nginx-quic是nginx正在开发中的支持http3的版本
目前网上大部分的文章都是基于源码编译安装的
下面介绍个可以直接yum安装的版本:
https://copr.fedorainfracloud.org/coprs/ryoh/nginx-quic/
安装
For CentOS 7 :
sudo yum install epel-release
sudo yum install centos-release-scl
sudo yum install yum-plugin-copr
sudo yum copr enable ryoh/nginx-quic
sudo yum install nginx-quic
For CentOS 8
sudo dnf install epel-release
sudo dnf copr enable ryoh/nginx-quic
sudo dnf install nginx-quic
注意:nginx 与 nginx-quic 不能共存,注意备份数据
配置:
在server{}
中添加
listen 443 http3 reuseport; # UDP listener for QUIC+HTTP/3
ssl_protocols TLSv1.3; # QUIC requires TLS 1.3
add_header Alt-Svc \'$http3=\":443\"; ma=86400\'; # Advertise that QUIC is available
# 在新版本中$http3变量不存在,使用下面的替换
# add_header Alt-Svc \'h3-27=\":443\"; h3-28=\":443\"; h3-29=\":443\"; ma=86400; quic=\":443\"\';
add_header QUIC-Status $quic;
报错处理
首次启动失败
nginx: [emerg] cannot load certificate \"/etc/pki/tls/certs/localhost.crt\": BIO_new_file() ...
是因为在/etc/nginx/vhost.d/http/00-default.conf
有配置本地签名
可以将其改名 00-default.conf_bak
或者在本地生成一个证书
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt
nginx: [emerg] unknown \"http3\" variable
将 server{}配置中的
add_header Alt-Svc \'$http3=\":443\"; ma=86400\'; # Advertise that QUIC is available
改成
add_header Alt-Svc \'h3-27=\":443\"; h3-28=\":443\"; h3-29=\":443\"; ma=86400; quic=\":443\"\';
并且将log_format.conf(/etc/nginx/conf.d/http)中的$http3
去掉
参考文档
https://copr.fedorainfracloud.org/coprs/ryoh/nginx-quic/
https://serverfault.com/questions/648534/accidently-removed-localhost-crt-ssl-in-centos-6-what-can-i-do
https://zhuanlan.zhihu.com/p/159100819