install brotli for nginx in ubuntu

How to Install Brotli for NGINX in Ubuntu

Brotli is a popular data compression algorithm developed by Google. It is a good alternative to gzip, deflate & bzip2 algorithms. It is as fast and in some cases, provides better compression than these algorithms. In this article, we will look at how to install Brotli for NGINX in Ubuntu.


How to Install Brotli for NGINX in Ubuntu

Here are the steps to install Brotli for NGINX in Ubuntu.


1. Pre-requisites

Before you begin installation, it is important to be logged in as non-root user with sudo privileges. Also you need to install certain prerequisite packages. Open terminal and run the following command to create & switch to new non-root user test_user with sudo privileges. Replace test_user with username of your choice.

$ adduser test_user --gecos "Test User"
$ usermod -aG sudo test_user
$ su - test_user

Next, run the following command to update Ubuntu and install certain pre-requisites.

$ sudo apt update && sudo apt upgrade -y
$ sudo apt install -y build-essential git apt-transport-https socat


2. Install SSL/TLS certificate from Let’s Encrypt

Next, we will install SSL/TLS certificate using Lets Encrypt. Run the following command to install Lets Encrypt. We will install its certbot that automatically generates & renews certificates for you.

$ sudo apt install certbot

Once the installation is complete, run the following command to generate certificate. Replace example.com with your domain name, and admin@example.com with your administrator’s email address.

$ sudo certbot certonly --agree-tos --email admin@example.com -d example.com -d www.example.com

After you run the above command, the certbot will issue some questions to understand your requirement and issue a text string that you need to add as a text record in your website’s DNS entry.

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about EFF and
our work to encrypt the web, protect its users and defend digital rights.
-------------------------------------------------------------------------------
(Y)es/(N)o: y
Obtaining a new certificate
Performing the following challenges:
dns-01 challenge for example.com

-------------------------------------------------------------------------------
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
-------------------------------------------------------------------------------
(Y)es/(N)o: y

-------------------------------------------------------------------------------
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:

Y4FrZ6y-JqFJQRmq_lGi9ReRQHPa1aTC9J2O7wDKzq8

Before continuing, verify the record is deployed.

The text in bold needs to be added as a text record in your website’s DNS entry. This will prove to the certbot that you indeed are the owner/administrator of your domain.

Wait for a few minutes before proceeding with the prompt. If all goes well, then certbot will generate your certificates and display a success message, with the location of SSL/TLS certificates.

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/example.com/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/example.com/privkey.pem
   Your cert will expire on 2020-01-09. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

Verify the certificates with the following command.

$ sudo certbot certificates

You will see the following output.

Found the following certs:
  Certificate Name: example.com
    Domains: *.example.com
    Expiry Date: 2021-09-05 07:48:04+00:00 (VALID: 85 days)
    Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem

Let’s Encrypt’s certificate is valid for 85 days. So we will setup cronjob to auto-renew it regularly. For that, open crontab with the following command.

$ sudo crontab -e

Add the following lines to it.

0 1 * * * /usr/bin/certbot renew >> /var/log/letsencrypt/renew.log

Save and close the file to apply the new cronjob.


3. Install NGINX

Run the following commands to install NGINX.

$ sudo apt update
$ sudo apt install software-properties-common
$ sudo add-apt-repository ppa:nginx/stable
$ sudo apt-get update
$ sudo apt-get install nginx

You can verify NGINX installation with the following command.

$ sudo nginx -v
nginx version: nginx/1.16.1

Please note the version in the output of above command.


4. Download & Compile Brotli

You need to download & compile the ngx_brotli module as a dynamic module. So you need to download the right Brotli module based on the NGINX version.

First we install pre-requisites.

$ sudo apt install git libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev

Next, download the NGINX version that matches the NGINX installed on your system.

$ cd ~/
$ wget https://nginx.org/download/nginx-1.16.1.tar.gz
$ tar zxvf nginx-1.16.1.tar.gz

Next, run the following commands to clone the ngx_brotli module from Github.

$ cd ~/
$ git clone https://github.com/eustas/ngx_brotli.git
$ cd ~/ngx_brotli
$ git submodule update --init

Change to nginx-1.16.1 folder.

$ cd ~/nginx-1.16.1

Run the following commands to dynamically compile ngx_brotli and copy it to standar directory for NGINX modules /etc/nginx/modules.

$ ./configure --with-compat --add-dynamic-module=./ngx_brotli
$ make modules
$ sudo cp objs/*.so /etc/nginx/modules-available
or 
$ sudo cp objs/*.so /usr/share/nginx/modules

List files at /etc/nginx/modules-available

$ ls /etc/nginx/modules-available

You will see the following output.

ngx_http_brotli_filter_module.so
ngx_http_brotli_static_module.so


5. Configure NGINX

Open NGINX configuration file in a text editor.

$ sudo vi /etc/nginx/nginx.conf

Add the following lines to the top of the file to load Brotli.

load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;

Your configuration file will look like the following.

load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
...

Save and exit file.

Run the following command to test NGINX configuration.

$ sudo nginx -t

You should see the following output.

Output: 
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok 
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now when you want to use Brotli with virtual host, use the following configuration. Replace example.com with your domain name.

server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl http2;
server_name example.com;

ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;

brotli on;
brotli_static on;
brotli_types *;
}

Restart NGINX server to apply changes.

$ sudo systemctl reload nginx.service

That’s it. In this article, we have learnt how to install Brotli module for NGINX in Ubuntu.

Also read:

How to Install Brotli for Apache in Ubuntu
How to Uninstall Docker in CentOS
How to Uninstall Asterisk in Ubuntu
JSON.dump vs JSON.dumps in Python
How to Uninstall Docker in Ubuntu

Leave a Reply

Your email address will not be published.