Asuka Miya

Asuka Miya

HomeArchives

Enable HTTP/3 support for your website using Nginx-quic.

77
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This article discusses how to switch from Caddy to Nginx in order to use HTTP/3. It provides step-by-step instructions on how to prepare the environment, obtain the necessary source code and plugins, compile and install Nginx with HTTP/3 support, configure the daemon service, and configure the basic settings for Nginx. It also includes an example site configuration. The article concludes by mentioning that if there are any errors or other issues, readers can ask for help in the comments section.

Preface#

Recently, I wanted to switch back to Nginx from Caddy, but currently Nginx does not support HTTP/3 by default. There are two ways to use HTTP/3 on Nginx, and here we are using the official nginx-quic branch.

Preparation#

Environment Setup#

sudo apt update && sudo apt upgrade -y
sudo apt install build-essential libtool libpcre3-dev zlib1g-dev libzstd-dev unzip cmake ninja-build wget git mercurial
sudo bash -c "$(curl -fsSL https://pacstall.dev/q/install)"
pacstall -I go-bin

Restart your terminal.

Source Code Preparation#

Create Source Code Folder & Get Source Code#

mkdir nginx-quic-src
cd nginx-quic-src
hg clone https://hg.nginx.org/nginx-quic
# Get plugins
git clone --recurse-submodules https://github.com/google/ngx_brotli.git --depth=1
git clone --recurse-submodules https://github.com/tokers/zstd-nginx-module.git --depth=1

Get & Compile BoringSSL#

git clone https://github.com/google/boringssl.git --depth=1
cd boringssl/
mkdir build
cd build
cmake -GNinja ..
ninja -j$(nproc --all)
cd ../../nginx-quic

Compile & Install#

Compilation#

./auto/configure \
 --with-http_gzip_static_module \
 --with-debug \
 --with-http_ssl_module --with-http_v2_module \
 --with-http_v3_module --with-stream_quic_module \
 --with-cc-opt="-I../boringssl/include" --with-ld-opt="-L../boringssl/build/ssl -L../boringssl/build/crypto" \
 --add-module="../ngx_brotli" \
 --add-module="../zstd-nginx-module"

make

Installation#

sudo make install

Configure Daemon Service#

cat <<'TEXT' > /etc/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true

[Install]
WantedBy=multi-user.target
TEXT
# Set to start on boot (optional)
sudo systemctl enable nginx.service

Configuration#

Basic Configuration#

Create and edit /usr/local/nginx/conf/conf.d/nginx.conf

zstd on;
brotli on;
gzip on;

zstd_static on;
brotli_static on;
gzip_static  on;

zstd_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;
brotli_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;
gzip_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;

ssl_protocols TLSv1.2 TLSv1.3;
server { 
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_reject_handshake on;
}

Edit /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes  auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    # Load configs
    include /usr/local/nginx/conf/conf.d/*.conf;
    include /usr/local/nginx/conf/sites-enabled/*;
}

This way, global configurations for Nginx can be done by editing /usr/local/nginx/conf/conf.d/nginx.conf. Configuration for individual sites can be done by editing the corresponding configuration file under /usr/local/nginx/conf/sites-enabled/. Here is an example of a site configuration in /usr/local/nginx/conf/sites-enabled/example.conf:

server {
    listen 443 quic;
    listen 443 http2;
    listen [::]:443 quic;
    listen [::]:443 http2
    server_name example.com;
    add_header Alt-Svc 'h3=":443"; ma=86400; h3-29=":443"; h3-28=":443";';
    ssl_certificate example.com.cer;
    ssl_certificate_key example.com.key;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://localhost:1145;
    }
}

In the above configuration, servername corresponds to the domain name of the configuration file. Replace ssl_certificate and ssl_certificate_key with your SSL certificate path.

Usage#

After completing the above configuration, execute

sudo systemctl start nginx.service

If there are any errors, please check the configuration files. If you have any other questions, you can also discuss them in the comments.

This article is synchronized and updated to xLog by Mix Space.
The original link is https://blog.rikko.moe/posts/Z-TURN/build_nginx-quic

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.