From d3b35768158ff519391c8e0062a0f69ddab1a362 Mon Sep 17 00:00:00 2001
From: phil <phil@systemausfall.org>
Date: Sat, 11 Mar 2023 20:52:04 +0100
Subject: [PATCH] Enable gzip compression

---
 README.md                       |  3 +++
 defaults/main.yaml              | 19 +++++++++++++++++++
 templates/nginx.conf.j2         | 19 ++++++++++++++++++-
 templates/reverse_proxy.conf.j2 |  2 +-
 4 files changed, 41 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 117baef..47a91b9 100644
--- a/README.md
+++ b/README.md
@@ -12,6 +12,9 @@ Role to install Nginx.
 | `nginx_bad_client_ip` | | List of IP address to deny access |
 | `nginx_type` | | `gateway` for a Reverse Proxy, `standalone` for a frontend webserver, `backend` for a backend webserver (behind a Reverse Proxy) |
 | `nginx_proxy_headers_hash_bucket_size` | `64` | |
+| `nginx_http_version` | `1.1` | [documentation](https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version) |
+| `nginx_gzip` | | [documentation](https://nginx.org/en/docs/http/ngx_http_gzip_module.html) |
+| `nginx_gzip_types` | --> `defaults/main.yaml` | |
 | `dhparam_path` | `/etc/ssl/private/dhparam.pem` | Path to dhparam file |
 | `dhparam_size` | `4096` | Size (in bits) of the generated DH-params |
 
diff --git a/defaults/main.yaml b/defaults/main.yaml
index 785e788..69d6944 100644
--- a/defaults/main.yaml
+++ b/defaults/main.yaml
@@ -1,3 +1,22 @@
 dhparam_path: /etc/ssl/private/dhparam.pem
 
 bad_user_agents_url: https://raw.githubusercontent.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker/09071c4b8016f7d59b84a3f941035ce1872aaf7a/_generator_lists/bad-user-agents.list
+
+nginx_http_version: "1.1"
+
+# Add a semicolon to the end of the last list item
+nginx_gzip_types:
+  - "text/plain"
+  - "text/css"
+  - "text/xml"
+  - "text/javascript"
+  - "application/javascript"
+  - "application/x-javascript"
+  - "application/json"
+  - "application/xml"
+  - "application/xml+rss"
+  - "application/xhtml+xml"
+  - "application/x-font-ttf"
+  - "application/x-font-opentype"
+  - "image/svg+xml"
+  - "image/x-icon;"
diff --git a/templates/nginx.conf.j2 b/templates/nginx.conf.j2
index 419c4c8..14d107f 100644
--- a/templates/nginx.conf.j2
+++ b/templates/nginx.conf.j2
@@ -44,11 +44,28 @@ http {
 
     error_log /var/log/nginx/error.log;
 
-
     ##
     # Gzip Settings
     ##
+{% if nginx_gzip is defined and nginx_gzip %}
+    gzip on;
+{% if nginx_type == 'gateway' %}
+    gzip_proxied any;
+{% endif %}
+    gzip_static on;
+    gzip_http_version {{ nginx_http_version }};
+    gzip_disable "MSIE [1-6]\.";
+    gzip_vary on;
+    gzip_comp_level 6;
+    gzip_types
+{% for type in nginx_gzip_types %}
+        {{ type }}
+{% endfor %}
+    gzip_buffers 16 8k;
+    gzip_min_length 512;
+{% else %}
     gzip off;
+{% endif %}
 
     ##
     # Virtual Host Configs
diff --git a/templates/reverse_proxy.conf.j2 b/templates/reverse_proxy.conf.j2
index 013992d..e04eb0b 100644
--- a/templates/reverse_proxy.conf.j2
+++ b/templates/reverse_proxy.conf.j2
@@ -1,6 +1,6 @@
 # Managed by Ansible
 
-proxy_http_version      1.1;
+proxy_http_version      {{ nginx_http_version }};
 proxy_set_header        Host $host;
 proxy_set_header        X-Real-IP $remote_addr;
 proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;