nginx1.25.0 mainline已经支持了HTTP3和QUIC了

需要 编译工具 gcc g++ cmake go

yum install -y g++ gcc cmake go git

git clone https://boringssl.googlesource.com/boringssl

#这是nginx的旧方式, 也可以

cd boringssl && mkdir build && cd build && cmake .. && make && cd ../../

#新方式, 有点bug

#cd boringssl && mkdir build && cmake -B build && make -C build && cd ../

编译最新版boringssl go的版本>1.18.9, 我的1.16版本出错了升级后正常, CMake 3.10 or higher is required

这里开始编译nginx, 注意跟quic.nginx.org的测试版有不同, 没有了quic_stream模块

cd nginx-1.25.0
./configure
    --with-debug
    --with-http_v3_module
    --with-cc-opt="-I../boringssl/include"
    --with-ld-opt="-L../boringssl/build/ssl
                   -L../boringssl/build/crypto"
make && make install 

配置, 这里跟quic.nginx.org的测试版有不同, 没有了http3 取而代之的是listen 443 quic

http {
    log_format quic '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http3"';

    access_log logs/access.log quic;

    server {
        # for better compatibility it's recommended
        # to use the same port for quic and https
        listen 443 quic reuseport;
        listen 443 ssl http2 reuseport backlog=8192;;

        ssl_certificate     certs/example.com.crt;
        ssl_certificate_key certs/example.com.key;

        location / {
            # required for browsers to direct them to quic port
            add_header Alt-Svc 'h3=":443"; ma=86400';
        }
    }
}

这里解释下配置:

listen 443 quic reuseport; #配置H3协议守护, 注意reuseport 放在默认虚机即可

add_header Alt-Svc ‘h3=”:443″; ‘; #这个是告知客户端支持H3, 需要这个才会访问到H3

参考文档:

https://nginx.org/en/docs/quic.html

https://boringssl.googlesource.com/boringssl/+/HEAD/BUILDING.md