search

virtkick / http-master

versatile front end http service with reverse proxy
MIT License
139 stars 17 forks source link

support for X-Accel #30

Open Nowaker opened 10 years ago

Nowaker commented 10 years ago

While reading a default config of Rails application I came across this:

  # Specifies the header that your server uses for sending files.
  # config.action_dispatch.x_sendfile_header = "X-Sendfile" # for apache
  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for nginx

When X-Sendfile / X-Accel-Redirect is provided, the proxied application doesn't send any file. It just sends the X-Sendfile: file-to-serve-by-proxy and expects the reverse proxy to send this file instead. http://wiki.nginx.org/XSendfile

Serving big files by the reverse proxy might make the transfer more effient or taking less resources. Before proceeding we should first compare how http-master compares to nginx with and without X-Sendfile. Maybe it's not worth. On the other hand, we already have static module which could fit here.

Rush commented 10 years ago

My first thought is - there might be security implications. Really, should we listen to any request of the application or should we limit it to some directory? Also, if we are running under a specific user / group, this user or group might not have the rights to open and send requested file. There might also be issues with Content-Type.

Nowaker commented 10 years ago

should we limit it to some directory

Yes. See http://wiki.nginx.org/XSendfile.

There might also be issues with Content-Type.

Content-Type, and some other headers, are not changed. See http://wiki.nginx.org/XSendfile

user or group might not have the rights to open and send requested file

Sure. But this applies to Apache and nginx too.