sudo apt install -y mercurial libperl-dev libpcre3-dev zlib1g-dev libxslt1-dev libgd-ocaml-dev libgeoip-dev ninja-build golang
- 下载nginx dav增强模块。
git clone https://github.com/arut/nginx-dav-ext-module.git
- 编译boringssl
git clone https://github.com/google/boringssl
cd boringssl
mkdir build
cd build
cmake -GNinja ..
ninja
cd ../..
- 编译nginx参数
./configure \
--with-http_v3_module \
--with-http_v2_module \
--with-stream \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-http_stub_status_module \
--with-http_ssl_module \
--with-http_image_filter_module \
--with-http_gzip_static_module \
--with-http_gunzip_module \
--with-http_sub_module \
--with-http_flv_module \
--with-http_addition_module \
--with-http_realip_module \
--with-http_mp4_module \
--with-ld-opt=-Wl,-E \
--with-cc-opt=-Wno-error \
--with-http_dav_module \
--add-module=../nginx-dav-ext-module/ \
--with-cc-opt=-I../boringssl/include \
--with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' \
--with-openssl-opt='enable-tls1_3'
遇到的问题
提示 没有安装GD library:
./configure: error: the HTTP image filter module requires the GD library.
You can either do not enable the module or install the libraries.
解决:
sudo apt-get install -y libgd-dev
如果在安装libgd-dev时提示找不到
在 vim /etc/apt/sources.list 中添加一行ubuntu 的镜像源
deb http://security.ubuntu.com/ubuntu trusty-security main
提示 没有 GeoIp library
./configure: error: the GeoIP module requires the GeoIP library.
You can either do not enable the module or install the library.
解决
sudo apt-get install libgeoip-dev
warning: the "--with-ipv6" option is deprecated
nginx开机自启
- 检查nginx配置
sudo /usr/local/nginx/sbin/nginx -t -c /usr/local/nginx/conf/nginx.conf
- 修改nginx.service
sudo vim /lib/systemd/system/nginx.service
- 修改结果如下:
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target nss-lookup.target
[Service]
Type=forking
PIDFile=/usr/local/nginx/logs/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -g 'daemon on; master_process on;'
ExecStart=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;'
ExecReload=/usr/local/nginx/sbin/nginx -g 'daemon on; master_process on;' -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /usr/local/nginx/logs/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target
- 重启nginx
sudo systemctl daemon-reload
sudo systemctl restart nginx.service
迁移配置文件(可选)
- 创建vhost文件夹,用于迁移虚拟主机
sudo mkdir /usr/local/nginx/vhost
- 编辑conf文件
sudo vim /usr/local/nginx/conf/nginx.conf
在http大括号下面新增
include /usr/local/nginx/vhost/*.conf;
注意事项
- 确保服务器UDP协议443端口已经打开。
- 对于vhost,需要开启端口复用功能,且只开一个server的即可。
- 参考nginx配置如下:
server
{
listen 80;
listen 443 ssl http2;
listen 443 quic reuseport;
http3 on;
http3_hq on;
quic_retry on;
ssl_early_data on;
quic_gso on;
server_name www.http5.cn;
index index.php index.html index.htm default.php default.htm default.html;
add_header Alt-Svc 'h3=":443"; ma=86400';
location / {
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Nginx-Proxy true;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:9000/;
}
#SSL-START SSL相关配置,请勿删除或修改下一行带注释的404规则
#error_page 404/404.html;
#HTTP_TO_HTTPS_START
if ($server_port !~ 443){
rewrite ^(/.*)$ https://$host$1 permanent;
}
...
}
- 关键配置2个,对于第一行
listen 443 quic reuseport;
,如果有多个server复用端口选项只需要在任意一个server里面填写就好了。对于第二行,其他的server也需要。
listen 443 quic reuseport;
add_header Alt-Svc 'h3=":443"; ma=86400';
- 下面的选项为可选项,默认可以不加,具体可以参考官方文档。
http3 on;
http3_hq on;
quic_retry on;
ssl_early_data on;
quic_gso on;
检查是否开启http3成功
- 进入这个网站:https://http3check.net/
- 输入你的域名,测试一下。
- 显示下面的图片则说明服务器开启http3成功了。
浏览器开启http3
chrome://flags
搜索quic,默认是default,也是开启
- 浏览器打开f12,进入Network(网络),然后右键,勾选显示协议,可以看到h3样式。