0

I installed Brotli on Ubuntu 18.04 with Nginx.

Here is the procedure I followed :

$ sudo apt-add-repository ppa:hda-me/nginx-stable
$ sudo apt update
$ sudo apt install brotli nginx nginx-module-brotli

With the tutorial of this blog :

https://clearleft.com/posts/a-dive-into-serving-brotli-compressed-assets

ubuntu@www-example-com ~ $ nginx -V 2>&1 | tr ' ' '\n' | grep brotli

--add-dynamic-module=debian/extra/ngx_brotli

I uncommented the following lines

ubuntu@www-example-com ~ $ sudo nano /etc/nginx/nginx.conf

load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;

I test Nginx :

ubuntu@www-example-com ~ $ sudo nginx -t

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

My configuration seems correct. What's wrong ?

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name example.com www.example.com;

    location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/letsencrypt;
    }

    location / {
        return 301 https://www.example.com$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.example.com;
    root /var/www/www-example-com/web;
    index index.php;

    ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;

    brotli on;
    brotli_comp_level 6;
    brotli_types text/plain text/css text/xml application/json application/javascript application/xml+rss application/atom+xml image/svg+xml;

    expires 1209600s;

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~* \.(txt|log)$ {
        deny all;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    location ~* ^/.well-known/ {
        allow all;
    }

    location ~ (^|/)\. {
        return 403;
    }

    location / {
        try_files $uri /index.php?$query_string;
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }

    location ~ '\.php$|^/update.php' {
        expires off;
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        include fastcgi_params;
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
    }

    location ~ ^/sites/.*/files/styles/ {
        try_files $uri @rewrite;
    }

    location ~ ^(/[a-z\-]+)?/system/files/ {
        try_files $uri /index.php?$query_string;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

    location / {
        return 301 https://www.example.com$request_uri;
    }
}

Restart Nginx

ubuntu@www-example-com ~ $ sudo systemctl restart nginx

Here is the list of installed packages :

ubuntu@www-example-com ~ $ dpkg -l |grep nginx

ii  libnginx-mod-http-geoip         1.14.0-0ubuntu1.2                                        amd64        GeoIP HTTP module for Nginx
ii  libnginx-mod-http-image-filter  1.14.0-0ubuntu1.2                                        amd64        HTTP image filter module for Nginx
ii  libnginx-mod-http-xslt-filter   1.14.0-0ubuntu1.2                                        amd64        XSLT Transformation module for Nginx
ii  libnginx-mod-mail               1.14.0-0ubuntu1.2                                        amd64        Mail module for Nginx
ii  libnginx-mod-stream             1.14.0-0ubuntu1.2                                        amd64        Stream module for Nginx
ii  nginx                           1.15.8-1-ppa7~bionic                                     amd64        high performance web server
ii  nginx-common                    1.14.0-0ubuntu1.2                                        all          small, powerful, scalable web/proxy server - common files
ii  nginx-core                      1.14.0-0ubuntu1.2                                        amd64        nginx web/proxy server (standard version)
ii  nginx-module-brotli             1.15.8-1-ppa7~bionic                                     amd64        Brotli Module
ii  python-certbot-nginx            0.28.0-1+ubuntu18.04.1+certbot+3                         all          transitional dummy package
ii  python3-certbot-nginx           0.28.0-1+ubuntu18.04.1+certbot+3                         all          Nginx plugin for Certbot

MY PROBLEM

When I test my site, Brotli is not detected. Why does not it work ?

https://tools.keycdn.com/brotli-test

enter image description here

ML61
  • 57
  • 1
  • 6

1 Answers1

0

Your configuration is correct and those "test" sites are wrong.

When I loaded your site in Google Chrome, it was compressed with Brotli and returned the header Content-Encoding: br.

Screenshot of Chrome dev tools showing Content-Encoding: br

The same in Firefox:

Screenshot of Firefox dev tools showing Content-Encoding: br

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972
  • Thank you, but I updated my question with a screenshot. Why does not the test tool find Brotli ? – ML61 Mar 11 '19 at 19:22
  • "Negative! www.s1biose.com does not support Brotli compression. " – ML61 Mar 11 '19 at 19:56
  • 1
    Who knows? You'll have to take that up with the developer of the test tool. They provided me with no useful information. It could be because the URL you tested returns a 301 and they didn't follow it, – Michael Hampton Mar 11 '19 at 23:57
  • @ML61 In addition I just checked it in Firefox and it is also Brotli encoded there. Except for making some noise about a broken web tool, you're done. – Michael Hampton Mar 12 '19 at 00:26