Nginx 在 1.25.0 版本中将 QUIC 分支并入主线,正式支持 HTTP/3
下载源代码
NGINX
wget https://nginx.org/download/nginx-1.25.3.tar.gz
tar -zxvf nginx-1.25.3.tar.gz
cd nginx-1.25.3-src
BoringSSL
git clone https://boringssl.googlesource.com/boringssl
PCRE2
前往 Releases · PCRE2Project/pcre2 (github.com) 下载最新版本。
Nginx 模块
这是笔者使用到的模块列表,可根据实际需要自行修改
- ngx_brotli
- nginx-http-concat
- ngx-fancyindex
- ngx_devel_kit
- ngx_cache_purge
- ngx_http_substitutions_filter_module
- nginx-dav-ext-module
编译
BoringSSL
Google 官方推荐使用 Ninja 进行编译。
cd boringssl
cmake -GNinja -B build
ninja -C build
NGINX
./configure --user=www --group=www --prefix=/www/server/nginx --add-module=/www/server/nginx/src/ngx_devel_kit --add-module=/www/server/nginx/src/ngx_cache_purge --with-pcre=pcre2-10.42 --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --add-module=/www/server/nginx/src/ngx_http_substitutions_filter_module-master --with-ld-opt=-Wl,-E --with-cc-opt=-Wno-error --with-ld-opt=-ljemalloc --with-http_dav_module --add-module=/www/server/nginx/src/nginx-dav-ext-module --add-module=/www/server/nginx/src/ngx_brotli --add-module=/www/server/nginx/src/ngx-fancyindex --with-http_v3_module --with-cc-opt=-I./boringssl/include --with-ld-opt='-L./boringssl/build/ssl -L./boringssl/build/crypto'
make
测试
先结束 Nginx,替换旧版本后重新启动。
查看当前 Nginx 版本:
root@mail:~# nginx -V
nginx version: nginx/1.25.3
built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/www/server/nginx --add-module=/www/server/nginx/src/ngx_devel_kit --add-module=/www/server/nginx/src/ngx_cache_purge --with-pcre=pcre2-10.42 --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-http_sub_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --add-module=/www/server/nginx/src/ngx_http_substitutions_filter_module-master --with-ld-opt=-Wl,-E --with-cc-opt=-Wno-error --with-ld-opt=-ljemalloc --with-http_dav_module --add-module=/www/server/nginx/src/nginx-dav-ext-module --add-module=/www/server/nginx/src/ngx_brotli --add-module=/www/server/nginx/src/ngx-fancyindex --with-http_v3_module --with-cc-opt=-I./boringssl/include --with-ld-opt='-L./boringssl/build/ssl -L./boringssl/build/crypto'
配置文件
示例
server {
listen 80;
listen 443 quic;
listen 443 ssl;
http2 on;
add_header Alt-Svc 'h3=":443"; ma=86400';
server_name aiccrop.com ...;
ssl_early_data on;
......
}
Comments NOTHING