Featured Nginx How to use Brotli compression for Centmin Mod Nginx web servers

Centmin Mod is provide as is, so short of scripted related bugs or issues, any further optimisation to the web stack components - nginx, php-fpm, mariadb mysql, csf firewall etc or web app level specific configurations such as wordpress are left to the Centmin Mod user to deal with. So I do not provide any free support for such.

However, Centmin Mod users are free to help each other out and ask questions or give answers on this community forum. My hopes are that this community forum evolves so that more veteran long time Centmin Mod users help new Centmin Mod users out

But whether gzip or brotli is used doesn't matter that much at Cloudflare level as you're performance will be good either way. So I wouldn't worry too much about it.

---

 

You're welcome and yes once you go VPS/dedicated very hard to go back to shared hosting - so much control

so Cloudflare had disabled it on their end !

 

whether you have gzip or brotli reported at Cloudflare level depends on how your web app/script is configured see post at Nginx - How to use Brotli compression for Centmin Mod Nginx web servers to test cloudflare and origin web server's content-encoding

 

oh and Cloudflare may actually have Brotli disabled at their end so ask Cloudflare tech support Nginx - How to use Brotli compression for Centmin Mod Nginx web servers

 

Brotli usage where at Cloudflare to Visitor stage or you mean between Cloudflare and Centmin Mod Nginx ? Seems Cloudflare may have turned off Brotli temporary on their servers Nginx - How to use Brotli compression for Centmin Mod Nginx web servers ?

On CentOS 7 you can use curl resolve command to bypass Cloudflare to check headers for Centmin Mod Nginx backend origin to see if Brotli is supported.

Inspecting output for commands. For posting code or output from commands to keep the formatting, you might want to use CODE tags for code How to use forum BBCODE code tags

Code (Text):

curl -sI -H "Accept-Encoding: gzip,br" https://yourdomain.com

Code (Text):

curl -sI -H "Accept-Encoding: gzip,br" http://yourdomain.com

checking the Content-Encoding: line to see if it shows gzip or br

Cloudflare Users & Brotli

You can verify if cloudflare or centmin mod nginx is where the gzip compression is coming from by running curl command which bypasses cloudflare to connect with centmin mod nginx backend replacing YOURREALSERVER_IP with your real server IP address below and yourdomain.com with your domain name. You may want to mask your real ip when you post the output on this forum to protect your real IP address

Code (Text):

curl -sI -H "Accept-Encoding: gzip,br" --resolve 'yourdomain.com:443:YOURREALSERVER_IP' https://yourdomain.com

compare it to header check with cloudflare in front

Code (Text):

curl -sI -H "Accept-Encoding: gzip,br" https://yourdomain.com

Inspecting whether Content-Encoding shows br or gzip. If bypass curl header check shows br but cloudflare curl header check shows gzip, then something at web app level i.e. wordpress is precompressing static assets as gzip.

Cloudflare Origin Authentication Pull And Brotli

If you have Cloudflare origin authentication setup then curl header bypass command will result in HTTP/1.1 400 Bad Request error as regular HTTPS requests to https backend nginx site are only allowed via Cloudflare, then you need to temporarily disable Cloudflare origin authentication by commenting out the line in your nginx vhost domain config file

changing line from

Code (Text):

ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.com/origin.crt;
ssl_verify_client on;

to comment out and disable them with hash in front

Code (Text):

#ssl_client_certificate /usr/local/nginx/conf/ssl/cloudflare/domain.com/origin.crt;
#ssl_verify_client on;

restart Nginx and PHP-FPM services

Code (Text):

nprestart

Then disable Original Authentication Pull in Cloudflare dashboard.

Then re-run single command line for curl header check that bypasses cloudflare

Code (Text):

curl -sI -H"Accept-Encoding: gzip,br" --resolve yourdomain.com:443:YOURREALSERVER_IP' https://yourdomain.com

After you got output, re-enable Cloudflare origin authentication by removing comment hashes from the 2 lines and then restarting nginx and php-fpm services and then re-enable Original Authentication Pull in Cloudflare dashboard.

For further checks I suppose you can do a custom Nginx log format which includes the content-encoding header being logged to nginx access log similar to Cloudflare logging done for CF-RAY header at Cloudflare - Cloudflare custom Nginx logging

 

Actually doesn't matter if Brotli isn't used it falls back to Gzip on either Cloudflare or Centmin Mod Nginx layer. So there's no troubleshooting involved - let server decide which to server visitors with - either Gzip or Brotli compression when available.

 

Yeah Centmin Mod Nginx used more updated ngx_brotli fork at eustas/ngx_brotli though the maintainer is also the maintainer for official Google Brotli library too so there would be some updating I suppose

 

Haven't yet .. I should just did Cloudflare Brotli vs Gzip benchmarks

 

@Nitin @Kuro @RoldanLT looks like Cloudflare has now re-enabled Brotli on their end

Code (Text):

curl -I -H "Accept-Encoding: gzip,br" https://community.centminmod.com/
HTTP/2 200 
date: Fri, 18 May 2018 04:18:38 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=dea2e1bcf37bd11ca3ffd795c8b3ec2461526617118; expires=Sat, 18-May-19 04:18:38 GMT; path=/; domain=.centminmod.com; HttpOnly
vary: Accept-Encoding
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: private, max-age=0
set-cookie: xfcmi_session=20f5c86be55b597512003266b97262a8; path=/; secure; HttpOnly
x-frame-options: SAMEORIGIN
x-xss-protection: 1
x-powered-by: centminmod
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
strict-transport-security: max-age=31536000; includeSubdomains
link: </styles/xenbase/font-awesome/css/font-awesome.min.css>; rel="preload" as="style"
link: </js/jquery/jquery-1.11.0.min.js>; rel="preload" as="script"
link: </js/xenforo/xenforo.js>; rel="preload" as="script"
link: </OneSignalSDK.js>; rel="preload" as="script"
link: </styles/xenbase/font-awesome/fonts/fontawesome-webfont.woff2?v=4.7.0>; rel="preload" as="font" crossorigin
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 41cb855e6be41ead-SJC
content-encoding: br