准备 Nginx 1.25.0版本以后已支持HTTP/3,直接下载源码解压编译安装即可,另需防火墙放行UDP的443端口。
编译安装Boringssl 谷歌官方建议使用ninja来编译安装Boringssl,因此需先安装ninja 。
1 2 3 wget https://github.com/ninja-build/ninja/releases/download/v1.12.1/ninja-linux.zip unzip ninja-linux.zip cp ninja /usr/local /bin/
1 2 3 4 git clone https://boringssl.googlesource.com/boringssl cd boringssl/cmake -GNinja -B build ninja -C build
编译安装Nginx QUIC 开启HTTP/3模块需要使用--with-http_v3_module --with-cc-opt="-I../boringssl-master/include" --with-ld-opt="-L../boringssl-master/build/ssl -L../boringssl-master/build/crypto" 参数。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 wget https://nginx.org/download/nginx-1.27.2.tar.gz tar -zxvf 1.27.2.tar.gz cd nginx-1.27.2./configure --prefix=/usr/local /nginx \ --with-cc=c++ \ --with-debug \ --with-http_v3_module \ --with-cc-opt="-I../boringssl/include -x c" \ --with-ld-opt="-L../boringssl/build/ssl \ -L../boringssl/build/crypto" \... make make install
编译完成后查看Nginx信息。
1 2 3 4 5 6 nginx -V nginx version: nginx/1.27.2 built by gcc 10.2.1 20210110 built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/usr/local /nginx --with-cc=c++ --with-debug --with-http_v3_module --with-cc-opt='-I../boringssl/include -x c' --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
配置Nginx 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 server { listen 443 ssl; listen 443 quic reuseport; listen [::]:443 ssl; listen [::]:443 quic reuseport; http2 on; http3 on; http3_hq on; quic_retry on; quic_gso on; server_name domain.name; add_header Alt-Svc Alt-Svc 'h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, quic=":443"; ma=2592000' ; ... }
配置完成后重新启动Nginx。
测试 可以通过http3check.net 等检测网站或使用浏览器查看协议检测是否启用成功。