2 min read

Nginx 体验HTTP/3.0 (Cloudflare补丁)

Cloudflare提供了一个补丁来支持Nginx的HTTP/3.0(我们使用Cloudflare的HTTP/3.0库Quiche。目前它与兼容HTTP/3.0草案23)。

建立

安装rust

$ curl https://sh.rustup.rs -sSf | sh
$ source $HOME/.cargo/env

如果你是使用脚本自动编译安装,请将source $HOME/.cargo/env加入到脚本

编译安装如下

$ curl -O https://nginx.org/download/nginx-1.16.1.tar.gz
$ tar xzvf nginx-1.16.1.tar.gz

$ git clone --recursive https://github.com/cloudflare/quiche

$ cd nginx-1.16.1
$ patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch

$ ./configure                                 \
       --prefix=$PWD                           \
       --with-http_ssl_module                  \
       --with-http_v2_module                   \
       --with-http_v3_module                   \
       --with-openssl=../quiche/deps/boringssl \
       --with-quiche=../quiche
 $ make

编译依赖 cmake,YUM安装的cmake 过低(版本需要3.0以上),需进行编译安装或者使用yum --enablerepo=epel install cmake3

同时依赖libunwind-devel golang

编辑nginx.conf

events {
    worker_connections  1024;
}

http {
    server {
        # Enable QUIC and HTTP/3.
        listen 443 quic reuseport;
        listen 443 ssl http2;

        ssl_certificate      cert.crt;
        ssl_certificate_key  cert.key;

        # Enable all TLS versions (TLSv1.3 is required for QUIC).
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

        # Add Alt-Svc header to negotiate HTTP/3.
        add_header alt-svc 'h3-23=":443"; ma=86400';
    }
}

连接测试

与quiche示例客户端连接(与23版草案协商

quiche$ cargo build --examples
quiche$ target/debug/examples/http3-client https://127.0.0.1:4433/index.html --no-verify   |head -n3
<!DOCTYPE html>
<html>
<head>

HTTP/3.0 访问日志

$ tail ./logs/access.log 
172.24.110.155 - - [29/Nov/2019:11:45:22 +0800] "GET /index.html HTTP/3" 505 145 "-" "quiche"
172.24.110.155 - - [29/Nov/2019:11:45:37 +0800] "GET /index.html HTTP/3" 505 145 "-" "quiche"
172.24.110.155 - - [29/Nov/2019:11:45:38 +0800] "GET /index.html HTTP/3" 505 145 "-" "quiche"
172.24.110.155 - - [29/Nov/2019:11:45:39 +0800] "GET /index.html HTTP/3" 505 145 "-" "quiche"
172.24.110.155 - - [29/Nov/2019:11:45:39 +0800] "GET /index.html HTTP/3" 505 145 "-" "quiche"
172.24.110.155 - - [29/Nov/2019:11:45:40 +0800] "GET /index.html HTTP/3" 505 145 "-" "quiche"
HTTP3.0报文通信图

Docker 体验

docker run -it -p 443:443 -p 443:443/udp \
  -v $PWD/nginx.conf:/usr/local/nginx/conf/nginx.conf \
  -v /root/cert/ssl.com.cn.pem:/etc/ssl/certs/server.crt \
  -v /root/cert/ssl.com.cn.key:/etc/ssl/private/server.key \
  nwtgck/nginx-http3

测试站点

业界状态

参考指南