nginx打上QUIC补丁,抢先体验http3
nginx据说早官方就表示会支持QUIC,但是迟迟没有发布相关的版本
主打安全和加速的CDN厂商cloudflare发布了基于nginx的QUIC补丁
安装环境依赖和编译工具
apt-get install build-essential automake autoconf make git cmake gcc
安装pcre,实现rewrite重写功能
1
2
3
4
5
wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz
tar -zxvf pcre-8.44.tar.gz
cd pcre-8.44
./configure
make && make install
安装zlib, 实现gzip 压缩
1
2
3
4
5
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make && make install
nginx安装
1
2
wget http://nginx.org/download/nginx-1.17.9.tar.gz
tar -zxvf nginx-1.17.9.tar.gz
nginx的QUIC补丁克隆到本地
1
git clone --recursive https://github.com/cloudflare/quiche
golang 、rust 环境搭建
1
2
wget https://dl.google.com/go/go1.14.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.14.linux-amd64.tar.gz
添加环境变量
1
2
#/etc/profile
export PATH=$PATH:/usr/local/go/bin
cargo安装
curl https://sh.rustup.rs -sSf | sh
source $HOME/.cargo/env
可能需要使用source profile
命令使环境变量实时生效而无需重启
开始编译nginx
1
2
3
4
5
6
7
8
9
10
11
12
13
cd nginx-1.17.9
patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch
./configure --prefix=/usr/local/nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-openssl=../quiche/deps/boringssl \
--with-quiche=../quiche \
--with-pcre=/opt/pcre-8.44 \
--with-zlib=/opt/zlib-1.2.11
make && make install
编译成功的nginx二进制文件在objs文件夹下
下面是nginx 开启QUIC的配置文件示例
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
server {
# Enable QUIC and HTTP/3.
listen 443 quic reuseport;
# Enable HTTP/2 (optional).
listen 443 ssl http2;
listen 80;
server_name localhost;
ssl_certificate /var/www/example.com.cer;
ssl_certificate_key /var/www/example.com.key;
# Enable all TLS versions (TLSv1.3 is required for QUIC).
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# Add Alt-Svc header to negotiate HTTP/3.
add_header alt-svc 'h3-24=":443"; ma=86400, h3-23=":443"; ma=86400';
...
}
启动nginx
/usr/local/nginx/sbin/nginx
查看nginx编译QUIC是否成功可以使用以下命令
/usr/local/nginx/sbin/nginx -V
查看ninx的端口监听
netstat -peanut | grep nginx
如果nginx监听了443 UDP端口,则表示成功。。。
或者使用lsof -i:443
,成功会显示如下图
1
2
3
nginx 10* root 6u IPv4 20320733 0t0 TCP *:https (LISTEN)
nginx 10* root 7u IPv4 20320734 0t0 UDP *:443
nginx 10* root 8u IPv6 20320735 0t0 TCP *:https (LISTEN)
参考原文
https://pylist.com/t/1584076963
2023-03-31 更新
最新的Nginx在线一键安装使用http3,QUIC不用编译,简单方便,参考下文
💘 相关文章
- 重新编译nginx,以便支持最新的quic(http3)以及 brotli 压缩
- nginx 开启http3 QUIC和配置Brotli压缩和反向代理的详细教程
- 在ARM服务器中基于ubuntu系统一键架设nginx quic http3环境
- 快速简单一键搭建nginx quic的环境
- 怎样更新开源的http3服务器-openlitespeed
- nginx: [warn] "ssl_stapling" ignored, not supported告警
- 免费的Nginx 代理,管理器面板
- Configure nginx to only allow cloudflare's IP to connect to the server shell script
- how to do config nginx allow's cloudflare ip's
- directadmin的安装折腾及更改directadmin为nginx记录