implementasi nginx – libressl – http2 – brotli pada centos 7

0
847

halo sobat sekolahlinux, lama tak menuliskan artikel kali ini saya coba membahas bagaimana mengimplementasikan installasi nginx – libressl – http2 – brotli pada centos 7, yang mana sudah saya terapkan untuk webserver yang digunakan sekolahlinux.com, perlu di perhatikan untuk menjalankan brotli diharuskan menggunakan HTTPS. oke langsung saja dimulai ya 😀

pertama download dulu dependency yang diperlukan untuk melakukan compile

yum install git cmake gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed

lalu selanjutnya jalankan perintah dibawah, untuk mendowload nginx, libressl dan juga brotli

cd /usr/local/src

#download nginx http://nginx.org/en/download.html stable version
wget http://nginx.org/download/nginx-1.10.3.tar.gz

#download libressl https://www.libressl.org/ stable version
wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.5.tar.gz

#download brotli dengan git https://github.com/google/ngx_brotli
git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli
git submodule update --init --recursive

jika sudah sekarang kita akan compile terlebih dahulu libressl

cd /usr/local/src
tar xvf libressl-2.4.5.tar.gz
tar xvf libressl-2.4.5.tar.gz
cd libressl-2.4.5
./configure && make check && make install
./configure --help

#jika sudah coba cek openssl version
openssl version
LibreSSL 2.4.5

buat dulu user nginx dan folder /var/lib/nginx/tmp

useradd nginx
usermod -s /sbin/nologin nginx
#buat folder dibawah untuk menyesuaikan dengan konfigurasi sebelum di compile
mkdir -p /var/lib/nginx/tmp/

jika sudah sekarang kita akan compile nginx + brotli + libressl

cd /usr/local/src
tar xvf nginx-1.10.3.tar.gz
./configure --prefix=/usr/share/nginx --with-openssl=/usr/local/src/libressl-2.4.5 --add-module=/usr/local/src/ngx_brotli --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-fPIC -pie -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --with-ld-opt='-Wl,-z,now -lrt'
make && make install

selanjutnya jika sudah selesai coba jalankan perintah dibawah ini untuk cek nginx

nginx -V
nginx version: nginx/1.10.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with LibreSSL 2.4.5
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --with-openssl=/usr/local/src/libressl-2.4.5 --add-module=/usr/local/src/ngx_brotli --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-fPIC -pie -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --with-ld-opt='-Wl,-z,now -lrt'

selanjutnya kita akan membuat script untuk systemd untuk nginx pada centos 7

vim /lib/systemd/system/nginx.service

isikan dengan script dibawah

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

selanjutnya kita jalankan service nginx nya

service nginx start
chkconfig nginx on

selanjutnya untuk mengaktifkan brotli bisa tambahkan paramater dibawah di file nginx.conf didalam/dibawah paramater “http {

#untuk detail & penjelasan parameter dibawah bisa cek di sini https://github.com/google/ngx_brotli
brotli on;
brotli_static on;
brotli_buffers 32 8k;
brotli_comp_level 7;
brotli_types *;

#aktifkan juga gzip, karena secara default jika browser client tidak support brotli maka akan otomatis switch ke gzip metode compress nya
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 9;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_min_length 256;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;

jika sudah restart service nginxnya

service nginx start
chkconfig nginx on

selanjutnya untuk melihat konfigurasi dan http2 pada vhost di nginx bisa dilihat pada tutorial dibawah ini

dibawahnya ini adalah hasilnya jika brotli diaktifkan, saya menggunakan browser google chrome, hasil besaran transfer 966 KB

dibawah ini jika brotli dimatikan namun gzip aktif, terlihat hasil transfer 2.7MB, lebih besar dibanding gambar diatas yang hanya 966KB.

sekian tutorial kali ini, semoga bermanfaat ya 😀

sumber:

  • https://ethitter.com/2016/12/adding-brotli-support-to-nginx/
  • https://github.com/google/ngx_brotli
  • https://www.nginx.com/resources/wiki/start/topics/examples/initscripts/