
nginx patched QUIC, early access to http3
nginx is said to have officially stated that it will support QUIC, but has not released related versions.
Cloudflare, a major security and acceleration CDN vendor, released a QUIC patch based on nginx
Installation environment dependencies and compilation tools
apt-get install build-essential automake autoconf make git cmake gcc
Install pcre to implement the rewrite function
1
2
3
4
5
6
wget https://ftp.pcre.org/pub/pcre/pcre-8.44.tar.gz
tar -zxvf pcre-8.44.tar.gz
cd pcre-8.44
./configure
make && make install
Install zlib for gzip compression
1
2
3
4
5
wget http://zlib.net/zlib-1.2.11.tar.gz
tar -zxvf zlib-1.2.11.tar.gz
cd zlib-1.2.11
./configure
make && make install
1
2
wget http://nginx.org/download/nginx-1.17.9.tar.gz
tar -zxvf nginx-1.17.9.tar.gz
nginx's QUIC patch cloned locally
1
git clone --recursive https://github.com/cloudflare/quiche
golang, rust environment setup
1
2
wget https://dl.google.com/go/go1.14.linux-amd64.tar.gz
tar -C / usr / local -xzf go1.14.linux-amd64.tar.gz
Adding environment variables
1
2
# /etc/profile
export PATH = $ PATH:/usr/local go/bin
cargo installation
curl https://sh.rustup.rs -sSf | sh
May need to use source profile
command to make environment variables take effect in real time without restarting
Start compiling nginx
1
2
3
4
5
6
7
8
9
10
11
cd nginx-1.17.9
patch -p01 <../quiche/extras/nginx/nginx-1.16.patch
./configure --prefix = /usr/local/nginx \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-openssl = .. /quiche/deps/boringssl \
--with-quiche = .. /quiche \
--with-pcre = /opt/pcre-8.44 \
--with-zlib = /opt/zlib-1.2.11
make && make install
Successfully compiled nginx binaries are in the objs folder
The following is an example of a configuration file for nginx to enable QUIC.
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
server {
# Enable QUIC and HTTP / 3.
listen 443 quic reuseport;
# Enable HTTP / 2 (optional).
listen 443 ssl http2;
listen 80;
server_name localhost;
ssl_certificate /var/www/example.com.cer;
ssl_certificate_key /var/www/example.com.key;
# Enable all TLS versions (TLSv1.3 is required for QUIC).
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# Add Alt-Svc header to negotiate HTTP / 3.
add_header alt-svc 'h3-23 = ": 443"; ma = 86400';
...
}
/usr/local/nginx/sbin/nginx
To see if nginx compiles QUIC successfully, you can use the following command
/usr/local/nginx/sbin/nginx -V
View the port listening of ninx
netstat -peanut | grep nginx
If nginx listens on 443 UDP port, it means success. . .
Reference text