nginx quic分支地址http://hg.nginx.org/nginx-quic,下载gz或者zip压缩包
boringssl地址https://github.com/google/boringssl.git,下载zip压缩包
编译boringssl
yum install gcc-c++ libunwind-devel golang cmake; /opt/boringssl-master/; mkdir build; cd build; cmake ../; make -j 4;
编译nginx-quic,boringssl位置只与代码所在位置有关,因为没有make install
./auto/configure --prefix=/opt/nginx --with-http_slice_module --with-http_realip_module --with-http_geoip_module --without-poll_module --without-select_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --without-http_fastcgi_module --without-http_uwsgi_module --without-http_scgi_module --with-threads --with-http_stub_status_module --with-http_sub_module --with-http_gzip_static_module --with-http_gunzip_module --with-file-aio --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-openssl-opt=enable-tls1_3 --with-stream_realip_module --with-stream_geoip_module --with-http_ssl_module --with-http_v2_module --with-pcre-jit --with-stream_quic_module --with-http_v3_module --with-cc-opt="-I /opt/boringssl-master/include" --with-ld-opt="-L /opt/boringssl-master/build/ssl -L /opt/boringssl-master/build/crypto"; make -j 4;
备份旧的nginx,替换后重启nginx,然后修改配置文件
listen 443 http3 reuseport;
listen 443 ssl http2;
server_name xxx.com;
ssl_protocols TLSv1.2 TLSv1.3;
# ssl_protocols TLSv1.3;
quic_retry on;
ssl_early_data on;
quic_gso on;
add_header Alt-Svc 'quic=":443"; ma=86400';
ssl_prefer_server_ciphers on;
一般来说ssl协议要放宽到1.2才能实现兼容性,配置文件大致如上
