准备
Nginx 1.25.0版本以后已支持HTTP/3,直接下载源码解压编译安装即可,另需防火墙放行UDP的443端口。
编译安装Boringssl
谷歌官方建议使用ninja来编译安装Boringssl,因此需先安装ninja。
1 2 3
| wget https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-linux.zip unzip ninja-linux.zip cp ninja /usr/local/bin/
|
1 2 3 4 5 6
| git clone https://github.com/google/boringssl.git cd boringssl/ mkdir build cd build cmake -GNinja .. ninja
|
编译安装Nginx QUIC
开启HTTP/3模块需要使用--with-http_v3_module --with-cc-opt="-I../boringssl-master/include" --with-ld-opt="-L../boringssl-master/build/ssl -L../boringssl-master/build/crypto"参数。
1 2 3 4 5 6 7 8 9 10 11 12 13
| wget https://nginx.org/download/nginx-1.25.1.tar.gz tar -zxvf 1.25.1.tar.gz cd nginx-1.25.1 ./auto/configure --prefix=/usr/local/nginx \ --with-debug --with-http_v3_module \ --with-cc-opt="-I../boringssl/include" \ --with-ld-opt="-L../boringssl/build/ssl \ -L../boringssl/build/crypto" \ ...
make make install
|
编译完成后查看Nginx信息。
1 2 3 4 5 6
| nginx -V nginx version: nginx/1.25.1 built by gcc 10.2.1 20210110 (Debian 10.2.1-6) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
|
配置Nginx
1 2 3 4 5 6 7 8 9 10 11 12
| server { listen 443 ssl; listen 443 quic reuseport; listen [::]:443 ssl; listen [::]:443 quic reuseport; http2 on; server_name domain.name;
add_header Alt-Svc 'h3=":443"; ma=86400,h3-29=":443"; ma=86400'; ... }
|
配置完成后重新启动Nginx。
测试
可以通过http3check.net等检测网站或使用浏览器查看协议检测是否启用成功。