编译Nginx配置QUIC/HTTP3.0

  1. 安装BoringSSL
bash 复制代码
sudo apt update
sudo apt install -y build-essential ca-certificates zlib1g-dev libpcre3 \
libpcre3-dev tar unzip libssl-dev wget curl git cmake ninja-build mercurial \
libunwind-dev pkg-config

git clone --depth=1 https://github.com/google/boringssl.git
cd boringssl
cmake -GNinja -B build -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=1
ninja -C build
cd ..

2.安装ngx_brotli

bash 复制代码
git clone --recurse-submodules -j8 https://github.com/google/ngx_brotli
mkdir ngx_brotli/deps/brotli/out 
cd ngx_brotli/deps/brotli/out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
cd -

3. 安装Nginx

bash 复制代码
hg clone https://hg.nginx.org/nginx
cd nginx
./auto/configure --user=www --group=www --prefix=/www/server/nginx --with-pcre --add-module=../ngx_brotli --with-http_v2_module --with-stream --with-stream_ssl_module --with-http_ssl_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-ld-opt='-Wl,-E' --with-cc-opt=-Wno-error --with-ld-opt='-ljemalloc' --with-http_dav_module --with-http_v3_module --with-cc=c++ --with-cc-opt='-I ../boringssl/include -x c' --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
make
sudo make install
cd ..
cd /usr/sbin
sudo ln -s /www/server/nginx/sbin/nginx
nginx --version
cd -
echo '[Unit]                                                                  1
Description=nginx - high performance web server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/www/server/nginx/logs/nginx.pid
ExecStartPre=nginx -t
ExecStart=nginx
ExecReload=nginx -s reload
ExecStop=nginx -s stop
ExecQuit=nginx -s quit
PrivateTmp=true

[Install]
WantedBy=multi-user.target' > nginx.service
[ -f /etc/systemd/system/nginx.service ] && ([ -f /etc/systemd/system/nginx.service.bak ] || sudo mv /etc/systemd/system/nginx.service /etc/systemd/system/nginx.service.bak)
sudo mv nginx.service /etc/systemd/system/
sudo systemctl daemon-reload
sudo systemctl start nginx
sudo systemctl enable nginx

4. 配置Nginx

bash 复制代码
user  root;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    include sites-enabled/*;
    default_type  application/octet-stream;

    log_format quic '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http3"';

    access_log logs/access.log quic;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;

        #charset koi8-r;

        location / {
            root   html;
            index  index.html index.htm;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }

}
  • 配置域名
bash 复制代码
cd /www/server/nginx/conf/
sudo chown -R $USER:$USER .
mkdir sites-avaliable sites-enabled
touch sites-avaliable/quic.waketzheng.top
ln -s `pwd`/sites-avaliable/quic.waketzheng.top `pwd`/sites-enabled/quic.waketzheng.top
# vi sites-enabled/quic.waketzheng.top
cat sites-enabled/quic.waketzheng.top
  • 配置文件内容:
bash 复制代码
upstream quic_api {
   server 127.0.0.1:9798;
}

server {
    server_name quic.waketzheng.top;
    client_max_body_size 30m;

    location / {
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_pass http://quic_api;
      add_header Alt-Svc 'h3=":443"; ma=86400';
    }

    ssl_certificate /etc/letsencrypt/live/quic.waketzheng.top/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/quic.waketzheng.top/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    listen 443 ssl;
	listen 443 quic reuseport;
}

server {
    if ($host = quic.waketzheng.top) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name quic.waketzheng.top;

    listen 80;
    return 404; # managed by Certbot
}
  • 测试配置并重启Nginx
bash 复制代码
sudo nginx -t
sudo nginx -s reload

5.验证 HTTP3 是否生效

打开这个https://http3.wcode.net/

输入网址即可知道效果

相关推荐
大霞上仙3 分钟前
Ubuntu系统电脑没有WiFi适配器
linux·运维·电脑
Karoku06639 分钟前
【企业级分布式系统】Zabbix监控系统与部署安装
运维·服务器·数据库·redis·mysql·zabbix
为什么这亚子42 分钟前
九、Go语言快速入门之map
运维·开发语言·后端·算法·云原生·golang·云计算
布值倒区什么name1 小时前
bug日常记录responded with a status of 413 (Request Entity Too Large)
运维·服务器·bug
。puppy2 小时前
HCIP--3实验- 链路聚合,VLAN间通讯,Super VLAN,MSTP,VRRPip配置,OSPF(静态路由,环回,缺省,空接口),NAT
运维·服务器
颇有几分姿色2 小时前
深入理解 Linux 内存管理:free 命令详解
linux·运维·服务器
光芒再现dev2 小时前
已解决,部署GPTSoVITS报错‘AsyncRequest‘ object has no attribute ‘_json_response_data‘
运维·python·gpt·语言模型·自然语言处理
AndyFrank2 小时前
mac crontab 不能使用问题简记
linux·运维·macos
成都古河云3 小时前
智慧场馆:安全、节能与智能化管理的未来
大数据·运维·人工智能·安全·智慧城市
算法与编程之美3 小时前
文件的写入与读取
linux·运维·服务器