A Novel about my FreeBSD journey

Install NGINX on FreeBSD

Here is a brief description of how the Nginx web server is installed on FreeBSD.

NGINX is a powerful edge web server with the lowest memory requirements and the most important functions for building a modern and efficient web infrastructure.

Here is a brief description of how the NGINX web server is installed on FreeBSD.

$: pkg install nginx-full
$: service nginx enable
$: service nginx start

Next, the following directory is created where the virtual host's files are saved.

$: mkdir /usr/local/etc/nginx/vhosts/

For the vhost to be integrated, we have to add this line to our nginx.conf at the end of the http block:

$: nano /usr/local/etc/nginx/nginx.conf =>

"include /usr/local/etc/nginx/vhosts/*";

GZIP compression

GZIP compression allows us to shrink files, reducing the time it takes to transfer a resource from the server to a browser. In today's web environment, many browsers and servers support GZIP compression. The ability to reduce the file size by up to 70% is a great incentive to use this compression method. Enabling GZIP compression is considered a high-priority recommendation by the website speed test tools because, without this option, we will unnecessarily increase the loading time of our website.

To enable GZIP compression, we will edit the file /usr/local/etc/nginx/nginx.conf and add the following to the server block:

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;

Then we restart NGINX: service nginx restart

We can test with curl whether the compression method works:

$: curl -H 'Accept-Encoding: gzip' -I https://<webseite> => 

HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Sun, 18 Aug 2019 19:38:45 GMT
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 18 Aug 2019 18:27:06 GMT
Connection: keep-alive
ETag: W/"5d59987a-39e7"
Content-Encoding: gzip

Brotli compression

Brotli compression is a new open-source compression algorithm developed by Google to further reduce file size. In 2013, Google released another compression algorithm called Zopli to perform “perfect but slow deflate or Zlib compression”. Based on a compression algorithm study carried out at Google, Brotli could achieve significantly faster performance with a compression rate that was 20 to 26% higher than Zopli.

To activate the Brotli compression, we will edit the file /usr/local/etc/nginx/nginx.conf and add the following in the server block:

brotli on;
brotli_comp_level 6;
brotli_static on;
brotli_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/vnd.microsoft.icon image/bmp image/svg+xml;

And at the beginning of the configuration file:

load_module  /usr/local/libexec/nginx/ngx_http_brotli_filter_module.so;
load_module  /usr/local/libexec/nginx/ngx_http_brotli_static_module.so;

Then we restart NGINX: service nginx restart

We can test with curl whether the compression method works:

$: curl -H 'Accept-Encoding: br' -I https://<webseite> => 

HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Sun, 18 Aug 2019 19:38:45 GMT
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 18 Aug 2019 18:27:06 GMT
Connection: keep-alive
ETag: W/"5d59987a-39e7"
Content-Encoding: br

Certbot

To create SSL certificates from Let's encrypt and automatically provide them for NGINX, we will use the two packages py-certbot and py-certbot-nginx with the following command:

$: pkg install py39-certbot py39-certbot-nginx

Then, with the command, certbot SSL certificates can automatically be created for all domains that are created in, etc/hosts. With the instruction certbot renew, the expired certificates can be automatically updated.

Every night, cronjob checks whether the certificates are up-to-date or whether they need to be renewed. The following entered the /etc/crontab:

30      23      *       *       *       root    certbot renew

Discuss...