Kana

Kana

HomeArchives

Compiling and Using Nginx-quic

68
AI Translation
This post is translated from Chinese into English through AI.View Original
AI-generated summary
This article provides instructions on how to switch from Caddy to Nginx and enable HTTP/3 support on Nginx. It suggests using the official nginx-quic branch for this purpose. The article outlines the necessary preparations, including updating the environment, installing dependencies, and manually installing the latest version of golang. It then guides the reader through the process of obtaining the nginx-quic source code, fetching the required plugins, and compiling and installing the software. The article also includes instructions for configuring the nginx service and provides sample configurations for basic and site-specific settings. The article concludes with instructions on how to start the nginx service and troubleshoot any potential issues.

Preface#

Recently, I wanted to switch back from Caddy to Nginx, but currently Nginx does not support HTTP/3 by default. There are currently two ways to use HTTP/3 on Nginx, and here we use the official nginx-quic branch.

Preparation#

Prepare the environment#

sudo apt update && sudo apt upgrade -y
sudo apt install build-essential libtool libpcre3-dev zlib1g-dev libzstd-dev unzip cmake ninja-build wget git mercurial

To prevent the version of Golang in the software source from being too old, I will manually install it here.

::: banner {info}
If the version of Golang in the software source is >=1.18, you can directly use apt to install it.
If Golang 1.18+ is already installed, this step is not necessary.
:::

wget https://go.dev/dl/go1.20.3.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.3.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin

Prepare the source code#

Create the source code folder & get the source code#

mkdir nginx-quic-src
cd nginx-quic-src
hg clone -b quic https://hg.nginx.org/nginx-quic
# Get the plugins
git clone --recurse-submodules https://github.com/google/ngx_brotli.git
git clone --recurse-submodules https://github.com/tokers/zstd-nginx-module.git

Get & compile boringssl#

git clone https://github.com/google/boringssl.git
cd boringssl/
mkdir build
cd build
cmake -GNinja ..
ninja
cd ../../

Compile & install#

Compile#

./auto/configure \
 --with-http_gzip_static_module \
 --with-http_ssl_module --with-http_v2_module \
 --with-http_v3_module --with-stream_quic_module \
 --with-cc-opt="-I../boringssl/include" --with-ld-opt="-L../boringssl/build/ssl -L../boringssl/build/crypto" \
 --add-module="../ngx_brotli" \
 --add-module="../zstd-nginx-module"

make

Install#

sudo make install

Configure the daemon service#

cat <<'TEXT' > /etc/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
After=network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true

[Install]
WantedBy=multi-user.target
TEXT
# Set to start on boot (optional)
sudo systemctl enable nginx.service

Configuration#

Basic configuration#

Create and edit /usr/local/nginx/conf/conf.d/nginx.conf

zstd on;
brotli on;
gzip on;

zstd_static on;
brotli_static on;
gzip_static  on;

zstd_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;
brotli_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;
gzip_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;

ssl_protocols TLSv1.2 TLSv1.3;
server { 
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_reject_handshake on;
}

Edit /usr/local/nginx/conf/nginx.conf

#user  nobody;
worker_processes  auto;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    # Load configs
    include /usr/local/nginx/conf/conf.d/*.conf;
    include /usr/local/nginx/conf/sites-enabled/*;
}

This way, the global configuration of Nginx can be completed by editing /usr/local/nginx/conf/conf.d/nginx.conf.
The configuration for individual sites can be completed by editing the corresponding configuration file under /usr/local/nginx/conf/sites-enabled/.
Here is an example of a site configuration /usr/local/nginx/conf/sites-enabled/example.conf.

server {
    listen 443 quic;
    listen 443 ssl http2;
    listen [::]:443 quic;
    listen [::]:443 ssl http2
    server_name example.com;
    add_header Alt-Svc 'h3=":443"; ma=86400; h3-29=":443"; h3-28=":443";';
    ssl_certificate example.com.cer;
    ssl_certificate_key example.com.key;

    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_pass http://localhost:1145;
    }
}

Where servername is the domain name corresponding to this configuration file.
Replace ssl_certificate and ssl_certificate_key with your SSL certificate path.

Usage#

After the above configuration is completed, execute

sudo systemctl start nginx.service

If there is an error, please check the configuration file.
If you have any other questions, you can also discuss them in the comments.

This article is synchronized and updated to xLog by Mix Space.
The original link is https://blog.rikko.moe/posts/default/nginx-quic

Loading...
Ownership of this post data is guaranteed by blockchain and smart contracts to the creator alone.