How to Enable Brotli Compression in Nginx on CentOS 8
Brotli is a generic-purpose lossless compression algorithm developed by Google as an alternative to Gzip, Zopfli, and Deflate that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding, and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.
Brotli is open-sourced under the MIT License.
Nginx does not have official support but there is a third-party module developed by Google called ngx_brotli that you can utilize to add support to Nginx.
This tutorial will show you how to add Brotli support to the Nginx web server on CentOS 8 server.
NOTE: This guide will use "johndoe" as an example user and "example.com" as an example domain. Replace them according to your names.
Requirements
- CentOS 8 server
- Nginx version 1.11.5 or greater
- Domain name with
A/AAAArecords set up - TLS certificate
Initial Steps
Check your CentOS version:
cat /etc/centos-release
# CentOS Linux release 8.0.1905 (Core)
Set up the timezone:
timedatectl list-timezones
sudo timedatectl set-timezone 'Region/City'
Update your operating system packages (software). This is an important first step because it ensures you have the latest updates and security fixes for your operating system's default software packages:
sudo dnf update -y
Install some essential packages that are necessary for basic administration of the CentOS operating system:
sudo dnf install -y curl wget vim git unzip socat bash-completion epel-release socat && sudo dnf groupinstall "Development Tools"
Step 1 - Install Acme.sh and obtain a TLS certificate from Let's Encrypt
Brotli requires you to set up and use HTTPS. In this part, we will obtain a trusted certificate from Let's Encrypt.
Download and install Acme.sh:
sudo mkdir /etc/letsencrypt
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
sudo ./acme.sh --install --home /etc/letsencrypt --accountemail [email protected]
cd ~
source ~/.bashrc
Check the version:
acme.sh --version
# v2.8.6
Obtain RSA and ECDSA certificates for example.com:
# RSA 2048
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail [email protected] --ocsp-must-staple --keylength 2048
# ECDSA/ECC P-256
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail [email protected] --ocsp-must-staple --keylength ec-256
After running the commands above, your certificates and keys will be in the following locations:
- RSA:
/etc/letsencrypt/example.com - ECC/ECDSA:
/etc/letsencrypt/example.com_ecc
Step 2 – Install Nginx from the official Nginx repository
You will need to download and install the latest mainline Nginx from the official Nginx repo:
Install the prerequisites:
sudo yum install yum-utils
To set up the yum repository, create the file named /etc/yum.repos.d/nginx.repo with the following contents:
[nginx-stable] name=nginx stable repo baseurl=http://nginx.org/packages/centos/$releasever/$basearch/ gpgcheck=1 enabled=1 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true [nginx-mainline] name=nginx mainline repo baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/ gpgcheck=1 enabled=0 gpgkey=https://nginx.org/keys/nginx_signing.key module_hotfixes=true
By default, the repository for stable nginx packages is used. We need to use mainline nginx packages. Run the following command to use mainline source:
sudo yum-config-manager --enable nginx-mainline
To install nginx, run the following command:
sudo yum install -y nginx
Check the Nginx version:
sudo nginx -v
# nginx version: nginx/1.17.8
Enable and start Nginx service:
sudo systemctl enable nginx.service
sudo systemctl start nginx.service
Step 3 – Download and compile the Brotli source code
After installing Nginx, we need to build the Brotli module (ngx_brotli) as a dynamic Nginx module. From Nginx version 1.11.5 it is possible to compile individual dynamic modules without compiling the complete Nginx software. In the next few steps, we will build the Brotli module as dynamic without compiling the complete Nginx.
Download the latest version of the mainline Nginx source code and extract it:
wget https://nginx.org/download/nginx-1.17.8.tar.gz && tar zxvf nginx-1.17.8.tar.gz
NOTE: It is very important that version numbers of the Nginx package and Nginx source code match. If you installed Nginx 1.17.8 from the official Nginx repository, then you must download the same version of the source code, 1.17.8 in this case.
Remove nginx-1.17.8.tar.gz:
rm nginx-1.17.8.tar.gz
Clone ngx_brotli from GitHub:
git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli && git submodule update --init && cd ~
Navigate to the Nginx source code directory:
cd ~/nginx-1.17.8
Download the required libraries:
sudo dnf install -y pcre pcre-devel zlib zlib-devel openssl openssl-devel
Compile the ngx_brotli as a dynamic module and copy it to the standard directory for Nginx modules, /etc/nginx/modules:
./configure --with-compat --add-dynamic-module=../ngx_brotli
make modules
sudo cp objs/*.so /etc/nginx/modules
List files in /etc/nginx/modules and you will see ngx_http_brotli_filter_module.so and ngx_http_brotli_static_module.so:
ls /etc/nginx/modules
Set permissions to 644 for all .so files:
sudo chmod 644 /etc/nginx/modules/*.so
Step 4 – Configure Nginx
We are ready to configure Brotli support in Nginx.
Run sudo vim /etc/nginx/nginx.conf and add the following two directives at the top of the file to load new Brotli modules:
load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;
Test the configuration:
sudo nginx -t
Create a document root directory for example.com and create index.html with some content in it:
sudo mkdir -p /var/www/example.com
sudo -s
echo "Hello from example.com" >> /var/www/example.com/index.html
exit
Create a virtual host for example.com:
sudo vim /etc/nginx/conf.d/example.com.conf
Populate it with the following configuration:
server {
listen 80;
server_name example.com; # Replace with your domain name
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com; # Replace with your domain name
root /var/www/example.com; # Replace with your document root
# RSA
ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
# ECDSA
ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
ssl_certificate_key /etc/letsencrypt/example.com_ecc/example.com.key;
brotli on;
brotli_static on;
brotli_types text/plain text/css text/javascript application/javascript text/xml application/xml image/svg+xml application/json;
}
Test the configuration:
sudo nginx -t
Reload Nginx:
sudo systemctl reload nginx.service
Visit your site in your web browser and open the network tab of developer tools. You will see Content-Encoding: br in the response headers. That is the indicator that Brotli compression is working.
That's it. You have enabled Brotli compression on your CentOS 8 system.
