Install NGINX on FreeBSD

Last update: 09.04.2021

NGINX is a powerful edge web server with the lowest memory requirements and the most important functions for building a modern and efficient web infrastructure.

Here is a brief description of how the NGINX web server is installed on FreeBSD.

root#: pkg install nginx-full
root#: service nginx enable
root#: service nginx start

Next, the following directory is created where the virtual hosts files are saved.

root#: mkdir /usr/local/etc/nginx/vhosts/

For the vhost to be integrated, we have to add this line to our nginx.conf at the end of the http block:

root#: nano /usr/local/etc/nginx/nginx.conf => 

include /usr/local/etc/nginx/vhosts/*;

Gzip compression

Gzip compression allows us to shrink files, reducing the time it takes to transfer a resource from the server to a browser. In today's web environment, many browsers and servers support Gzip compression. The ability to reduce file size by up to 70% is a great incentive to use this compression method. Enabling Gzip compression is considered a high priority recommendation by the website speed test tools because without this option, we will unnecessarily increase the loading time of our website.

To enable Gzip compression, we will edit the file /usr/local/etc/nginx/nginx.conf and add the following to the server block:

gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;

Then we restart NGINX: service nginx restart

We can test with curl whether the compression method works:

curl -H 'Accept-Encoding: gzip' -I https://<webseite>

HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Sun, 18 Aug 2019 19:38:45 GMT
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 18 Aug 2019 18:27:06 GMT
Connection: keep-alive
ETag: W/"5d59987a-39e7"
Content-Encoding: gzip

Brotli compression

Brotli compression is a new open source compression algorithm developed by Google to further reduce file size. In 2013, Google released another compression algorithm called Zopli to perform “very good but slow deflate or Zlib compression”. Based on a compression algorithm study carried out at Google, Brotli could achieve significantly faster performance with a compression rate that was 20 to 26% higher than Zopli.

To activate the Brotli compression, we will edit the file /usr/local/etc/nginx/nginx.conf and add the following in the server block:

brotli on;
brotli_comp_level 6;
brotli_static on;
brotli_types text/plain text/css application/javascript application/x-javascript text/xml application/xml application/xml+rss text/javascript image/x-icon image/vnd.microsoft.icon image/bmp image/svg+xml;

And at the beginning of the configuration file:

load_module  /usr/local/libexec/nginx/ngx_http_brotli_filter_module.so;
load_module  /usr/local/libexec/nginx/ngx_http_brotli_static_module.so;

Then we restart NGINX: service nginx restart

We can test with curl whether the compression method works:

curl -H 'Accept-Encoding: br' -I https://<webseite>

HTTP/1.1 200 OK
Server: nginx/1.16.0
Date: Sun, 18 Aug 2019 19:38:45 GMT
Content-Type: text/html; charset=utf-8
Last-Modified: Sun, 18 Aug 2019 18:27:06 GMT
Connection: keep-alive
ETag: W/"5d59987a-39e7"
Content-Encoding: br

Certbot

To create SSL certificates from Let's encrypt and automatically provide them for NGINX, we will use the two packages py-certbot and py-certbot-nginx with the following command:

root#: pkg install py37-certbot py37-certbot-nginx

Then, with the command certbot SSL certificates can automatically be created for all domains that are created in etc / hosts. With the instruction certbot renew, the expired certificates can be automatically updated.

Every night, cronjob checks whether the certificates are up-to-date or whether they need to be renewed. The following is entered the /etc/crontab:

30      23      *       *       *       root    certbot renew
Your E-Mail address will be encrypted before saving the comment. It will only be used to display a gravatar. By submitting your data, you agree that all entered data may be saved and displayed as a comment.