A tutorial on configuring Brotli pressure on Nginx CentOS 8

Brotli is a general-purpose lossless compression algorithm developed by Google as an alternative to Gzip, Zopfli, and Deflate that compress data using a set of recent variants of the LZ77 algorithm, Huffman and 2 coding.And the Demand context modeling, with a compression ratio comparable to the best general-purpose compression methods currently available. It is approximately the same as the vacuum velocity but provides a tighter pressure.

Brotli is open source and available under the MIT license.

Nginx does not have official support but there is a third-party module named by Google developed by Google ngx_brotli Which you can use to add support to Nginx.

This tutorial will show you how to add Brotli support to an Nginx web server on a CentOS 8 server.

Note: This guide will useBeidou“For example a user and”example.comExample domain. Change it according to your name.

Requirements

  • CentOS 8 Server
  • Log in as root or sudo user
  • Nginx version 1.11.5 or later
  • Domain name with A/AAAA Records are created
  • TLS Certificate

Initial step

Check the CentOS version

cat /etc/centos-release
# CentOS Linux release 8.0.1905 (Core)

Time zone setting

timedatectl list-timezones
sudo timedatectl set-timezone 'Asia/Jakarta'

Update the operating system (software) package. This is an important first step as it ensures that you have the latest updates and security fixes for the default software packages for your operating system:

sudo dnf update -y

Install some basic packages required for basic CentOS management:

sudo dnf install -y curl wget vim git unzip socat bash-completion epel-release socat && sudo dnf groupinstall "Development Tools"

Step 1 – Install Acme.sh and get TLS certificate from Let’s Encrypt

Brotli requires you to set up and use HTTPS. In this section, we will retrieve trusted certificates from Let’s Encrypt.

Download and install Acme.sh:

sudo mkdir /etc/letsencrypt
git clone https://github.com/Neilpang/acme.sh.git
cd acme.sh
sudo ./acme.sh --install --home /etc/letsencrypt --accountemail [email protected]
cd ~
source ~/.bashrc

Check version:

acme.sh --version
# v2.8.6

Get RSA and ECDSA certifications for example.com:

# RSA 2048
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail [email protected] --ocsp-must-staple --keylength 2048
# ECDSA/ECC P-256
sudo /etc/letsencrypt/acme.sh --issue --standalone --home /etc/letsencrypt -d example.com --accountemail [email protected] --ocsp-must-staple --keylength ec-256

After executing the above command, your certificate and key will be in the following place:

  • RSA: /etc/letsencrypt/example.com
  • ECC / ECDSA: /etc/letsencrypt/example.com_ecc

Step 2 – Install Nginx from the official Nginx repositories

You need to download and install the latest Nginx from the official Nginx repo:

Install the prerequisites:

sudo yum install yum-utils

To organize your yum repository, create a file called /etc/yum.repos.d/nginx.repo :

sudo nano /etc/yum.repos.d/nginx.repo

Then copy and paste the following content:

[nginx-stable]
name=nginx stable repo
baseurl=http://nginx.org/packages/centos/$releasever/$basearch/
gpgcheck=1
enabled=1
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

[nginx-mainline]
name=nginx mainline repo
baseurl=http://nginx.org/packages/mainline/centos/$releasever/$basearch/
gpgcheck=1
enabled=0
gpgkey=https://nginx.org/keys/nginx_signing.key
module_hotfixes=true

By default, the nginx stable repository is used. We need to use the main nginx package. Run the following command to use mainline source:

sudo yum-config-manager --enable nginx-mainline

To install nginx, run the following command:

sudo yum install -y nginx

Check the Nginx version:

sudo nginx -v
# nginx version: nginx/1.17.8

Activate and start the Nginx service:

sudo systemctl enable nginx.service
sudo systemctl start nginx.service

Step 3 – Download and compile Brotli source code

After installing Nginx, we need to build the Brotli module (ngx_brotli) as the Nginx dynamic module. From Nginx version 1.11.5, it is possible to compile individual dynamic modules without full Nginx compilation. In the next few steps, we will build the Brotli module as dynamic without full Nginx compilation.

Download and extract the latest version of the main Nginx source code:

wget https://nginx.org/download/nginx-1.17.8.tar.gz && tar zxvf nginx-1.17.8.tar.gz

NBIt is very important that the version number is from Nginx package And the Nginx source code Equivalent. If you installed Nginx version 1.17.8 from the official Nginx repository, then You must download Source The blade The same version, In this case 1.17.8 .

Delete files nginx-1.17.8.tar.gz:

rm nginx-1.17.8.tar.gz

cloning ngx_brotli From Github:

git clone https://github.com/google/ngx_brotli.git
cd ngx_brotli && git submodule update --init && cd ~

Enter the Nginx source code directory:

cd ~/nginx-1.17.8

Download the necessary libraries:

sudo dnf install -y pcre pcre-devel zlib zlib-devel openssl openssl-devel

Aggregation ngx_brotli As a dynamic unit and copy it to the standard directory of the Nginx module, /etc/nginx/modules:

./configure --with-compat --add-dynamic-module=../ngx_brotli
make modules
sudo cp objs/*.so /etc/nginx/modules

List files with the ls on command /etc/nginx/modules And you will see ngx_http_brotli_filter_module.so And the ngx_http_brotli_static_module.so:

ls /etc/nginx/modules

Set Permissions To 644 For all files with the extension .so :

sudo chmod 644 /etc/nginx/modules/*.so

Step 4 – Configure Nginx

We are ready to configure Brotli support on Nginx.

Open nginx.conf general settings then we will add some settings.

sudo nano /etc/nginx/nginx.conf

Add the following two directives at the top of the file to download the new Brotli module:

load_module modules/ngx_http_brotli_filter_module.so;
load_module modules/ngx_http_brotli_static_module.so;

Nginx configuration test to check for errors:

sudo nginx -t

Create a directory for the document root example.com And create index.html With some content in it:

sudo mkdir -p /var/www/example.com
sudo -s
echo "Hello from example.com" >> /var/www/example.com/index.html
exit

Create a default host configuration for example.com:

sudo nano /etc/nginx/conf.d/example.com.conf

Then use the following configuration:

server {
  listen 80;
  server_name example.com; # ganti dengan nama domain Anda
  return 301 https://$server_name$request_uri;
}

server {    
  listen 443 ssl http2;
  server_name example.com; # ganti dengan nama domain Anda

  root /var/www/example.com; # ganti dengan document root dari website

  # RSA
  ssl_certificate /etc/letsencrypt/example.com/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com/example.com.key;
  # ECDSA
  ssl_certificate /etc/letsencrypt/example.com_ecc/fullchain.cer;
  ssl_certificate_key /etc/letsencrypt/example.com_ecc/example.com.key;

  brotli on;
  brotli_static on;
  brotli_types text/plain text/css text/javascript application/javascript text/xml application/xml image/svg+xml application/json;
}

Test your nginx configuration to match what you want:

sudo nginx -t

If there are no errors, reload the nginx service:

sudo systemctl reload nginx.service

Visit your site in your web browser and open the network tab in developer tools. You will see Content-Encoding: br In the response header. This is an indication that Brotli compression is working.

Brotli setup on CentOS 8

Brotli setup on CentOS 8

This is. You have enabled Brotli compression on your CentOS 8 system.

.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *