Published 2024年2月17日 by

http3 – nginx with quictls

nginx 从1.25开始支持QUIC和http3

# quictls 编译安装
./Configure --prefix=$HOME/quictls --openssldir=$HOME/openssl-quic -fPIC no-shared
make && make install

# nginx 编译安装
auto/configure --with-debug --with-http_v3_module --with-http_v2_module --with-cc-opt="-I $HOME/quictls/include" --with-ld-opt="-L $HOME/quictls/lib64" --prefix=$HOME/nginx-quic --with-cc-opt="-DNGX_QUIC_DEBUG_PACKETS -DNGX_QUIC_DEBUG_CRYPTO" --with-openssl=$HOME/install/openssl
make && make install

nginx.conf

user  root;
worker_processes  1;

error_log  logs/error.log  debug;

#pid        logs/nginx.pid;

events {
    worker_connections  1024;
}

http {
    log_format quic '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http3"';

    access_log logs/access.log quic;

    server {
        # for better compatibility it's recommended
        # to use the same port for quic and https
        listen 443 quic reuseport;
        listen 443 ssl ;
        http3 on;
        http2 on;
        quic_retry on;
        ssl_early_data on;
        #server_name  server_name;
     

        ssl_certificate     certs/cert.pem;
        ssl_certificate_key certs/priv.key;
        ssl_protocols       TLSv1.3;

        add_header Alt-Svc 'h3=":443"; ma=86400';

        location / {
           index  index.html index.htm;
        }
    }
}

 

目前默认的curl还不支持http3,参考 https://curl.se/docs/http3.html编译。

 ./curl --http3-only https://127.0.0.1:443/ -k -v
*   Trying 127.0.0.1:443...
* QUIC cipher selection: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256
* Skipped certificate verification
* Connected to 127.0.0.1 (127.0.0.1) port 443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://127.0.0.1:443/
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: 127.0.0.1]
* [HTTP/3] [0] [:path: /]
* [HTTP/3] [0] [user-agent: curl/8.6.0]
* [HTTP/3] [0] [accept: */*]
> GET / HTTP/3
> Host: 127.0.0.1
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/3 200
< server: nginx/1.25.4

 

如果使用浏览器,目前需要进行设置, https://www.bram.us/2020/04/08/how-to-enable-http3-in-chrome-firefox-safari/

chrome需要增加参数, –origin-to-force-quic-on=https://XXX/, 目前测试未使用域名也能会使用切换到http1.1 或http2

图片from陳風雲

garlic

garlic

ARTS Tip

Comments are closed.