How to enable Brotli compression in Nginx on CentOS 8

How to enable Brotli compression in Nginx on CentOS 8

Brotli is a general-purpose lossless compression algorithm developed by Google, an alternative to Gzip, Zopfli, and Deflate. It combines modern variants of the LZ77 algorithm, Huffman coding and second-order context modeling, and compression rates to compress data with currently available The best general-purpose compression method is comparable. Its speed is similar to deflation, but compression is tighter.

Brotli is open source under the MIT license.

Nginx has no official support, but Google has developed a third-party module called ngx_brotli that you can use to add support to Nginx.

This tutorial will show you how to add Brotli support to Nginx web server on CentOS 8 server.

note: This guide will use “johndoe" As an example user,example.com“As example domains. Replace them with your name.

Claim

  • CentOS 8 server
  • Nginx version 1.11.5 or higher
  • For domain names A/AAAA Record creation
  • TLS certificate

Initial steps

Check your CentOS version:

cat /etc/centos-release# CentOS Linux release 8.0.1905 (Core)

Set the time zone:

timedatectl list-timezonessudo timedatectl set-timezone 'Region/City'

Update your operating system package (software). This is an important first step because it ensures that you have the latest updates and security fixes for the operating system default packages:

sudo dnf update -y

Install some basic packages that are necessary for basic management of CentOS operating system:

sudo dnf install -y curl wget vim git unzip socat bash-completion epel-release socat && sudo dnf groupinstall "Development Tools"

Step 1-install Acme.sh and get a TLS certificate from Let’s Encrypt

Brotli requires you to set up and use HTTPS. In this section, we will obtain a trusted certificate from Let’s Encrypt.

Download and install Acme.sh:

sudo mkdir /etc/letsencryptgit clone https://github.com/Neilpang/acme.sh.gitcd acme.shsudo ./acme.sh --install --home /etc/letsencrypt --accountemail [email protected]cd ~source ~/.bashrc

Check version:

acme.sh --version# v2.8.6

Obtained RSA and ECDSA certificates example.com:

# RSA 2048sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail [email protected] --ocsp-must-staple --keylength 2048# ECDSA/ECC P-256sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail [email protected] --ocsp-must-staple --keylength ec-256

After running the above command, your certificate and key will be in the following locations:

  • RSA: /etc/letsencrypt/example.com
  • ECC / ECDSA: /etc/letsencrypt/example.com_ecc

Step 2-Install Nginx from the official Nginx repository

You need to download and install the latest mainline Nginx from: Nginx official repository:

Installation prerequisites:

sudo yum install yum-utils

To set up a yum repository, create a file named /etc/yum.repos.d/nginx.repo Has the following:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

By default, a repository of stable nginx packages is used. We need to use the mainline nginx package. Run the following command to use the mainline source:

sudo yum-config-manager --enable nginx-mainline

To install nginx, run the following command:

sudo yum install -y nginx

Check Nginx version:

sudo nginx -v# nginx version: nginx/1.17.8

Enable and start the Nginx service:

sudo systemctl enable nginx.servicesudo systemctl start nginx.service

Step 3-Download and compile the Brotli source code

After installing Nginx, we need to build the Brotli module (ngx_brotli) As a dynamic Nginx module. From Nginx version 1.11.5, you can compile a single dynamic module without compiling the full Nginx software. In the next few steps, we will build the Brotli module dynamically without compiling the full Nginx.

Download the latest version of the mainline Nginx source code and unzip it:

wget https://nginx.org/download/nginx-1.17.8.tar.gz && tar zxvf nginx-1.17.8.tar.gz

note: It is important that the version number of the Nginx package matches the Nginx source code. If you installed Nginx 1.17.8 from the official Nginx repository, then You must download the same version of the source codeIn this case it is 1.17.8.

Remove nginx-1.17.8.tar.gz:

rm nginx-1.17.8.tar.gz

Clone ngx_brotli From GitHub:

git clone https://github.com/google/ngx_brotli.gitcd ngx_brotli && git submodule update --init && cd ~

Navigate to the Nginx source code directory:

cd ~/nginx-1.17.8

Download the required libraries:

sudo dnf install -y pcre pcre-devel zlib zlib-devel openssl openssl-devel

Compile ngx_brotli As a dynamic module and copy it into a standard directory of Nginx modules, /etc/nginx/modules:

./configure --with-compat --add-dynamic-module=../ngx_brotlimake modulessudo cp objs/*.so /etc/nginx/modules

List files /etc/nginx/modules you will see ngx_http_brotli_filter_module.so with ngx_http_brotli_static_module.so:

ls /etc/nginx/modules

Set permissions to 644 To everyone .so file:

sudo chmod 644 /etc/nginx/modules/*.so

Step 4-Configure Nginx

We are ready to configure Brotli support in Nginx.

Run sudo vim /etc/nginx/nginx.conf And add the following two instructions at the top of the file to load the new Brotli module:

load_module modules/ngx_http_brotli_filter_module.so;load_module modules/ngx_http_brotli_static_module.so;

Test configuration:

sudo nginx -t

Create a file root directory example.com And create index.html It contains a few things:

sudo mkdir -p /var/www/example.comsudo -secho "Hello from example.com" >> /var/www/example.com/index.htmlexit

Create a virtual host example.com:

sudo vim /etc/nginx/conf.d/example.com.conf

Populate it with the following configuration:

server {
  listen 80;
  server_name example.com; # Replace with your domain name
  return 301 https://$server_name$request_uri;
}

server {    
  listen 443 ssl http2;
  server_name example.com; # Replace with your domain name

  root /var/www/example.com; # Replace with your document root

  # RSA
  ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
  # ECDSA
  ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com_ecc/example.com.key;

  brotli on;
  brotli_static on;
  brotli_types text/plain text/css text/javascript application/javascript text/xml application/xml image/svg+xml application/json;
}

Test configuration:

sudo nginx -t

Reload Nginx:

sudo systemctl reload nginx.service

Visit your website in a web browser and open the “Web” tab of the developer tools. You will see Content-Encoding: br In the response header. This shows that Brotli compression is working.

Content encoding

That’s it. You have enabled Brotli compression on CentOS 8 system.

Sidebar