halo sobat sekolahlinux, lama tak menuliskan artikel kali ini saya coba membahas bagaimana mengimplementasikan installasi nginx – libressl – http2 – brotli pada centos 7, yang mana sudah saya terapkan untuk webserver yang digunakan sekolahlinux.com, perlu di perhatikan untuk menjalankan brotli diharuskan menggunakan HTTPS. oke langsung saja dimulai ya 😀
pertama download dulu dependency yang diperlukan untuk melakukan compile
yum install git cmake gc gcc gcc-c++ pcre-devel zlib-devel make wget openssl-devel libxml2-devel libxslt-devel gd-devel perl-ExtUtils-Embed GeoIP-devel gperftools gperftools-devel libatomic_ops-devel perl-ExtUtils-Embed
lalu selanjutnya jalankan perintah dibawah, untuk mendowload nginx, libressl dan juga brotli
cd /usr/local/src #download nginx http://nginx.org/en/download.html stable version wget http://nginx.org/download/nginx-1.10.3.tar.gz #download libressl https://www.libressl.org/ stable version wget https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-2.4.5.tar.gz #download brotli dengan git https://github.com/google/ngx_brotli git clone https://github.com/google/ngx_brotli.git cd ngx_brotli git submodule update --init --recursive
jika sudah sekarang kita akan compile terlebih dahulu libressl
cd /usr/local/src tar xvf libressl-2.4.5.tar.gz tar xvf libressl-2.4.5.tar.gz cd libressl-2.4.5 ./configure && make check && make install ./configure --help #jika sudah coba cek openssl version openssl version LibreSSL 2.4.5
buat dulu user nginx dan folder /var/lib/nginx/tmp
useradd nginx usermod -s /sbin/nologin nginx #buat folder dibawah untuk menyesuaikan dengan konfigurasi sebelum di compile mkdir -p /var/lib/nginx/tmp/
jika sudah sekarang kita akan compile nginx + brotli + libressl
cd /usr/local/src tar xvf nginx-1.10.3.tar.gz ./configure --prefix=/usr/share/nginx --with-openssl=/usr/local/src/libressl-2.4.5 --add-module=/usr/local/src/ngx_brotli --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-fPIC -pie -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --with-ld-opt='-Wl,-z,now -lrt' make && make install
selanjutnya jika sudah selesai coba jalankan perintah dibawah ini untuk cek nginx
nginx -V nginx version: nginx/1.10.3 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) built with LibreSSL 2.4.5 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --with-openssl=/usr/local/src/libressl-2.4.5 --add-module=/usr/local/src/ngx_brotli --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-fPIC -pie -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic' --with-ld-opt='-Wl,-z,now -lrt'
selanjutnya kita akan membuat script untuk systemd untuk nginx pada centos 7
vim /lib/systemd/system/nginx.service
isikan dengan script dibawah
[Unit] Description=The NGINX HTTP and reverse proxy server After=syslog.target network.target remote-fs.target nss-lookup.target [Service] Type=forking PIDFile=/run/nginx.pid ExecStartPre=/usr/sbin/nginx -t ExecStart=/usr/sbin/nginx ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s QUIT $MAINPID PrivateTmp=true [Install] WantedBy=multi-user.target
selanjutnya kita jalankan service nginx nya
service nginx start chkconfig nginx on
selanjutnya untuk mengaktifkan brotli bisa tambahkan paramater dibawah di file nginx.conf didalam/dibawah paramater “http {”
#untuk detail & penjelasan parameter dibawah bisa cek di sini https://github.com/google/ngx_brotli brotli on; brotli_static on; brotli_buffers 32 8k; brotli_comp_level 7; brotli_types *; #aktifkan juga gzip, karena secara default jika browser client tidak support brotli maka akan otomatis switch ke gzip metode compress nya gzip on; gzip_disable "msie6"; gzip_vary on; gzip_proxied any; gzip_comp_level 9; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_min_length 256; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/vnd.ms-fontobject application/x-font-ttf font/opentype image/svg+xml image/x-icon;
jika sudah restart service nginxnya
service nginx start chkconfig nginx on
selanjutnya untuk melihat konfigurasi dan http2 pada vhost di nginx bisa dilihat pada tutorial dibawah ini
dibawahnya ini adalah hasilnya jika brotli diaktifkan, saya menggunakan browser google chrome, hasil besaran transfer 966 KB
dibawah ini jika brotli dimatikan namun gzip aktif, terlihat hasil transfer 2.7MB, lebih besar dibanding gambar diatas yang hanya 966KB.
sekian tutorial kali ini, semoga bermanfaat ya 😀
sumber:
- https://ethitter.com/2016/12/adding-brotli-support-to-nginx/
- https://github.com/google/ngx_brotli
- https://www.nginx.com/resources/wiki/start/topics/examples/initscripts/