准备
Nginx 1.25.0版本以后已支持HTTP/3,直接下载源码解压编译安装即可,另需防火墙放行UDP的443端口。
编译安装Boringssl
谷歌官方建议使用ninja来编译安装Boringssl,因此需先安装ninja。
1
2
3
| wget https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-linux.zip
unzip ninja-linux.zip
cp ninja /usr/local/bin/
|
1
2
3
4
5
6
| git clone https://github.com/google/boringssl.git
cd boringssl/
mkdir build
cd build
cmake -GNinja ..
ninja
|
编译安装Nginx QUIC
开启HTTP/3模块需要使用--with-http_v3_module --with-cc-opt="-I../boringssl-master/include" --with-ld-opt="-L../boringssl-master/build/ssl -L../boringssl-master/build/crypto"参数。
1
2
3
4
5
6
7
8
9
10
11
12
13
| wget https://nginx.org/download/nginx-1.25.1.tar.gz
tar -zxvf 1.25.1.tar.gz
cd nginx-1.25.1
./auto/configure --prefix=/usr/local/nginx \
--with-debug --with-http_v3_module \
--with-cc-opt="-I../boringssl/include" \
--with-ld-opt="-L../boringssl/build/ssl \
-L../boringssl/build/crypto" \
...
make
make install
|
编译完成后查看Nginx信息。
1
2
3
4
5
6
| nginx -V
nginx version: nginx/1.25.1
built by gcc 10.2.1 20210110 (Debian 10.2.1-6)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
|
配置Nginx
1
2
3
4
5
6
7
8
9
10
11
12
| server {
listen 443 ssl;
listen 443 quic reuseport;
listen [::]:443 ssl;
listen [::]:443 quic reuseport;
http2 on;
server_name domain.name;
add_header Alt-Svc 'h3=":443"; ma=86400,h3-29=":443"; ma=86400';
...
}
|
配置完成后重新启动Nginx。
测试
可以通过http3check.net等检测网站或使用浏览器查看协议检测是否启用成功。