Add Brotli support to Nginx on Ubuntu 18.04

Updated on March 22, 2019
Add Brotli support to Nginx on Ubuntu 18.04 header image

Brotli (br) is a new open source compression algorithm, developed by Google as an alternative to Gzip, Zopfli and Deflate. It is formally defined in Internet Engineering Task Force (IETF) as RFC 7932. Google's case study on Brotli has shown compression ratios of up to 26% smaller than current methods, with less CPU usage.

Nginx does not have official support but there is a third-party module developed by Google called ngx_brotli that we can use to add support to Nginx.

This guide will show you how to add Brotli support to Nginx on a fresh Ubuntu 18.04 LTS Vultr instance.

NOTE: This guide will use johndoe as an example user and example.com as an example domain. Replace them according to your names.

Requirements

  • Ubuntu 18.04 LTS server
  • Nginx version 1.11.5 or greater
  • Domain name with A/AAAA records set up
  • TLS certificate

Before you begin

Check the Ubuntu version.

lsb_release -ds
# Ubuntu 18.04 LTS

Create a new non-root user account with sudo access and switch to it.

adduser johndoe --gecos "John Doe"
usermod -aG sudo johndoe
su - johndoe

NOTE: Replace johndoe with your username.

Update your operating system’s software.

sudo apt update && sudo apt upgrade -y

Set up the timezone.

sudo dpkg-reconfigure tzdata

Install required build tools and packages.

sudo apt install -y build-essential git apt-transport-https socat

Step 1 - Install Acme.sh and obtain a TLS certificate from Let's Encrypt

Brotli requires you to set up and use HTTPS. In this part we will get a trusted certificate from Let's Encrypt.

Download and install Acme.sh.

sudo mkdir /etc/letsencrypt
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
sudo ./acme.sh --install --home /etc/letsencrypt --accountemail your_email@example.com
cd ~
source ~/.bashrc

Check the version.

acme.sh --version
# v2.8.0

Obtain RSA and ECDSA certificates for example.com.

# RSA 2048
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail your_email@example.com --ocsp-must-staple --keylength 2048

# ECDSA/ECC P-256
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail your_email@example.com --ocsp-must-staple --keylength ec-256

After running the commands above, your certificates and keys will be in the following locations:

  • RSA: /etc/letsencrypt/example.com
  • ECC/ECDSA: /etc/letsencrypt/example.com_ecc

Step 2 – Install Nginx from the official Nginx repository

Download and install the latest mainline Nginx from the official Nginx repo.

wget https://nginx.org/keys/nginx_signing.key
sudo apt-key add nginx_signing.key
rm nginx_signing.key
sudo -s
printf "deb https://nginx.org/packages/mainline/ubuntu/ `lsb_release -sc` nginx \ndeb-src https://nginx.org/packages/mainline/ubuntu/ `lsb_release -sc` nginx \n" >> /etc/apt/sources.list.d/nginx_mainline.list
exit
sudo apt update
sudo apt install -y nginx nginx-module-geoip nginx-module-image-filter nginx-module-njs nginx-module-perl nginx-module-xslt

Check the version.

sudo nginx -v
# nginx version: nginx/1.15.2

Enable and start Nginx.

sudo systemctl enable nginx.service
sudo systemctl start nginx.service

Step 3 – Download and compile the Brotli source code

After installing Nginx, we need to build the Brotli module (ngx_brotli) as a dynamic Nginx module. From Nginx version 1.11.5 it is possible to compile individual dynamic modules without compiling the complete Nginx software. In the next few steps, we will build the Brotli module as dynamic without compiling the complete Nginx.

Download the latest version of the mainline Nginx source code and extract it.

wget https://nginx.org/download/nginx-1.15.2.tar.gz && tar zxvf nginx-1.15.2.tar.gz

NOTE: It is very important that version numbers of the Nginx package and Nginx source code match. If you installed Nginx 1.15.2 from the official Nginx repository, then you must download the same version of the source code, 1.15.2 in this case.

Remove nginx-1.15.2.tar.gz.

rm nginx-1.15.2.tar.gz

Clone ngx_brotli from GitHub.

git clone https://github.com/eustas/ngx_brotli.git
cd ngx_brotli && git submodule update --init && cd ~

Navigate to the Nginx source code directory.

cd ~/nginx-1.15.2

Download required libraries.

sudo apt install -y libpcre3 libpcre3-dev zlib1g zlib1g-dev openssl libssl-dev

Compile the ngx_brotli as a dynamic module and copy it to the standard directory for Nginx modules, /etc/nginx/modules.

./configure --with-compat --add-dynamic-module=../ngx_brotli
make modules
sudo cp objs/*.so /etc/nginx/modules

List files in /etc/nginx/modules and you will see ngx_http_brotli_filter_module.so and ngx_http_brotli_static_module.so.

ls /etc/nginx/modules

Set permissions to 644 for all .so files.

sudo chmod 644 /etc/nginx/modules/*.so

Step 4 – Configure Nginx

We are ready to configure Brotli support in Nginx.

Run sudo vim /etc/nginx/nginx.conf and add the following two directives at the top of the file to load new Brotli modules.

load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;

Test the configuration.

sudo nginx -t

Create a document root directory for example.com and create index.html with some content in it.

sudo mkdir -p /var/www/example.com
sudo -s
echo "Hello from example.com" >> /var/www/example.com/index.html
exit

Create a virtual host for example.com.

sudo vim /etc/nginx/conf.d/example.com.conf

Populate it with the following configuration.

server {
  listen 80;
  server_name example.com; # Replace with your domain name
  return 301 https://$server_name$request_uri;
}
    
server {    
  listen 443 ssl http2;
  server_name example.com; # Replace with your domain name

  root /var/www/example.com; # Replace with your document root
  
  # RSA
  ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
  # ECDSA
  ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com_ecc/example.com.key;

  brotli on;
  brotli_static on;
  brotli_types text/plain text/css text/javascript application/javascript text/xml application/xml image/svg+xml application/json;
}

Test the configuration.

sudo nginx -t

Reload Nginx.

sudo systemctl reload nginx.service
    

Visit your site in your web browser and open the network tab of developer tools. You will see Content-Encoding: br in the response headers. That is the indicator that Brotli compression is working.

You have enabled Brotli compression on your web server.