Install NGINX with Brotli Easily

Ariq Naufal -

Brotli is a high-performance, lossless compression algorithm developed and maintained by Google. It can be used by web servers to compress files like .html and .css files and increase the perforce of websites and reduce their bandwidth requirements.

NGINX does not provide a compiled brotli module for their open-source version. This means that you will need to compile the NGINX brotli module from the source. But on this article, you can easily install nginx with brotli without compiling from source.

Install NGINX with Brotli

To install NGINX with Brotli easily without compiling as an advanced user does, I recommend installing it with ppa: sury.

💡
This tutorials only work on Ubuntu variants, because using ppa repository
add-apt-repository ppa:ondrej/nginx
apt update

Install nginx as usual with:

apt install nginx

Your ubuntu machine should be installed nginx with latest stable version, check it with:

nginx -V
Output:

nginx -V
nginx version: nginx/1.26.2
built with OpenSSL 3.0.13 30 Jan 2024
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/build/nginx-do1QBJ/nginx-1.26.2=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/nginx-do1QBJ/nginx-1.26.2=/usr/src/nginx-1.26.2-1+ubuntu24.04.1+deb.sury.org+1 -fPIC -Wdate-time -D_FORTIFY_SOURCE=3' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_v3_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-http_geoip_module=dynamic --with-http_image_filter_module=dynamic --with-http_perl_module=dynamic --with-http_xslt_module=dynamic --with-mail=dynamic --with-stream=dynamic --with-stream_geoip_module=dynamic

Install libnginx-mod-brotli

apt install libnginx-mod-brotli

on main configuration file nginx.conf http block { ... } , copy and paste the following contents into the editor:

nano /etc/nginx/nginx.conf
open nginx.conf first with the editor
# Enable brotli
brotli on;
brotli_static on;
brotli_comp_level 6;

# File types to compress
brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;
copy paste this to /etc/nginx/nginx.conf on http block

Test nginx with:

nginx -t
Output:
root@server:~# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
This indicates that the nginx config syntax is ok

Restart nginx with

service nginx restart

Testing

I need to test this nginx to confirm that brotli compressing is working as i expected. So, on this testing section, i will create a new simple nginx host, issue Let's encrypt SSL on it, and check with curl if brotli enabled or not.

Create a new nginx host conf in /etc/nginx/conf.d

nano /etc/nginx/conf.d/newhost.conf
server {
    listen 80;
    server_name brotli.ns2.my.id;

root /var/www/html;
index index.nginx-debian.html;
location / {
                try_files $uri $uri/ =404;
        }
}
  • Replace my server_name brotli.ns2.my.id to your domain name.

After added a new simple nginx host with listen port 80 (http port), install certbot-nginx to easy issue SSL with Let's encrypt SSL and rewrite it to https enabled nginx host config.

sudo apt-add-repository -r ppa:certbot/certbot
sudo apt install -y certbot python3-certbot-nginx

Issue SSL with:

certbot --nginx -d brotli.ns2.my.id
  • Replace brotli.ns2.my.id to your domain name
Output
root@server:# certbot --nginx -d brotli.ns2.my.id
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Requesting a certificate for brotli.ns2.my.id

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/brotli.ns2.my.id/fullchain.pem
Key is saved at:         /etc/letsencrypt/live/brotli.ns2.my.id/privkey.pem
This certificate expires on 2025-04-20.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in t                        he background.

Deploying certificate
Successfully deployed certificate for brotli.ns2.my.id to /etc/nginx/conf.d/newhost.conf
Congratulations! You have successfully enabled HTTPS on https://brotli.ns2.my.id

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
 * Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
 * Donating to EFF:                    https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

SSL has been deployed by certbot, and the previous nginx host config has been rewrited to redirect HTTP to HTTPS, and only use HTTPS.

root@server:# cat brotli.conf
server {
    server_name brotli.ns2.my.id;

root /var/www/html;
index index.nginx-debian.html;
location / {
                try_files $uri $uri/ =404;
        }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/brotli.ns2.my.id/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/brotli.ns2.my.id/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = brotli.ns2.my.id) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name brotli.ns2.my.id;
    return 404; # managed by Certbot

We'll use curl to make tell the server that we want brotli compression -H 'Accept-Encoding: br' and then to only print the connection headers -I of the server’s response:

root@server:# curl -H 'Accept-Encoding: br' -I https://brotli.ns2.my.id
HTTP/1.1 200 OK
Server: nginx/1.26.2
Date: Mon, 20 Jan 2025 08:15:57 GMT
Content-Type: text/html
Last-Modified: Tue, 17 Dec 2024 06:17:12 GMT
Connection: keep-alive
ETag: W/"67611768-267"
Content-Encoding: br

If Content-Encoding: br printed, your nginx has successfully enabled brotli compression. That's it!

Thank you for reading!