利用nginx将HTTP/3.0 愉快地耍起来
背景
自2022年6月6日,IETF正式标准化HTTP/3为RFC9114。3年前自己还是用nginx加插件的方式跑起来的--链接:https://vqiu.cn/nginx-ti-yan-http-3-0-cloudflarebu-ding/,一直用接触nginx比较多,近发现nginx单独开了个nginx-quic,如下图所示:
于是尝试将自己的小站也润起来,如此如此,甚是美哉!
操作步骤
1、更新docker-compose文件:
version: '3.9'
services:
ingress:
image: dasskelett/nginx-quic:1.23.3 # 改用该镜像
container_name: ingress-with-nginx
restart: always
networks:
- proxy
ports:
- 80:80
- 443:443/udp # udp协议也需要开放出来
- 443:443/tcp
volumes:
- ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/nginx/conf.d/:/etc/nginx/conf.d:ro
- ./config/nginx/.auth:/etc/nginx/.auth:ro
- ./config/nginx/certs/:/etc/nginx/certs:ro
- ./config/nginx/include/:/etc/nginx/include:ro
networks:
proxy:
name: proxy-network2、nginx 配置文件更新如下:
server {
listen 443 http3 reuseport; # 新增
listen 443 ssl http2;
server_name vqiu.cn www.vqiu.cn;
# SSL
ssl_certificate certs/www.vqiu.cn.pem;
ssl_certificate_key certs/www.vqiu.cn.key;
# additional config
#include include/general.conf;
# security
include include/security.conf;
location / {
set $upstream_name ghost;
set $upstream_port 2368;
proxy_pass http://$upstream_name:$upstream_port;
add_header Alt-Svc 'h3=":$server_port"; ma=86400'; # 新增
include include/proxy.conf;
}
error_page 497 https://vqiu.cn$request_uri;
access_log /var/log/nginx/access_vqiu.cn.log combined buffer=4k flush=10;
error_log /var/log/nginx/error_vqiu.cn.log warn;3、重启
# docker-compose up -d 2023/05/31 更新
自版本1.25开始,已并入到主线,所以我们直接可以使用nginx的mainline镜像即可,配置如下:
- docker-compose.yml
version: '3.9'
services:
ingress:
image: nginx:1.25-bullseye
container_name: ingress-with-nginx
cpus: 0.2
mem_limit: 64mb
restart: always
networks:
- proxy
ports:
- 80:80
- 443:443/udp
- 443:443/tcp
volumes:
- ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
- ./config/nginx/conf.d/:/etc/nginx/conf.d:ro
- ./config/nginx/.auth:/etc/nginx/.auth:ro
- ./config/nginx/certs/:/etc/nginx/certs:ro
- ./config/nginx/include/:/etc/nginx/include:ro
networks:
proxy:
name: proxy-networknginx的配置文件也发生一些改变(可参照:https://nginx.org/en/docs/quic.html)
server {
listen 443 quic reuseport;
listen 443 ssl;
server_name vqiu.cn www.vqiu.cn;
http2 on;
ssl_certificate certs/www.vqiu.cn.pem;
ssl_certificate_key certs/www.vqiu.cn.key;
# additional config
#include include/general.conf;
# security
include include/security.conf;
location / {
set $upstream_name ghost;
set $upstream_port 2368;
proxy_pass http://$upstream_name:$upstream_port;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
include include/proxy.conf;
}
error_page 497 https://vqiu.cn$request_uri;
access_log /var/log/nginx/access_vqiu.cn.log combined buffer=4k flush=10;
error_log /var/log/nginx/error_vqiu.cn.log warn;测试
1、 使用http3check
2、使用Chrome浏览器,打开"Protocol"列
