Brotli is a popular data compression algorithm developed by Google. It is a good alternative to gzip, deflate & bzip2 algorithms. It is as fast and in some cases, provides better compression than these algorithms. In this article, we will look at how to install Brotli for NGINX in Ubuntu.
How to Install Brotli for NGINX in Ubuntu
Here are the steps to install Brotli for NGINX in Ubuntu.
1. Pre-requisites
Before you begin installation, it is important to be logged in as non-root user with sudo privileges. Also you need to install certain prerequisite packages. Open terminal and run the following command to create & switch to new non-root user test_user with sudo privileges. Replace test_user with username of your choice.
$ adduser test_user --gecos "Test User" $ usermod -aG sudo test_user $ su - test_user
Next, run the following command to update Ubuntu and install certain pre-requisites.
$ sudo apt update && sudo apt upgrade -y $ sudo apt install -y build-essential git apt-transport-https socat
2. Install SSL/TLS certificate from Let’s Encrypt
Next, we will install SSL/TLS certificate using Lets Encrypt. Run the following command to install Lets Encrypt. We will install its certbot that automatically generates & renews certificates for you.
$ sudo apt install certbot
Once the installation is complete, run the following command to generate certificate. Replace example.com with your domain name, and admin@example.com with your administrator’s email address.
$ sudo certbot certonly --agree-tos --email admin@example.com -d example.com -d www.example.com
After you run the above command, the certbot will issue some questions to understand your requirement and issue a text string that you need to add as a text record in your website’s DNS entry.
Saving debug log to /var/log/letsencrypt/letsencrypt.log Plugins selected: Authenticator manual, Installer None ------------------------------------------------------------------------------- Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights. ------------------------------------------------------------------------------- (Y)es/(N)o: y Obtaining a new certificate Performing the following challenges: dns-01 challenge for example.com ------------------------------------------------------------------------------- NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged? ------------------------------------------------------------------------------- (Y)es/(N)o: y ------------------------------------------------------------------------------- Please deploy a DNS TXT record under the name _acme-challenge.example.com with the following value: Y4FrZ6y-JqFJQRmq_lGi9ReRQHPa1aTC9J2O7wDKzq8 Before continuing, verify the record is deployed.
The text in bold needs to be added as a text record in your website’s DNS entry. This will prove to the certbot that you indeed are the owner/administrator of your domain.
Wait for a few minutes before proceeding with the prompt. If all goes well, then certbot will generate your certificates and display a success message, with the location of SSL/TLS certificates.
IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem Your cert will expire on 2020-01-09. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot configuration directory at /etc/letsencrypt. You should make a secure backup of this folder now. This configuration directory will also contain certificates and private keys obtained by Certbot so making regular backups of this folder is ideal. - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate Donating to EFF: https://eff.org/donate-le
Verify the certificates with the following command.
$ sudo certbot certificates
You will see the following output.
Found the following certs: Certificate Name: example.com Domains: *.example.com Expiry Date: 2021-09-05 07:48:04+00:00 (VALID: 85 days) Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Let’s Encrypt’s certificate is valid for 85 days. So we will setup cronjob to auto-renew it regularly. For that, open crontab with the following command.
$ sudo crontab -e
Add the following lines to it.
0 1 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.log
Save and close the file to apply the new cronjob.
3. Install NGINX
Run the following commands to install NGINX.
$ sudo apt update $ sudo apt install software-properties-common $ sudo add-apt-repository ppa:nginx/stable $ sudo apt-get update $ sudo apt-get install nginx
You can verify NGINX installation with the following command.
$ sudo nginx -v nginx version: nginx/1.16.1
Please note the version in the output of above command.
4. Download & Compile Brotli
You need to download & compile the ngx_brotli module as a dynamic module. So you need to download the right Brotli module based on the NGINX version.
First we install pre-requisites.
$ sudo apt install git libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev
Next, download the NGINX version that matches the NGINX installed on your system.
$ cd ~/ $ wget https://nginx.org/download/nginx-1.16.1.tar.gz $ tar zxvf nginx-1.16.1.tar.gz
Next, run the following commands to clone the ngx_brotli module from Github.
$ cd ~/ $ git clone https://github.com/eustas/ngx_brotli.git $ cd ~/ngx_brotli $ git submodule update --init
Change to nginx-1.16.1 folder.
$ cd ~/nginx-1.16.1
Run the following commands to dynamically compile ngx_brotli and copy it to standar directory for NGINX modules /etc/nginx/modules.
$ ./configure --with-compat --add-dynamic-module=./ngx_brotli $ make modules $ sudo cp objs/*.so /etc/nginx/modules-available or $ sudo cp objs/*.so /usr/share/nginx/modules
List files at /etc/nginx/modules-available
$ ls /etc/nginx/modules-available
You will see the following output.
ngx_http_brotli_filter_module.so ngx_http_brotli_static_module.so
5. Configure NGINX
Open NGINX configuration file in a text editor.
$ sudo vi /etc/nginx/nginx.conf
Add the following lines to the top of the file to load Brotli.
load_module modules/ngx_http_brotli_filter_module.so; load_module modules/ngx_http_brotli_static_module.so;
Your configuration file will look like the following.
load_module modules/ngx_http_brotli_filter_module.so; load_module modules/ngx_http_brotli_static_module.so; user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { ...
Save and exit file.
Run the following command to test NGINX configuration.
$ sudo nginx -t
You should see the following output.
Output: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful
Now when you want to use Brotli with virtual host, use the following configuration. Replace example.com with your domain name.
server { listen 80; server_name example.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl http2; server_name example.com; ssl_certificate /etc/letsencrypt/example.com/fullchain.cer; ssl_certificate_key /etc/letsencrypt/example.com/example.com.key; brotli on; brotli_static on; brotli_types *; }
Restart NGINX server to apply changes.
$ sudo systemctl reload nginx.service
That’s it. In this article, we have learnt how to install Brotli module for NGINX in Ubuntu.
Also read:
How to Install Brotli for Apache in Ubuntu
How to Uninstall Docker in CentOS
How to Uninstall Asterisk in Ubuntu
JSON.dump vs JSON.dumps in Python
How to Uninstall Docker in Ubuntu