How to Add Brotli Compression support to Nginx on Debian 10

Brotli is a generic-purpose lossless compression algorithm developed by Google as an alternative to Gzip, Zopfli, and Deflate that compresses data using a combination of a modern variant of the LZ77 algorithm, Huffman coding, and 2nd order context modeling, with a compression ratio comparable to the best currently available general-purpose compression methods. It is similar in speed with deflate but offers more dense compression.

Brotli is open-sourced under the MIT License.

Nginx does not have official support but there is a third-party module developed by Google called ngx_brotli that you can utilize to add support to Nginx.

This guide will show you how to add Brotli support to the Nginx web server on Debian 10 system.

NOTE: This guide will use "johndoe" as an example user and "example.comas an example domain. Replace them according to your names.

Requirements

  • Debian 10 (buster) server
  • Nginx version 1.11.5 or greater
  • Domain name with A/AAAA records set up
  • TLS certificate

Initial Steps

Check your Debian version:

lsb_release -ds
# Debian GNU/Linux 10 (buster)

Set up the timezone:

sudo dpkg-reconfigure tzdata

Update your operating system packages (software). That is an essential first step because it ensures you have the latest updates and security fixes for your operating system's default software packages:

sudo apt update && sudo apt upgrade -y

Install some essential packages that are necessary for basic administration of the Debian operating system:

sudo apt install -y curl wget vim git unzip socat bash-completion apt-transport-https

Step 1 - Install Acme.sh and obtain a TLS certificate from Let's Encrypt

Brotli requires you to set up and use HTTPS. In this part, we will get a trusted certificate from Let's Encrypt.

Download and install Acme.sh:

sudo mkdir /etc/letsencrypt
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
sudo ./acme.sh --install --home /etc/letsencrypt --accountemail [email protected]
cd ~
source ~/.bashrc

Check the version:

acme.sh --version
# v2.8.2

Obtain RSA and ECDSA certificates for example.com:

# RSA 2048
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail [email protected] --ocsp-must-staple --keylength 2048
# ECDSA/ECC P-256
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail [email protected] --ocsp-must-staple --keylength ec-256

After running the commands above, your certificates and keys will be in the following locations:

  • RSA: /etc/letsencrypt/example.com
  • ECC/ECDSA: /etc/letsencrypt/example.com_ecc

Step 2 – Install Nginx from the official Nginx repository

Download and install the latest mainline Nginx from the official Nginx repo:

wget https://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key
rm nginx_signing.key
sudo -s printf "deb https://nginx.org/packages/mainline/debian/ `lsb_release -sc` nginx \ndeb-src https://nginx.org/packages/mainline/debian/ `lsb_release -sc` nginx \n" >> /etc/apt/sources.list.d/nginx_mainline.list
exit
sudo apt update
sudo apt install -y nginx nginx-module-geoip nginx-module-image-filter nginx-module-njs nginx-module-perl nginx-module-xslt

Check the Nginx version:

sudo nginx -v
# nginx version: nginx/1.17.4

Enable and start Nginx service:

sudo systemctl enable nginx.service
sudo systemctl start nginx.service

Step 3 – Download and compile the Brotli source code

After installing Nginx, we need to build the Brotli module (ngx_brotli) as a dynamic Nginx module. From Nginx version 1.11.5 it is possible to compile individual dynamic modules without compiling the complete Nginx software. In the next few steps, we will build the Brotli module as dynamic without compiling the complete Nginx.

Download the latest version of the mainline Nginx source code and extract it:

wget https://nginx.org/download/nginx-1.17.4.tar.gz && tar zxvf nginx-1.17.4.tar.gz

NOTE: It is very important that version numbers of the Nginx package and Nginx source code match. If you installed Nginx 1.17.4 from the official Nginx repository, then you must download the same version of the source code, 1.17.4 in this case.

Remove nginx-1.17.4.tar.gz:

rm nginx-1.17.4.tar.gz

Clone ngx_brotli from GitHub:

git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli && git submodule update --init && cd ~

Navigate to the Nginx source code directory:

cd ~/nginx-1.17.4

Download the required libraries:

sudo apt install -y libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev

Compile the ngx_brotli as a dynamic module and copy it to the standard directory for Nginx modules, /etc/nginx/modules:

./configure --with-compat --add-dynamic-module=../ngx_brotli
make modules
sudo cp objs/*.so /etc/nginx/modules

List files in /etc/nginx/modules and you will see ngx_http_brotli_filter_module.so and ngx_http_brotli_static_module.so:

ls /etc/nginx/modules

Set permissions to 644 for all .so files:

sudo chmod 644 /etc/nginx/modules/*.so

Step 4 – Configure Nginx

We are ready to configure Brotli support in Nginx.

Run sudo vim /etc/nginx/nginx.conf and add the following two directives at the top of the file to load new Brotli modules:

load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;

Test the configuration:

sudo nginx -t

Create a document root directory for example.com and create index.html with some content in it:

sudo mkdir -p /var/www/example.com
sudo -s
echo "Hello from example.com" >> /var/www/example.com/index.html
exit

Create a virtual host for example.com:

sudo vim /etc/nginx/conf.d/example.com.conf

Populate it with the following configuration:

server {
  listen 80;
  server_name example.com; # Replace with your domain name
  return 301 https://$server_name$request_uri;
}

server {    
  listen 443 ssl http2;
  server_name example.com; # Replace with your domain name

  root /var/www/example.com; # Replace with your document root

  # RSA
  ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
  # ECDSA
  ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com_ecc/example.com.key;

  brotli on;
  brotli_static on;
  brotli_types text/plain text/css text/javascript application/javascript text/xml application/xml image/svg+xml application/json;
}

Test the configuration:

sudo nginx -t

Reload Nginx:

sudo systemctl reload nginx.service

Visit your site in your web browser and open the network tab of developer tools. You will see Content-Encoding: br in the response headers. That is the indicator that Brotli compression is working.

Brotli support in Nginx

Content encoding

That's it. You have enabled Brotli compression on your Debian 10 system.

Share this page:

1 Comment(s)