question

moo2u2 avatar image
0 Votes"
moo2u2 asked ·

Enable brotli on linux web app (Apache2 mod_brotli)

I'm running a PHP website on a linux web app.
/usr/sbin/apache2 -v output says I'm running Apache 2.4.38
apache2ctl -M lists brotli_module as present, and ls /etc/apache2/mods-enabled/ contains brotli, so it appears to be enabled.
However phpinfo curl section lists Brotli = No, and brotli tester sites list it as not enabled.

Is there an extra step to enable brotli for my pages / JS / CSS? Please tell me I'm just missing something obvious here :)

Thanks!

Update:

I have tried running

 a2enmod brotli
 service apache2 restart

and adding the following to my .htaccess file

 AddOutputFilterByType BROTLI_COMPRESS text/css text/csv text/html text/plain text/richtext text/sgml text/tab-separated-values application/javascript application/x-javascript httpd/unix-directory

but now I'm getting a 500 response and the following in my logs:

Unknown filter provider BROTLI_COMPRESS

(I've tried the same with just BROTLI with the same error)

azure-webapps
· 3
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for asking question! Could you please confirm if you are running PHP website on a Azure linux web app to help you better on this.

0 Votes 0 ·
moo2u2 avatar image moo2u2 SnehaAgrawal-MSFT ·

Sorry I shouldn't have assumed that was implied. Yes it's an Azure linux web app. Stack: PHP, Major version: PHP 7, Minor version: PHP 7.4.

0 Votes 0 ·
moo2u2 avatar image moo2u2 SnehaAgrawal-MSFT ·

More info from Kudu: OS version: Unix 4.15.0.112, 64 bit system: True, 64 bit process: True, Processor count: 1
More from webssh: Apparently running Debian "buster"

0 Votes 0 ·
SnehaAgrawal-MSFT avatar image
1 Vote"
SnehaAgrawal-MSFT answered ·

Thanks for reply! The modsecurity package is an example. You can do the same for steps for brotli, you need to create a custom startup.sh file and add the steps for brotli install in that script. You can then update the startup command in portal to point to startup.sh

You may follow the steps here: How To Enable Brotli Compression In Apache 2.4 (bash-prompt.net)

Check the sample startup script to enable brotli apache module

After following the test instructions from the first link the line content-encoding: br from the output indicates that the server supports serving pages with brotli.

Hope this helps.






· 3 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks very much for clarifying. I have followed those steps, however with the same results from the "update" section in my original post:
The content-encoding header does not change, and when I remove the <IfModule mod_brotli.c> section I get the following error:

 Unknown filter provider BROTLI_COMPRESS

So it seems to me that both the module is not called mod_brotli.c, and the filter is neither BROTLI_COMPRESS or BROTLI.

0 Votes 0 ·

Now that I think about it, I'm not sure the module has been successfully enabled...
If I use

 /usr/sbin/apache2ctl -D FOREGROUND

per the link you provided) then I get:

httpd (pid xxxx) is already running

Whereas if I do

 service apache2 restart

(which is what ssh says to do) then the container restarts, and resets the module again :(

0 Votes 0 ·

Sorry I realise I'm an idiot and was doing it in the web shell rather than creating a startup script. After creating the startup script the module appears to be enabled.
Still not getting a content-encoding: br response (still investigating why), but you have answered how to enable the brotli module for me, thank you!

0 Votes 0 ·
SnehaAgrawal-MSFT avatar image
1 Vote"
SnehaAgrawal-MSFT answered ·

Thanks for reply! You may try this, As process should be similar to installing any other apache module in php app running with blessed image.

Here is an example for adding/removing headers using a custom startup script:

!/bin/bash


a2enmod headers
echo "Header set MyHeader \"%D %t"\" >> /etc/apache2/apache2.conf
echo "Header always unset \"X-Powered-By\"" >> /etc/apache2/apache2.conf
echo "Header unset \"X-Powered-By\"" >> /etc/apache2/apache2.conf

apt-get update
apt-get install libapache2-modsecurity -y
sed -i '/^<\/IfModule>/i SecRuleEngine On' /etc/apache2/mods-enabled/security2.conf
sed -i '/^<\/IfModule>/i SecStatusEngine On' /etc/apache2/mods-enabled/security2.conf
sed -i '/^<\/IfModule>/i ServerTokens Full' /etc/apache2/mods-enabled/security2.conf
sed -i '/^<\/IfModule>/i SecServerSignature " "' /etc/apache2/mods-enabled/security2.conf

/usr/sbin/apache2ctl -D FOREGROUND


Hope this helps. Let us know.

· 2 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks very much for your reply.
I have stepped through that using https://mysite.scm.azurewebsites.net/webssh/host, however get the following error when installing modsecurity:

 E: Unable to locate package libapache2-modsecurity

I'm also concerned that these changes reside outside of the /home directory, and (since I believe web apps use a container) won't be persisted if the web app is restarted/scaled. Per webssh:

 Note: Any data outside '/home' is not persisted
0 Votes 0 ·

Found the command is

 apt-get install libapache2-mod-security2

I completed the commands and it does not seem to have any affect on the compression response header.

Unfortunately restarting the web app removes all my modifications :(

0 Votes 0 ·