系统环境
安装必要软件包
apt install build-essential cmake golang mmdb-bin libmaxminddb-dev libxml2 libxslt-dev libatomic-ops-dev libunwind-dev libpcre3 libpcre3-dev
curl https://sh.rustup.rs -sSf | shdnf install cmake gcc gcc-c++ golang libmaxminddb-devel libxml2-devel libxslt-devel libunwind-devel pcre-devel libatomic_ops-devel
curl https://sh.rustup.rs -sSf | sh拉取 Nginx 和相关模块源码
cd /home
wget https://nginx.org/download/nginx-1.23.3.tar.gz
wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v0.10.23.tar.gz
wget https://github.com/openresty/luajit2/archive/refs/tags/v2.1-20230119.tar.gz
wget https://github.com/openresty/lua-resty-core/archive/refs/tags/v0.1.25.tar.gz
wget https://github.com/openresty/lua-resty-lrucache/archive/refs/tags/v0.13.tar.gz
git clone --recursive https://github.com/cloudflare/quiche
git clone https://github.com/kn007/patch.git
git clone https://github.com/cloudflare/zlib.git
git clone https://github.com/google/ngx_brotli.git
git clone https://github.com/openresty/headers-more-nginx-module.git
git clone https://github.com/vision5/ngx_devel_kit.git
git clone https://github.com/leev/ngx_http_geoip2_module.git
git clone https://github.com/aperezdc/ngx-fancyindex.git
git clone https://github.com/arut/nginx-dav-ext-module.git
git clone https://github.com/yaoweibin/ngx_http_substitutions_filter_module.git
cd ngx_brotli
git submodule update --init解压缩
cd /home
tar -xvf nginx-1.23.3.tar.gz
tar -xvf v0.10.23.tar.gz
tar -xvf v2.1-20230119.tar.gz
tar -xvf v0.1.25.tar.gz
tar -xvf v0.13.tar.gz编译 LUAJIT2
cd /home/luajit2-2.1-20230119
make -j4
make install
cd /home/lua-resty-lrucache-0.13
make -j4
make install
cd /home/lua-resty-core-0.1.25
make -j4
make install
rm -rf /usr/local/share/lua/5.1
ln -s /usr/local/lib/lua /usr/local/share/lua/5.1
export LUAJIT_INC=/usr/local/include/luajit-2.1
export LUAJIT_LIB=/usr/local/libzlib 要清除之前的编译
cd /home/zlib
make -f Makefile.in distclean编译 Nginx
先给 Nginx 打支持 HTTP/3 的补丁
cd /home/nginx-1.23.3
patch -p1 < ../patch/nginx_with_quic.patch
# patch -p1 < ../patch/Enable_BoringSSL_OCSP.patchcd /home/nginx-1.23.3
./configure --add-module=../ngx_brotli --with-openssl=../quiche/deps/boringssl --with-quiche=../quiche --with-http_v2_module --with-http_v3_module --with-http_ssl_module --with-http_gzip_static_module --with-http_realip_module --with-threads --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-zlib=../zlib --add-module=../ngx_devel_kit --add-module=../headers-more-nginx-module --add-module=../lua-nginx-module-0.10.23 --with-file-aio --add-module=../ngx_http_geoip2_module --add-module=../ngx-fancyindex --add-module=../nginx-dav-ext-module --add-module=../ngx_http_substitutions_filter_module --with-libatomic --with-http_dav_module --with-http_stub_status_module
make -j4
make install配置动态链接库
vim /etc/ld.so.conf.d/libc.conf添加以下内容:
# libc default configuration
/usr/local/lib刷新链接缓存:
ldconfig添加 NGINX 到系统服务
vim /lib/systemd/system/nginx.service添加以下内容:
# Stop dance for nginx
# =======================
#
# ExecStop sends SIGSTOP (graceful stop) to the nginx process.
# If, after 5s (--retry QUIT/5) nginx is still running, systemd takes control
# and sends SIGTERM (fast shutdown) to the main process.
# After another 5s (TimeoutStopSec=5), and if nginx is alive, systemd sends
# SIGKILL to all the remaining processes in the process group (KillMode=mixed).
#
# nginx signals reference doc:
# http://nginx.org/en/docs/control.html
#
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=network.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/local/nginx/sbin/nginx -t -q -c /etc/nginx/nginx.conf
ExecStart=/usr/local/nginx/sbin/nginx -c /etc/nginx/nginx.conf
ExecReload=/usr/local/nginx/sbin/nginx -s reload
ExecStop=-/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid
TimeoutStopSec=5
KillMode=mixed
[Install]
WantedBy=multi-user.target创建日志文件夹
mkdir /var/log/nginx启用 NGINX 服务
systemctl daemon-reload
systemctl enable nginx启动 NGINX
NGINX 配置文件在 /etc/nginx
在配置文件中添加 HTTP/3 相关配置
server {
# Enable QUIC and HTTP/3.
listen 443 quic reuseport;
# Enable HTTP/2 (optional).
listen 443 ssl http2;
ssl_certificate cert.crt;
ssl_certificate_key cert.key;
# Enable all TLS versions (TLSv1.3 is required for QUIC).
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# Request buffering in not currently supported for HTTP/3.
proxy_request_buffering off;
# Add Alt-Svc header to negotiate HTTP/3.
add_header alt-svc 'h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400';
}启动 NGINX
systemctl start nginx测试 HTTP/3
安装 Firefox Nightly,在 about:config 中打开 network.http.http3.enabled 选项
安装 Google Chrome Canary,添加启动参数 --enable-quic --quic-version=h3-29
