We are using Zimbra Open Source Edition 8.8 version running in a CentOS 7 Server. For a security audit purpose (BREACH ATTACK mitigation), I was asked to disable the gzip/http compression in the nginx.conf file. Tried adding 'gzip off' directive to '/opt/zimbra/conf/nginx/includes/nginx.conf.main' but getting the below error.
# /opt/zimbra/common/sbin/nginx -t -c /opt/zimbra/conf/nginx.conf
nginx: [emerg] "gzip" directive is not allowed here in /opt/zimbra/conf/nginx/includes/nginx.conf.main:15
nginx: configuration file /opt/zimbra/conf/nginx.conf test failed
Can you please tell me what is the correct way to add this directive to nginx?
Disable GZIP/HTTP Compression in NGINX
-
- Posts: 37
- Joined: Fri Sep 01, 2006 5:32 pm
- Location: UK
- Contact:
Re: Disable GZIP/HTTP Compression in NGINX
Did you ever find a solution?
I found references to the zimbraHttpCompressionEnabled setting in /opt/zimbra/conf/attrs/zimbra-attrs.xml. (Noted in Zimbra Wiki https://files.zimbra.com/docs/config-guide/index.html and elsewhere)
This apparently only requires restarting the mailboxd service... However, changing this setting to FALSE, and even after a full server reboot, the compression remains on.
Checked before and after changes/restarts using:
So am no further forward in resolving this at this time...
Running: Release 8.8.15.GA.4179.UBUNTU20.64 UBUNTU20_64 FOSS edition, Patch 8.8.15_P40
I found references to the zimbraHttpCompressionEnabled setting in /opt/zimbra/conf/attrs/zimbra-attrs.xml. (Noted in Zimbra Wiki https://files.zimbra.com/docs/config-guide/index.html and elsewhere)
This apparently only requires restarting the mailboxd service... However, changing this setting to FALSE, and even after a full server reboot, the compression remains on.
Checked before and after changes/restarts using:
Code: Select all
sudo -u zimbra /opt/zimbra/bin/zmprov gs yourserver.fqdn.here | grep -i compress
Running: Release 8.8.15.GA.4179.UBUNTU20.64 UBUNTU20_64 FOSS edition, Patch 8.8.15_P40