前言#
最近又想從 Caddy 換回 Nginx 了 但是目前 nginx 是默認不支持 HTTP/3 的
要想在 nginx 上使用 HTTP/3 目前有兩種辦法 這裡使用的是官方的 nginx-quic 分支
準備工作#
準備環境#
sudo apt update && sudo apt upgrade -y
sudo apt install build-essential libtool libpcre3-dev zlib1g-dev libzstd-dev unzip cmake ninja-build wget git mercurial
為了防止軟體源中 golang 的版本過舊 我這裡使用手動安裝
::: banner {info}
如果軟體源中 golang 版本 >=1.18 則可以直接使用 apt 安裝
如果已安裝 golang 1.18+ 則無需此步驟
:::
wget https://go.dev/dl/go1.20.3.linux-amd64.tar.gz
rm -rf /usr/local/go && tar -C /usr/local -xzf go1.20.3.linux-amd64.tar.gz
export PATH=$PATH:/usr/local/go/bin
準備原始碼#
創建原始碼資料夾 & 獲取原始碼#
mkdir nginx-quic-src
cd nginx-quic-src
hg clone -b quic https://hg.nginx.org/nginx-quic
# 獲取插件
git clone --recurse-submodules https://github.com/google/ngx_brotli.git
git clone --recurse-submodules https://github.com/tokers/zstd-nginx-module.git
獲取 & 編譯 boringssl#
git clone https://github.com/google/boringssl.git
cd boringssl/
mkdir build
cd build
cmake -GNinja ..
ninja
cd ../../
編譯 & 安裝#
編譯#
./auto/configure \
--with-http_gzip_static_module \
--with-http_ssl_module --with-http_v2_module \
--with-http_v3_module --with-stream_quic_module \
--with-cc-opt="-I../boringssl/include" --with-ld-opt="-L../boringssl/build/ssl -L../boringssl/build/crypto" \
--add-module="../ngx_brotli" \
--add-module="../zstd-nginx-module"
make
安裝#
sudo make install
配置守護服務#
cat <<'TEXT' > /etc/systemd/system/nginx.service
[Unit]
Description=nginx - high performance web server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=/usr/local/nginx/sbin/nginx -s stop
PrivateTmp=true
[Install]
WantedBy=multi-user.target
TEXT
#設置開機自啟動 (可選)
sudo systemctl enable nginx.service
配置#
基本配置#
創建並編輯 /usr/local/nginx/conf/conf.d/nginx.conf
zstd on;
brotli on;
gzip on;
zstd_static on;
brotli_static on;
gzip_static on;
zstd_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;
brotli_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;
gzip_types text/plain application/css text/css application/xml text/javascript application/javascript application/x-javascript application/json;
ssl_protocols TLSv1.2 TLSv1.3;
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
ssl_reject_handshake on;
}
編輯 /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes auto;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
# Load configs
include /usr/local/nginx/conf/conf.d/*.conf;
include /usr/local/nginx/conf/sites-enabled/*;
}
這樣,之後對 nginx 的全局配置可以通過編輯 /usr/local/nginx/conf/conf.d/nginx.conf 來完成
對單個站點的配置可以通過編輯 /usr/local/nginx/conf/sites-enabled/ 下對應的配置文件來完成
以下是一個站點配置 /usr/local/nginx/conf/sites-enabled/example.conf 的示例
server {
listen 443 quic;
listen 443 ssl http2;
listen [::]:443 quic;
listen [::]:443 ssl http2
server_name example.com;
add_header Alt-Svc 'h3=":443"; ma=86400; h3-29=":443"; h3-28=":443";';
ssl_certificate example.com.cer;
ssl_certificate_key example.com.key;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://localhost:1145;
}
}
其中 servername 為該配置文件對應的域名
ssl_certificate 和 ssl_certificate_key 替換為你的 SSL 證書路徑
使用#
當以上配置完成之後 執行
sudo systemctl start nginx.service
如有報錯請自行檢查配置文件
如果有其他問題也可以評論區交流
此文由 Mix Space 同步更新至 xLog
原始鏈接為 https://blog.rikko.moe/posts/default/nginx-quic