Why I’m doing this, and what isn’t working
I want to move my WordPress based websites including this new/fresh blog site from Windows/IIS to individual linux-based docker containers running on very lean, electrically low-power hardware. I want much more control. I want each container/site to be independent in terms of host-domain and internal ssl. Eventually I’d like to use an nginx front-end (reverse-proxy) – maybe on a Raspberry Pi. And maybe Redis in a docker image, so together with some docker management I can scale up from low-power to higher-power VMs running other docker images. In the meantime, I’m using my current IIS 8.5 installation running in a Windows 8.1 VM as a reverse proxy, and for Application Request Routing.
The internal ssl is there out of principle, and part of my network hardening plans, particularly as my IoT project will include actuators. And obviously I use public facing ssl, so there has to be ssl off-loading on the reserve proxy. The reverse proxy includes outbound rewrite rules (form the internal server) to rewrite any instance of the internal server address to the public facing address. But in order to do that, the response from the internal server can’t be encrypted. So the reverse proxy stores the “accept_encoding” part of the request header from the client, so it can set it to an empty string when passing the request to the internal server, prompting it to respond without compression. The idea is, that the reserve proxy then restores the “accept_encoding” part of the header, before the dynamic compression module on the reverse proxy sees it. I can’t get it to work. After many days of trying different solutions and permutations. I know gzip works on my other sites running on the IIS performing the reserve proxy function for this particular site (so far).