we're using nginx to provide a security layer in front of an AWS presto cluster. We registered an SSL certificate for nginx-presto-cluster.our-domain.com
Requests for presto are passed through nginx with Basic authentication. An SQL query for presto results in multipe sequential requests to the server, to fetch query results.
We created a nginx.conf that looks like this:
location / {
auth_basic $auth;
auth_basic_user_file /etc/nginx/.htpasswd;
sub_filter_types *;
sub_filter_once off;
sub_filter 'http://localhost:8889/' 'https://presto.nginx-presto-cluster.our-domain.com/';
proxy_pass http://localhost:8889/;
}
Presto's responses contain a nextUri to fetch results. The sub_filter rewrites these Uri's from localhost:8889 to our secure domain, where they are passed through nginx again.
The problem: The first response has a body that looks exactly as desired:
{
"id":"20171123_104423_00092_u7hmr"
, ...
,"nextUri":"https://presto.nginx-presto-cluster.our-domain.com/v1/statement/20171123_104423_00092_u7hmr/1"
, ...
}
The second request, however, looks like:
{
"id":"20171123_105250_00097_u7hmr"
, ...
, "nextUri":"http://localhost:8889/v1/statement/20171123_105250_00097_u7hmr/2"
, ...
}
We would've expected the rewrite to work always the same way.
Can you help us?
We resolved the issue by adding
proxy_set_header Accept-Encoding "";
into the config snippet above.
The reason is that the traffic might be compressed in the process, if this is enabled. The string replacement then would not work on the compressed content.
By not accepting any encoding we prevent this compression.