Http3.0 properties [1]

• Stream multiplexing
• Flow control at the flow and connection levels
• Low latency connection setup, 0-RTT
• Recovery capability of connection migration and NAT rebinding
• Authenticate encrypted headers and data

BoringSSL compile and install

Nginx-quic’s encryption module uses boringSSL, so compile and install boringSSL first. Install golang first

apt-get install golang-go
Copy the code

Install boringSSL at build

git clone https://boringssl.googlesource.com/boringssl cd boringssl/ mkdir build cd build cmake .. / make -j 8Copy the code

Error while compiling boringSSL:

Go: golang.org/x/[email protected]: Get "https://proxy.golang.org/golang.org/x/crypto/@v/v0.0.0-20200622213623-75b288015ac9.mod" : Dial TCP 172.217.166.145:443: connect: Connection refusedCopy the code

After GOPROXY is set, the compilation succeeds

export GOPROXY=https://goproxy.io
Copy the code

After compiling, manually copy the fixed directory of header files and library files. The directory structure is as follows:

root@ubuntu:/usr/local/thirdparty/boringssl# find ./ -maxdepth 2
./include/openssl
./lib/libssl.a
./lib/libcrypto.a
Copy the code

Nginx-quic compile and install

Nginx-quic is currently under development and has its own development branch, which operates according to the official README [2] guidelines:

hg clone -b quic https://hg.nginx.org/nginx-quic
./auto/configure --with-debug \
                 --prefix=/usr/local/nginx-quic \
                 --with-http_v3_module       \
                 --with-cc-opt="-I/usr/local/thirdparty/boringssl/include"   \
                 --with-ld-opt="-L/usr/local/thirdparty/boringssl/lib"
make -j 8
make install
Copy the code

If you encounter

./auto/configure: error: certain modules require OpenSSL QUIC support.
You can either do not enable the modules, or install the OpenSSL library
into the system, or build the OpenSSL library statically from the source
with nginx by using --with-openssl=<path> option.
Copy the code

Check whether the paths of **–with-cc-opt= and -with-ld-opt=** are correct.

After the installation is complete, view nginx details

# ./sbin/nginx  -V
nginx version: nginx/1.19.2
built by gcc 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04) 
configure arguments: --with-debug --with-openssl=/home/wanghao/worker/opensourcecode/boringssl --prefix=/usr/local/nginx-quic
Copy the code

Nginx configuration file

#user nobody; worker_processes 2; error_log logs/debug.log debug; events { worker_connections 1024; } http { log_format quic '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" "$quic" "$http3"'; access_log logs/access.log quic; server { listen 8443 http3 reuseport; listen 8443 ssl; server_name www.haha.com; client_max_body_size 4G; root /data; ssl_certificate ssl/server.crt; ssl_certificate_key ssl/server.key; Ssl_protocols TLSv1.3; location / { autoindex on; autoindex_exact_size on; autoindex_localtime on; add_header Alt-Svc '$http3=":8443"; ma=86400'; }}}Copy the code

After port 8443 is enabled, you can view the UDP protocol used by nginx

# netstat annp | egrep nginx udp 0 0 0.0.0.0:0.0.0.0:8443 * 37737 / nginx: Master UDP 0 0 0.0.0.0:8443 0.0.0.0:* 37737/nginx: Master Unix 3 [] STREAM CONNECTED 127155 37737/nginx: master unix 3 [ ] STREAM CONNECTED 127156 37737/nginx: master unix 3 [ ] STREAM CONNECTED 127157 37737/nginx: master unix 3 [ ] STREAM CONNECTED 127154 37737/nginx: masterCopy the code

Nginx support for Quic was done quickly according to the official documentation, but quic-enabled clients were a bit of a hassle.

test

TODO

reference

[1] docs. Wxclimb. Top/draft ietf -… [2] quic.nginx.org/readme.html