
         "HTTP_ACCEPT_ENCODING"
      ]      => string(17)      "gzip, deflate, br"[
         "HTTP_SEC_FETCH_USER"
      ]      => string(2)      "?1"[
         "HTTP_SEC_FETCH_MODE"
      ]      => string(8)      "navigate"[
         "HTTP_SEC_FETCH_SITE"
      ]      => string(4)      "none"[
         "HTTP_ACCEPT"
      ]      => string(124)      "text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"[
         "HTTP_SEC_FETCH_DEST"
      ]      => string(8)      "document"[
         "HTTP_USER_AGENT"
      ]      => string(115)      "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36"[
         "HTTP_UPGRADE_INSECURE_REQUESTS"
      ]      => string(1)      "1"[
         "HTTP_DNT"
      ]      => string(1)      "1"[
         "HTTP_CACHE_CONTROL"
      ]      => string(9)      "max-age=0"[
         "HTTP_HOST"
      ]      => string(20)      "www.xxxxxx.co.uk"[
         "MAGE_RUN_TYPE"
      ]      => string(0)      ""[
         "MAGE_RUN_CODE"
      ]      => string(0)      ""[
         "REDIRECT_STATUS"
      ]      => string(3)      "200"[
         "SERVER_NAME"
      ]      => string(15)      "www.xxxxxx.com"[
         "SERVER_ADDR"
      ]      => string(15)      "000.000.000.000"[
         "REMOTE_PORT"
      ]      => string(5)      "41721"[
         "REMOTE_ADDR"
      ]      => string(13)      "000.000.000.000"[
         "SERVER_SOFTWARE"
      ]      => string(12)      "nginx/1.16.1"[
         "GATEWAY_INTERFACE"
      ]      => string(7)      "CGI/1.1"[
         "HTTPS"
      ]      => string(2)      "on"[
         "SERVER_PROTOCOL"
      ]      => string(8)      "HTTP/2.0"[
         "DOCUMENT_ROOT"
      ]      => string(24)      "/home/xxxxxx/public/pub"[
         "DOCUMENT_URI"
      ]      => string(10)      "/index.php"[
         "REQUEST_URI"
      ]      => string(1)      "/"[
         "SCRIPT_NAME"
      ]      => string(10)      "/index.php"[
         "SCRIPT_FILENAME"
      ]      => string(34)      "/home/xxxxx/public/pub/index.php"[
         "CONTENT_LENGTH"
      ]      => string(0)      ""[
         "CONTENT_TYPE"
      ]      => string(0)      ""[
         "REQUEST_METHOD"
      ]      => string(3)      "GET"[
         "QUERY_STRING"
      ]      => string(0)      ""[
         "FCGI_ROLE"
      ]      => string(9)      "RESPONDER"[
         "PHP_SELF"
      ]      => string(10)      "/index.php"[
         "REQUEST_TIME_FLOAT"
      ]      => float(1586095624.6495)[
         "REQUEST_TIME"
      ]      => int(1586095624)
   }

How come Domain1 returning domain2 details? including the ownership etc...

domain-maps.conf

## Map php-fpm pass route
map $http_host$request_uri $MAGE_PHP_ROUTE {
    default unix:/var/run/php7.2-fpm-domain1.sock; # default php-fpm
}

    ## Map files to exclude from access log
#    map $request $writelog {
#                default   1;
#                ~*\.woff2 0;
#                ~*\.jpg   0;
#                ~*\.png   0;
#                ~*\.gif   0;
#                ~*\.css   0;
#                ~*\.webp  0;
#                ~*\.js    0;
#        }

## map query parameter to magento profiler parameter
map $query_string $MAGE_PROFILER {
  ~DEVELOPMENT=Q9ARzXbrwI html;
}

## Filter API access
map $request_uri $api_access {
            default 0;
        ~/(.*)/V1/customers(?!/me)              1;
	~/(.*)/V1/customers/password            1;
        ~/(.*)/V1/customers/resetPassword       1;
        ~/(.*)/V1/customers/isEmailAvailable    1;
        ~/(.*)/V1/guest-carts/                  1;
        ~/(.*)/V1/integration/                  1;
        ~/(.*)/V1/search                        1;
    }

## CORS headers
map $http_origin $cors_origin {
        default "";
        ~*.example.com$ "$http_origin";
    }

## Admin location http auth
geo $authentication {
    default "Authentication required";
    127.0.0.1 "off";
    1.2.3.4 "off";
}
    
## GEOIP routing
#map $geoip_country_code $geospatial {
#        default example.com;
#        RU      example.com/shipping.html;
#        US      us.example.com;
#        AS      as.example.com;
#}

# microcache
map $request_uri $no_cache {
	default 1;
	~/searchautocomplete/ajax/get/		0;
	~/catalogsearch/ajax/suggest/		0;
	~/search/ajax/suggest/			0;
}

## Multi shop code configuration
map $http_host $MAGE_RUN_CODE {
hostnames;
	  .domain1.co.uk base;
	  .domain2.com base_en;
}

map $http_host $MAGE_RUN_TYPE {
hostnames;
	  .domain1.co.uk website;
	  .domain2.com store;
}
    
## Map HSTS header
map $scheme $hsts_header { https  "max-age=31556926; includeSubDomains; preload"; }
    
## Map bad user agents
map $http_user_agent $bad_client {
    default 0;
  ~*(360Spider)  1;
  ~*(Aboundex|aiHitBot|AhrefsBot|AspiegelBot) 1;
  ~*(betaBot|BigBozz|BlackWidow|Bolt|BLEXBot|BUbiNG) 1;
  ~*(CazoodleBot|cispa|CPython|CCBot|ChinaClaw|Cliqzbot|coccocbot|Curious|CRAZYWEBCRAWLER|Custo) 1;
  ~*(Daumoa|Default|DeuSu|DIIbot|DISCo|discobot|DoCoMo|DuckDuckGo) 1;
  ~*(EasouSpider|eCatch|ecxi|EirGrabber|EmailCollector|EmailSiphon|EmailWolf|ExtractorPro|Exabot|Exploratodo|EyeNetIE) 1;
  ~*(FatBot|FlashGet|Findxbot) 1;
  ~*(GetRight|GetWeb!|GigablastOpenSource|Gigabot|gimme60bot|Go!Zilla|Go-Ahead-Got-It|Go.*package.*|GrabNet|Grafula|GT::WWW|GuzzleHttp) 1;
  ~*(heritrix|HaosouSpider|HMView|HTTP::Lite|HTTrack) 1;
  ~*(ia_archiver|IDBot|id-search|id-search.org|InterGET|InternetSeer.com|IRLbot) 1;
  ~*(JetCar) 1;
  ~*(larbin|LeechFTP|Lightspeedsystems|litemage_walker|Link|LinksManager.com|Lipperhey|LinkpadBot|linkwalker|lwp-trivial|ltx71) 1;
  ~*(Maxthon$|Mail.RU_Bot|meanpathbot|MegaIndex.ru|MFC_Tear_Sample|microsoft.url|Microsoft-IIS|Microsoft.*Office|Mozilla.*Indy|Mozilla.*NEWT|MJ12bot|MSFrontPage) 1;
  ~*(Navroad|NearSite|NetAnts|NetLyzer.*FastProbe|NetSpider|NetZIP|Nutch) 1;
  ~*(Octopus) 1;
  ~*(PageGrabber|panscient.com|pavuk|PECL::HTTP|PeoplePal|pcBrowser|Pi-Monster|PHPCrawl|PleaseCrawl|psbot|prijsbest) 1;
  ~*(Qwantify) 1;
  ~*(RealDownload|ReGet|RedesScrapy|Rippers|RocketCrawler) 1;
  ~*(SBIder|Scrapy|ScreenerBot|SEOprofiler|Screaming.*Spider|SeaMonkey|SeznamBot|SemrushBot|sitecheck.internetseer.com|SiteSnagger) 1;
  ~*(SmartDownload|Snoopy|SputnikBot|Steeler|SuperBot|SuperHTTP|Surfbot|sqlmap) 1;
  ~*(tAkeOut|Teleport|Toata|TwengaBot|Typhoeus) 1;
  ~*(URI::Fetch|User-Agent|UserAgent) 1;
  ~*(voltron|Vagabondo|VoidEYE|Visbot) 1;
  ~*(webalta|WebAuto|[Ww]eb[Bb]andit|WebCollage|WebCopier|WebFetch|WebLeacher|WebReaper|WebSauger|WebStripper|WebWhacker|WhatsApp) 1;
  ~*(WebZIP|Widow|Wotbox|WWW-Mechanize|WWWOFFLE) 1;
  ~*(XoviBot) 1;
  ~*(zermelo|Zeus|Zeus.*Webster|zgrab|ZyBorg) 1;
}

domain2-maps.conf

## Map php-fpm pass route
map $http_host$request_uri $MAGE_PHP_ROUTE {
    default unix:/var/run/php7.2-fpm-xxxxx.sock; # default php-fpm
}

    ## Map files to exclude from access log
#    map $request $writelog {
#                default   1;
#                ~*\.woff2 0;
#                ~*\.jpg   0;
#                ~*\.png   0;
#                ~*\.gif   0;
#                ~*\.css   0;
#                ~*\.webp  0;
#                ~*\.js    0;
#        }

## map query parameter to magento profiler parameter
map $query_string $MAGE_PROFILER {
  ~DEVELOPMENT=Q9ARzXbrwI html;
}

## Filter API access
map $request_uri $api_access {
            default 0;
        ~/(.*)/V1/customers(?!/me)              1;
	~/(.*)/V1/customers/password            1;
        ~/(.*)/V1/customers/resetPassword       1;
        ~/(.*)/V1/customers/isEmailAvailable    1;
        ~/(.*)/V1/guest-carts/                  1;
        ~/(.*)/V1/integration/                  1;
        ~/(.*)/V1/search                        1;
    }

## CORS headers
map $http_origin $cors_origin {
        default "";
        ~*.example.com$ "$http_origin";
    }

## Admin location http auth
geo $authentication {
    default "Authentication required";
    127.0.0.1 "off";
    1.2.3.4 "off";
}
    
## GEOIP routing
#map $geoip_country_code $geospatial {
#        default example.com;
#        RU      example.com/shipping.html;
#        US      us.example.com;
#        AS      as.example.com;
#}

# microcache
map $request_uri $no_cache {
	default 1;
	~/searchautocomplete/ajax/get/		0;
	~/catalogsearch/ajax/suggest/		0;
	~/search/ajax/suggest/			0;
}

## Multi shop code configuration
map $http_host $MAGE_RUN_CODE {
hostnames;
	  .xxxxxx.co.uk base;
	  .xxxxxxx.com base_en;
}

map $http_host $MAGE_RUN_TYPE {
hostnames;
	  .xxxxxxx.co.uk website;
	  .xxxxxxx.com store;
}
    
## Map HSTS header
map $scheme $hsts_header { https  "max-age=31556926; includeSubDomains; preload"; }
    
## Map bad user agents
map $http_user_agent $bad_client {
    default 0;
  ~*(360Spider)  1;
  ~*(Aboundex|aiHitBot|AhrefsBot|AspiegelBot) 1;
  ~*(betaBot|BigBozz|BlackWidow|Bolt|BLEXBot|BUbiNG) 1;
  ~*(CazoodleBot|cispa|CPython|CCBot|ChinaClaw|Cliqzbot|coccocbot|Curious|CRAZYWEBCRAWLER|Custo) 1;
  ~*(Daumoa|Default|DeuSu|DIIbot|DISCo|discobot|DoCoMo|DuckDuckGo) 1;
  ~*(EasouSpider|eCatch|ecxi|EirGrabber|EmailCollector|EmailSiphon|EmailWolf|ExtractorPro|Exabot|Exploratodo|EyeNetIE) 1;
  ~*(FatBot|FlashGet|Findxbot) 1;
  ~*(GetRight|GetWeb!|GigablastOpenSource|Gigabot|gimme60bot|Go!Zilla|Go-Ahead-Got-It|Go.*package.*|GrabNet|Grafula|GT::WWW|GuzzleHttp) 1;
  ~*(heritrix|HaosouSpider|HMView|HTTP::Lite|HTTrack) 1;
  ~*(ia_archiver|IDBot|id-search|id-search.org|InterGET|InternetSeer.com|IRLbot) 1;
  ~*(JetCar) 1;
  ~*(larbin|LeechFTP|Lightspeedsystems|litemage_walker|Link|LinksManager.com|Lipperhey|LinkpadBot|linkwalker|lwp-trivial|ltx71) 1;
  ~*(Maxthon$|Mail.RU_Bot|meanpathbot|MegaIndex.ru|MFC_Tear_Sample|microsoft.url|Microsoft-IIS|Microsoft.*Office|Mozilla.*Indy|Mozilla.*NEWT|MJ12bot|MSFrontPage) 1;
  ~*(Navroad|NearSite|NetAnts|NetLyzer.*FastProbe|NetSpider|NetZIP|Nutch) 1;
  ~*(Octopus) 1;
  ~*(PageGrabber|panscient.com|pavuk|PECL::HTTP|PeoplePal|pcBrowser|Pi-Monster|PHPCrawl|PleaseCrawl|psbot|prijsbest) 1;
  ~*(Qwantify) 1;
  ~*(RealDownload|ReGet|RedesScrapy|Rippers|RocketCrawler) 1;
  ~*(SBIder|Scrapy|ScreenerBot|SEOprofiler|Screaming.*Spider|SeaMonkey|SeznamBot|SemrushBot|sitecheck.internetseer.com|SiteSnagger) 1;
  ~*(SmartDownload|Snoopy|SputnikBot|Steeler|SuperBot|SuperHTTP|Surfbot|sqlmap) 1;
  ~*(tAkeOut|Teleport|Toata|TwengaBot|Typhoeus) 1;
  ~*(URI::Fetch|User-Agent|UserAgent) 1;
  ~*(voltron|Vagabondo|VoidEYE|Visbot) 1;
  ~*(webalta|WebAuto|[Ww]eb[Bb]andit|WebCollage|WebCopier|WebFetch|WebLeacher|WebReaper|WebSauger|WebStripper|WebWhacker|WhatsApp) 1;
  ~*(WebZIP|Widow|Wotbox|WWW-Mechanize|WWWOFFLE) 1;
  ~*(XoviBot) 1;
  ~*(zermelo|Zeus|Zeus.*Webster|zgrab|ZyBorg) 1;
}

Hello,

I get the following error while trying to start nginx after using the m1_config_install.sh: nginx: [emerg] duplicate listen options for 0.0.0.0:80 in /etc/nginx/port.conf:1

• Ubuntu 16.04 xenial
• nginx/1.11.2

I assume that it has something to do with the "reuseport" option, but I don't know how to resolve it other than removing it.

While using default nginx install on Ubuntu 14.04 I'm running into the following error:

invalid parameter "if=$writelog" in /etc/nginx/sites-enabled/magento.conf:13

I assume that the map module is installed, because if you rely on this post http://askubuntu.com/a/556382 it should be included in the standard http modules.

Any clue?

Good afternoon,

Thank you for your work and for kindly submitted your project freely.

I just would like to take some informations from you, why you pass to the Varnish proxy the directives :

proxy_set_header Accept-Encoding "";
proxy_set_header Connection "";

As you may know, and sure you do, Brotli is more and more supported by recent navigators. And it has tremendous effect on the compression (15 to 20 points better than GZIP). When Brotli is supported, the navigator send an Accept-Encoding to "br" otherwise it gracefully send a "gzip" information to the server.

In particular, to make it work with Varnish (standard version), we need to retrieve the br information from the Accept-Encoding header.

And I do know the interest of the two directives below. It is not included in my research on most config Nginx + Varnish.

Do you see any particular issue who we will encounter if it is commented ?

Brotli is enabled for the compression request (http directive in nginx) but also enable for compressing caching object in Varnish. And so far, I have some results in term of speed (I did not test in term of load of the CPU though).

I am looking forward for your answer.

Ilan Parmentier