How to Enable Brotli Compression in Nginx on CentOS 8

Grab your VPS today

pricing starting from $8/month

Brotli is a generic-purpose lossless compression algorithm developed by Google as an alternative to Gzip, Zopfli, and Deflate that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding, and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.

Brotli is open-sourced under the MIT License.

Nginx does not have official support but there is a third-party module developed by Google called ngx_brotli that you can utilize to add support to Nginx.

This tutorial will show you how to add Brotli support to the Nginx web server on CentOS 8 server.

NOTE: This guide will use “johndoe" as an example user and “example.com” as an example domain. Replace them according to your names.

Requirements

  • CentOS 8 server
  • Nginx version 1.11.5 or greater
  • Domain name with A/AAAA records set up
  • TLS certificate

Initial Steps

Check your CentOS version:

cat /etc/centos-release# CentOS Linux release 8.0.1905 (Core)

Set up the timezone:

timedatectl list-timezonessudo timedatectl set-timezone 'Region/City'

Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system’s default software packages:

sudo dnf update -y

Install some essential packages that are necessary for basic administration of the CentOS operating system:

sudo dnf install -y curl wget vim git unzip socat bash-completion epel-release socat && sudo dnf groupinstall "Development Tools"

Step 1 – Install Acme.sh and obtain a TLS certificate from Let’s Encrypt

Brotli requires you to set up and use HTTPS. In this part, we will obtain a trusted certificate from Let’s Encrypt.

Download and install Acme.sh:

sudo mkdir /etc/letsencryptgit clone https://github.com/Neilpang/acme.sh.gitcd acme.shsudo ./acme.sh --install --home /etc/letsencrypt --accountemail your_email@example.comcd ~source ~/.bashrc

Check the version:

acme.sh --version# v2.8.6

Obtain RSA and ECDSA certificates for example.com:

# RSA 2048sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail your_email@example.com --ocsp-must-staple --keylength 2048# ECDSA/ECC P-256sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail your_email@example.com --ocsp-must-staple --keylength ec-256

After running the commands above, your certificates and keys will be in the following locations:

  • RSA: /etc/letsencrypt/example.com
  • ECC/ECDSA: /etc/letsencrypt/example.com_ecc

Step 2 – Install Nginx from the official Nginx repository

You will need to download and install the latest mainline Nginx from the official Nginx repo:

Install the prerequisites:

sudo yum install yum-utils

To set up the yum repository, create the file named /etc/yum.repos.d/nginx.repo with the following contents:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]

name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true

By default, the repository for stable nginx packages is used. We need to use mainline nginx packages. Run the following command to use mainline source:

sudo yum-config-manager --enable nginx-mainline

To install nginx, run the following command:

sudo yum install -y nginx

Check the Nginx version:

sudo nginx -v# nginx version: nginx/1.17.8

Enable and start Nginx service:

sudo systemctl enable nginx.servicesudo systemctl start nginx.service

Step 3 – Download and compile the Brotli source code

After installing Nginx, we need to build the Brotli module (ngx_brotli) as a dynamic Nginx module. From Nginx version 1.11.5 it is possible to compile individual dynamic modules without compiling the complete Nginx software. In the next few steps, we will build the Brotli module as dynamic without compiling the complete Nginx.

Download the latest version of the mainline Nginx source code and extract it:

wget https://nginx.org/download/nginx-1.17.8.tar.gz && tar zxvf nginx-1.17.8.tar.gz

NOTE: It is very important that version numbers of the Nginx package and Nginx source code match. If you installed Nginx 1.17.8 from the official Nginx repository, then you must download the same version of the source code, 1.17.8 in this case.

Remove nginx-1.17.8.tar.gz:

rm nginx-1.17.8.tar.gz

Clone ngx_brotli from GitHub:

git clone https://github.com/google/ngx_brotli.gitcd ngx_brotli && git submodule update --init && cd ~

Navigate to the Nginx source code directory:

cd ~/nginx-1.17.8

Download the required libraries:

sudo dnf install -y pcre pcre-devel zlib zlib-devel openssl openssl-devel

Compile the ngx_brotli as a dynamic module and copy it to the standard directory for Nginx modules, /etc/nginx/modules:

./configure --with-compat --add-dynamic-module=../ngx_brotlimake modulessudo cp objs/*.so /etc/nginx/modules

List files in /etc/nginx/modules and you will see ngx_http_brotli_filter_module.so and ngx_http_brotli_static_module.so:

ls /etc/nginx/modules

Set permissions to 644 for all .so files:

sudo chmod 644 /etc/nginx/modules/*.so

Step 4 – Configure Nginx

We are ready to configure Brotli support in Nginx.

Run sudo vim /etc/nginx/nginx.conf and add the following two directives at the top of the file to load new Brotli modules:

load_module modules/ngx_http_brotli_filter_module.so;load_module modules/ngx_http_brotli_static_module.so;

Test the configuration:

sudo nginx -t

Create a document root directory for example.com and create index.html with some content in it:

sudo mkdir -p /var/www/example.comsudo -secho "Hello from example.com" >> /var/www/example.com/index.htmlexit

Create a virtual host for example.com:

sudo vim /etc/nginx/conf.d/example.com.conf

Populate it with the following configuration:

server {
  listen 80;
  server_name example.com; # Replace with your domain name
  return 301 https://$server_name$request_uri;
}

server {    
  listen 443 ssl http2;
  server_name example.com; # Replace with your domain name

  root /var/www/example.com; # Replace with your document root

  # RSA
  ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
  # ECDSA
  ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com_ecc/example.com.key;

  brotli on;
  brotli_static on;
  brotli_types text/plain text/css text/javascript application/javascript text/xml application/xml image/svg+xml application/json;
}

Test the configuration:

sudo nginx -t

Reload Nginx:

sudo systemctl reload nginx.service

Visit your site in your web browser and open the network tab of developer tools. You will see Content-Encoding: br in the response headers. That is the indicator that Brotli compression is working.

Brotli support in Nginx
Content encoding

That’s it. You have enabled Brotli compression on your CentOS 8 system.

Facebook
Twitter
LinkedIn
Google+
WhatsApp
Telegram
Skype

Table of Contents

Article database

Grab your VPS today

pricing starting from $8/month