Enable brotli on linux web app (Apache2 mod_brotli)

Question

Enable brotli on linux web app (Apache2 mod_brotli)

moo2u2 41

I'm running a PHP website on a linux web app.
/usr/sbin/apache2 -v output says I'm running Apache 2.4.38
apache2ctl -M lists brotli_module as present, and ls /etc/apache2/mods-enabled/ contains brotli, so it appears to be enabled.
However phpinfo curl section lists Brotli = No, and brotli tester sites list it as not enabled.

Is there an extra step to enable brotli for my pages / JS / CSS? Please tell me I'm just missing something obvious here :)

Thanks!

Update:

I have tried running

a2enmod brotli
service apache2 restart

and adding the following to my .htaccess file

AddOutputFilterByType BROTLI_COMPRESS text/css text/csv text/html text/plain text/richtext text/sgml text/tab-separated-values application/javascript application/x-javascript httpd/unix-directory

but now I'm getting a 500 response and the following in my logs:

Unknown filter provider BROTLI_COMPRESS

(I've tried the same with just BROTLI with the same error)

SnehaAgrawal-MSFT 12,631 Reputation points Microsoft Employee

2021-03-08T14:02:15.203+00:00

Thanks for asking question! Could you please confirm if you are running PHP website on a Azure linux web app to help you better on this.
moo2u2 41 Reputation points

2021-03-08T23:39:03.25+00:00

Sorry I shouldn't have assumed that was implied. Yes it's an Azure linux web app. Stack: PHP, Major version: PHP 7, Minor version: PHP 7.4.
moo2u2 41 Reputation points

2021-03-09T22:13:07.46+00:00

More info from Kudu: OS version: Unix 4.15.0.112, 64 bit system: True, 64 bit process: True, Processor count: 1
More from webssh: Apparently running Debian "buster"

SnehaAgrawal-MSFT 12,631 Reputation points Microsoft Employee

2021-03-08T14:02:15.203+00:00

Thanks for asking question! Could you please confirm if you are running PHP website on a Azure linux web app to help you better on this.
moo2u2 41 Reputation points

2021-03-08T23:39:03.25+00:00

Sorry I shouldn't have assumed that was implied. Yes it's an Azure linux web app. Stack: PHP, Major version: PHP 7, Minor version: PHP 7.4.
moo2u2 41 Reputation points

2021-03-09T22:13:07.46+00:00

More info from Kudu: OS version: Unix 4.15.0.112, 64 bit system: True, 64 bit process: True, Processor count: 1
More from webssh: Apparently running Debian "buster"

Answer 1

SnehaAgrawal-MSFT 12,631 Microsoft Employee

Thanks for reply! The modsecurity package is an example. You can do the same for steps for brotli, you need to create a custom startup.sh file and add the steps for brotli install in that script. You can then update the startup command in portal to point to startup.sh

You may follow the steps here: How To Enable Brotli Compression In Apache 2.4 (bash-prompt.net)

Check the sample startup script to enable brotli apache module

After following the test instructions from the first link the line content-encoding: br from the output indicates that the server supports serving pages with brotli.

Hope this helps.

moo2u2 41 Reputation points

2021-03-14T00:36:34.453+00:00
Thanks very much for clarifying. I have followed those steps, however with the same results from the "update" section in my original post:
The content-encoding header does not change, and when I remove the <IfModule mod_brotli.c> section I get the following error:

Unknown filter provider BROTLI_COMPRESS

So it seems to me that both the module is not called mod_brotli.c, and the filter is neither BROTLI_COMPRESS or BROTLI.
moo2u2 41 Reputation points

2021-03-14T00:38:29.807+00:00
Now that I think about it, I'm not sure the module has been successfully enabled...
If I use

/usr/sbin/apache2ctl -D FOREGROUND

per the link you provided) then I get:

httpd (pid xxxx) is already running

Whereas if I do

service apache2 restart

(which is what ssh says to do) then the container restarts, and resets the module again :(
moo2u2 41 Reputation points

2021-03-14T08:07:17.34+00:00

Sorry I realise I'm an idiot and was doing it in the web shell rather than creating a startup script. After creating the startup script the module appears to be enabled.
Still not getting a content-encoding: br response (still investigating why), but you have answered how to enable the brotli module for me, thank you!

Answer 2

SnehaAgrawal-MSFT 12,631 Microsoft Employee

Thanks for reply! You may try this, As process should be similar to installing any other apache module in php app running with blessed image.

Here is an example for adding/removing headers using a custom startup script:

!/bin/bash

a2enmod headers
echo "Header set MyHeader \"%D %t"\" >> /etc/apache2/apache2.conf
echo "Header always unset \"X-Powered-By\"" >> /etc/apache2/apache2.conf
echo "Header unset \"X-Powered-By\"" >> /etc/apache2/apache2.conf

apt-get update
apt-get install libapache2-modsecurity -y
sed -i '/^</IfModule>/i SecRuleEngine On' /etc/apache2/mods-enabled/security2.conf
sed -i '/^</IfModule>/i SecStatusEngine On' /etc/apache2/mods-enabled/security2.conf
sed -i '/^</IfModule>/i ServerTokens Full' /etc/apache2/mods-enabled/security2.conf
sed -i '/^</IfModule>/i SecServerSignature " "' /etc/apache2/mods-enabled/security2.conf

/usr/sbin/apache2ctl -D FOREGROUND

Hope this helps. Let us know.

moo2u2 41 Reputation points

2021-03-09T22:11:44.367+00:00
Thanks very much for your reply.
I have stepped through that using https://mysite.scm.azurewebsites.net/webssh/host, however get the following error when installing modsecurity:

E: Unable to locate package libapache2-modsecurity

I'm also concerned that these changes reside outside of the /home directory, and (since I believe web apps use a container) won't be persisted if the web app is restarted/scaled. Per webssh:

Note: Any data outside '/home' is not persisted
moo2u2 41 Reputation points

2021-03-09T23:19:40.763+00:00
Found the command is

apt-get install libapache2-mod-security2

I completed the commands and it does not seem to have any affect on the compression response header.

Unfortunately restarting the web app removes all my modifications :(

Enable brotli on linux web app (Apache2 mod_brotli)

1 additional answer

!/bin/bash

Activity