随着最近 Nginx-Quic 分支被合并到了 Nginx 主线,Nginx 1.25.0 版本官方二进制包已经支持 Quic/HTTP3,感兴趣的朋友可以前往 https://nginx.org/en/download.html 或 https://nginx.org/en/linux_packages.html 下载安装,体验一下 Quic/HTTP3 的魅力,本文将主要为您介绍如何通过编译的方式开启 Quic/HTTP3。
# Debian 11或12
apt update
apt install build-essential ca-certificates zlib1g-dev libpcre3 libpcre3-dev tar unzip libssl-dev wget curl git cmake ninja-build mercurial libunwind-dev pkg-config
# Ubuntu 22.04或20.04
sudo su
cd /root
apt update
apt install build-essential ca-certificates zlib1g-dev libpcre3 libpcre3-dev tar unzip libssl-dev wget curl git cmake ninja-build mercurial libunwind-dev pkg-config
# CentOS 8 Stream/TencentOS Server 3.1
dnf update
dnf install gcc gcc-c++ pcre-devel openssl-devel zlib-devel cmake make libunwind-devel hg git wget
# OpenCloudOS Server 8
dnf update
dnf install gcc gcc-c++ pcre-devel openssl-devel zlib-devel cmake make hg git wget
wget https://dl.google.com/go/go1.22.1.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.22.1.linux-amd64.tar.gz
请注意系统架构,本文以 x86_64 为例,如果你的系统架构不是 x86_64,请自行修改下载链接。
export PATH=$PATH:/usr/local/go/bin
具体可参考https://go.dev/doc/install
go version
export GOPROXY=https://mirrors.cloud.tencent.com/go/
git clone --depth=1 https://github.com/google/boringssl.git
cd boringssl
mkdir build
cd build
cmake -GNinja ..
ninja
cd ../..
git clone --depth=1 https://github.com/google/boringssl.git
cd boringssl
mkdir build
cd build
cmake -DCMAKE_BUILD_TYPE=Release ..
make
cd ../..
不需要请跳过,并在编译时删除--add-module=../ngx_brotli
git clone --recurse-submodules -j8 https://github.com/google/ngx_brotli
cd ngx_brotli/deps/brotli
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
cd ../../../..
注意: 本人是直接在 /root 目录下编译的,如果你在其他目录下,请自行修改路径;
如果你不需要 brotli 压缩,请删除--add-module=/root/ngx_brotli
本人将 Nginx 安装在 /www/server/nginx 目录下,如果你需要修改,请自行修改路径;
hg clone https://hg.nginx.org/nginx
cd nginx
./auto/configure --user=www --group=www --prefix=/www/server/nginx --with-pcre --add-module=/root/ngx_brotli --with-http_v2_module --with-stream --with-stream_ssl_module --with-http_ssl_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --with-ld-opt=-Wl,-E --with-cc-opt=-Wno-error --with-ld-opt=-ljemalloc --with-http_dav_module --with-http_v3_module --with-cc=c++ --with-cc-opt="-I../boringssl/include -x c" --with-ld-opt="-L../boringssl/build/ssl -L../boringssl/build/crypto"
make
make install
groupadd www
useradd -g www -s /sbin/nologin www
本人使用的是 systemd,如果你使用的是其他进程管理,请自行修改vim /usr/lib/systemd/system/nginx.service输入如下内容:
[Unit]
Description=nginx
After=network.target
[Service]
Type=forking
ExecStart=/www/server/nginx/sbin/nginx
ExecReload=/www/server/nginx/sbin/nginx -s reload
ExecStop=/www/server/nginx/sbin/nginx -s quit
PrivateTmp=true
[Install]
WantedBy=multi-user.target
systemctl start nginx
systemctl enable nginx
示例配置文件如下,更多特性请参考官方文档:https://nginx.org/en/docs/http/ngx_http_v3_module.html
server {
listen 443 ssl;
listen [::]:443 ssl;
# 用于支持Quic或HTTP/3
listen 443 quic reuseport;
listen [::]:443 quic reuseport;
# 用以支持HTTP/2
http2 on;
server_name r2wind.cn;
# Quic或HTTP/3响应头
add_header Alt-Svc 'h3=":443"; ma=86400';
# HSTS
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
location / {
root /www/wwwroot/r2wind.cn;
index index.html index.htm;
}
# 证书配置
ssl_certificate /root/.acme.sh/smb.wiki/fullchain.cer;
ssl_certificate_key /root/.acme.sh/smb.wiki/smb.wiki.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
}
配置完成后,重载 Nginx 即可生效
systemctl reload nginx
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。