From c6604beca473c3c0c0dd9a657fce27f35e51bbd6 Mon Sep 17 00:00:00 2001
From: Daniel Hansson <mailto@danielhansson.nu>
Date: Wed, 2 Oct 2024 11:31:02 +0200
Subject: [PATCH] Change Nginx PPA (#88)

---
 lets-encrypt/activate-tls.sh | 12 ++++++++++--
 static/nginx.conf            |  4 ++++
 wordpress_install.sh         | 14 +++++++++++---
 3 files changed, 25 insertions(+), 5 deletions(-)

diff --git a/lets-encrypt/activate-tls.sh b/lets-encrypt/activate-tls.sh
index 0d7fdbb..3a15882 100644
--- a/lets-encrypt/activate-tls.sh
+++ b/lets-encrypt/activate-tls.sh
@@ -104,6 +104,12 @@ fi
 # To get the correct version for the Nginx conf file
 check_php
 
+# Check Brotli support
+if is_this_installed libnginx-mod-brotli
+then
+    BROTLI_ON="brotli on;"
+fi
+
 # Generate wordpress_tls_domain.conf
 if [ ! -f "$tls_conf" ]
 then
@@ -118,8 +124,10 @@ server {
     return 301 https://$TLSDOMAIN\$request_uri;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    $BROTLI_ON
 
     ## Your website name goes here.
     server_name $TLSDOMAIN;
diff --git a/static/nginx.conf b/static/nginx.conf
index f15c922..5a47deb 100644
--- a/static/nginx.conf
+++ b/static/nginx.conf
@@ -1,3 +1,7 @@
+# https://docs.nginx.com/nginx/admin-guide/dynamic-modules/brotli/
+load_module modules/ngx_http_brotli_filter_module.so; # for compressing responses on-the-fly
+load_module modules/ngx_http_brotli_static_module.so; # for serving pre-compressed files
+
 user www-data;
 worker_processes 2;
 pid /run/nginx.pid;
diff --git a/wordpress_install.sh b/wordpress_install.sh
index 28acac7..2285a8e 100644
--- a/wordpress_install.sh
+++ b/wordpress_install.sh
@@ -161,6 +161,9 @@ install_if_not build-essential
 # Needed for cron(tab)
 install_if_not cron
 
+# For TAB completion
+install_if_not bash-completion
+
 # Set DNS resolver
 # https://unix.stackexchange.com/questions/442598/how-to-configure-systemd-resolved-and-systemd-networkd-to-use-local-dns-server-f    
 while :
@@ -246,13 +249,16 @@ run_script STATIC new_etc_mycnf
 install_if_not open-vm-tools
 
 # Install Nginx
-check_command yes | add-apt-repository ppa:nginx/stable
+check_command yes | add-apt-repository ppa:ondrej/nginx
 apt update -q4 && spinner_loading
 install_if_not nginx
 sudo systemctl stop nginx.service
 sudo systemctl start nginx.service
 sudo systemctl enable nginx.service
 
+# Enable Brotli
+install_if_not libnginx-mod-brotli
+
 # Download TLSv 1.3 modified nginx.conf
 rm -f /etc/nginx/nginx.conf
 curl_to_dir "$STATIC" nginx.conf /etc/nginx/
@@ -542,8 +548,10 @@ then
     touch "$SITES_AVAILABLE/$TLS_CONF"
     cat << TLS_CREATE > "$SITES_AVAILABLE/$TLS_CONF"
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
+    http2 on;
+    brotli on;
 
     ## Your website name goes here.
     # server_name example.com;