admin avatar

nginx patched QUIC, early access to http3

🕒 by admin

nginx is said to have officially stated that it will support QUIC, but has not released related versions.

Cloudflare, a major security and acceleration CDN vendor, released a QUIC patch based on nginx

Installation environment dependencies and compilation tools

apt-get install build-essential automake autoconf make git cmake gcc

Install pcre to implement the rewrite function

1
2
3
4
5
6
 
wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz
tar -zxvf pcre-8.44.tar.gz
cd pcre-8.44
./configure
make && make install

Install zlib for gzip compression

1
2
3
4
5
 
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make && make install
nginx installation

1
2
 
wget http://nginx.org/download/nginx-1.17.9.tar.gz
tar -zxvf nginx-1.17.9.tar.gz

nginx's QUIC patch cloned locally

1
 
git clone --recursive https://github.com/cloudflare/quiche

golang, rust environment setup

1
2
 
wget https://dl.google.com/go/go1.14.linux-amd64.tar.gz
tar -C / usr / local -xzf go1.14.linux-amd64.tar.gz

Adding environment variables 

1
2
 
# /etc/profile
export PATH = $ PATH:/usr/local go/bin

cargo installation

curl https://sh.rustup.rs -sSf | sh May need to use source profile command to make environment variables take effect in real time without restarting Start compiling nginx

1
2
3
4
5
6
7
8
9
10
11
 
cd nginx-1.17.9
patch -p01 <../quiche/extras/nginx/nginx-1.16.patch
./configure --prefix = /usr/local/nginx \
   --with-http_ssl_module \
   --with-http_v2_module \
   --with-http_v3_module \
   --with-openssl = .. /quiche/deps/boringssl \
   --with-quiche = .. /quiche \
    --with-pcre = /opt/pcre-8.44 \
    --with-zlib = /opt/zlib-1.2.11
make && make install
Note that the path above is not wrong

Successfully compiled nginx binaries are in the objs folder

The following is an example of a configuration file for nginx to enable QUIC.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
 
server {
    # Enable QUIC and HTTP / 3.
    listen 443 quic reuseport;
    # Enable HTTP / 2 (optional).
    listen 443 ssl http2;
    listen 80;
    server_name localhost;
    ssl_certificate /var/www/example.com.cer;
    ssl_certificate_key /var/www/example.com.key;
    # Enable all TLS versions (TLSv1.3 is required for QUIC).
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    
    # Add Alt-Svc header to negotiate HTTP / 3.
    add_header alt-svc 'h3-23 = ": 443"; ma = 86400';
    ...
}
Start nginx

/usr/local/nginx/sbin/nginx

To see if nginx compiles QUIC successfully, you can use the following command

/usr/local/nginx/sbin/nginx -V

View the port listening of ninx

netstat -peanut | grep nginx

If nginx listens on 443 UDP port, it means success. . .

Reference text

https://pylist.com/t/1584076963

写一条评论

登录发表评论