随着最近 Nginx-Quic 分支被合并到了 Nginx 主线,Nginx 1.25.0 版本官方二进制包已经支持 Quic/HTTP3,感兴趣的朋友可以前往 https://nginx.org/en/download.html 或 https://nginx.org/en/linux_packages.html 下载安装,体验一下 Quic/HTTP3 的魅力,本文将主要为您介绍如何通过编译的方式开启 Quic/HTTP3。
安装依赖 1 2 3 4 5 6 7 8 9 10 11 12 13 14 apt update apt install build-essential ca-certificates zlib1g-dev libpcre2-dev tar unzip libssl-dev wget curl git cmake ninja-build libunwind-dev pkg-config libxml2-dev libxslt1-dev libgd-dev libgeoip-dev libperl-dev sudo sucd /rootapt update apt install build-essential ca-certificates zlib1g-dev libpcre2-dev tar unzip libssl-dev wget curl git cmake ninja-build libunwind-dev pkg-config libxml2-dev libxslt1-dev libgd-dev libgeoip-dev libperl-dev dnf update dnf install gcc gcc-c++ pcre-devel openssl-devel zlib-devel cmake make libunwind-devel git wget libxml2-devel libxslt-devel gd-devel geoip-devel perl-devel dnf update dnf install gcc gcc-c++ pcre-devel openssl-devel zlib-devel cmake make git wget libxml2-devel libxslt-devel gd-devel geoip-devel perl-devel
安装Go
其实这里现在没什么用了,不知道从哪次提交开始,官方已经绕开了golang
下载并解压 1 2 wget https://dl.google.com/go/go1.24.4.linux-amd64.tar.gz rm -rf /usr/local/go && tar -C /usr/local -xzf go1.24.4.linux-amd64.tar.gz
请注意系统架构,本文以 x86_64 为例,如果你的系统架构不是 x86_64,请自行修改下载链接。
添加环境变量 1 export PATH=$PATH :/usr/local/go/bin
具体可参考https://go.dev/doc/install
验证是否安装成功
考虑国内用户访问官方较慢,故设置代理 1 export GOPROXY=https://mirrors.cloud.tencent.com/go/
编译 boringssl Debian/Ubuntu 1 2 3 4 5 6 7 git clone --depth=1 https://github.com/google/boringssl.git cd boringsslcmake -GNinja -B build -DCMAKE_BUILD_TYPE=Release ninja -C build cd ../..
CentOS 8 Stream/TencentOS Server 3.1/OpenCloudOS Server 8 1 2 3 4 5 6 7 8 9 git clone --depth=1 https://github.com/google/boringssl.git cd boringsslmkdir buildcd buildcmake -DCMAKE_BUILD_TYPE=Release .. make cd ../..
安装 brotli 压缩
不需要请跳过,并在编译时删除–add-module=../ngx_brotli
1 2 3 4 5 6 git clone --recurse-submodules -j8 https://github.com/google/ngx_brotli cd ngx_brotli/deps/brotlimkdir out && cd outcmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed .. cmake --build . --config Release --target brotlienc cd ../../../..
编译安装quic
注意: 本人是直接在 /root 目录下编译的,如果你在其他目录下,请自行修改路径; 如果你不需要 brotli 压缩,请删除–add-module=/root/ngx_brotli 本人将 Nginx 安装在 /www/server/nginx 目录下,如果你需要修改,请自行修改路径;
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 git clone https://github.com/nginx/nginx.git cd nginx./auto/configure \ --prefix=/www/server/nginx \ --user=www-data \ --group=www-data \ --with-debug \ --with-http_v3_module \ --with-cc=c++ \ --with-cc-opt='-g -O2 -Werror=implicit-function-declaration -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -Wdate-time -D_FORTIFY_SOURCE=2 -I../boringssl/include -x c' \ --with-ld-opt='-Wl,-z,relro -Wl,-z,now -L../boringssl/build -L../boringssl/build/ssl -L../boringssl/build/crypto -lssl -lcrypto -lstdc++' \ --add-module=../ngx_brotli \ --with-compat \ --with-pcre-jit \ --with-http_ssl_module \ --with-http_stub_status_module \ --with-http_realip_module \ --with-http_auth_request_module \ --with-http_v2_module \ --with-http_dav_module \ --with-http_slice_module \ --with-threads \ --with-http_addition_module \ --with-http_flv_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_mp4_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_sub_module \ --with-mail_ssl_module \ --with-stream_ssl_module \ --with-stream_ssl_preread_module \ --with-stream_realip_module make make install
添加 www 用户 大部分系统下默认存在着www-data
用户组和www-data
用户,如果没有请执行以下命令添加。
1 2 groupadd www-data useradd -g www-data -s /sbin/nologin www-data
添加进程管理
本人使用的是 systemd,如果你使用的是其他进程管理,请自行修改
1 vim /usr/lib/systemd/system/nginx.service
输入如下内容:
1 2 3 4 5 6 7 8 9 10 11 12 13 [Unit] Description=nginx After=network.target [Service] Type=forking ExecStart=/www/server/nginx/sbin/nginx ExecReload=/www/server/nginx/sbin/nginx -s reload ExecStop=/www/server/nginx/sbin/nginx -s quit PrivateTmp=true [Install] WantedBy=multi-user.target
启动
开机自启
配置文件 示例配置文件如下,更多特性请参考官方文档:https://nginx.org/en/docs/http/ngx_http_v3_module.html
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 server { listen 443 ssl; listen [::]:443 ssl; listen 443 quic reuseport; listen [::]:443 quic reuseport; http2 on ; server_name r2wind.cn; add_header Alt-Svc 'h3=":443"; ma=86400' ; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" ; location / { root /www/wwwroot/r2wind.cn; index index.html index.htm; } ssl_certificate /root/.acme.sh/smb.wiki/fullchain.cer; ssl_certificate_key /root/.acme.sh/smb.wiki/smb.wiki.key; ssl_session_timeout 5m ; ssl_protocols TLSv1.2 TLSv1.3 ; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE; ssl_prefer_server_ciphers on ; }
配置完成后,重载 Nginx 即可生效