nginx-quic 体验——筑梦之路

nginx-quic编译安装

操作系统： centos 7 minal x86_64

nginx-quic：https://quic.nginx.org/readme.html 官方安装文档

安装常用工具：
yum install -y lrzsz wget curl unzip vim hg git gcc-c++ make automake openssl-devel

# CentOS 安装libunwind扩展库
yum install libunwind-devel -y

#安装go
wget https://dl.google.com/go/go1.15.2.linux-amd64.tar.gz
tar -C /usr/local -xzf go1.15.2.linux-amd64.tar.gz
# 设置系统环境变量，也可以写入到profile中
export PATH=$PATH:/usr/local/go/bin
export PATH=$PATH:$HOME/.cargo/bin
export GOROOT=/usr/local/go
export GOBIN=$GOROOT/bin
export PATH=$PATH:$GOBIN
#设置国内代理
go env -w GOPROXY=https://goproxy.cn,direct

#安装cmake3
wget https://cmake.org/files/v3.16/cmake-3.16.0-rc2.tar.gz
tar xvzf cmake-3.16.0-rc2.tar.gz
cd cmake-3.16.0-rc2
#yum install -y gcc-c++ make automake openssl-devel
./bootstrap
gmake
gmake install

cmake --version

#boringssl库
git clone https://github.com/google/boringssl.git
cd boringssl
mkdir build
cd build 
cmake ../
make

###报错解决
https://blog.csdn.net/aria_miazzy/article/details/107532236

src/event/ngx_event_quic_transport.c: In function ‘ngx_quic_create_stream’:
src/event/ngx_event_quic_transport.c:54:9: error: comparison is always true due to limited range of data type [-Werror=type-limits]
      : ((uint32_t) value) <= 16383 ? 2                                        \
         ^
src/event/ngx_event_quic_transport.c:1299:15: note: in expansion of macro ‘ngx_quic_varint_len’
         len = ngx_quic_varint_len(sf->type);
               ^
cc1: all warnings being treated as errors
make[1]: *** [objs/src/event/ngx_event_quic_transport.o] Error 1
make[1]: Leaving directory `/root/nginx-quic'
make: *** [build] Error 2

####
cd nginx-quic\objs
 
vi Makefile
 
找到 CFLAGS = -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I../boringssl/include将-Werror参数去掉。

#安装rust
curl https://sh.rustup.rs -sSf | sh

#下载源码并配置
$ hg clone -b quic https://hg.nginx.org/nginx-quic
$ cd nginx-quic
$ ./auto/configure --with-debug --with-http_v3_module       \
    --with-stream_quic_module --with-http_ssl_module --with-http_v2_module \
                       --with-cc-opt="-I../boringssl/include"   \
                       --with-ld-opt="-L../boringssl/build/ssl  \
                                      -L../boringssl/build/crypto"

--with-http_v3_module     - enable QUIC and HTTP/3
        --with-http_quic_module   - enable QUIC for older HTTP versions
        --with-stream_quic_module - enable QUIC in Stream

make && make install

#配置nginx:
server {
    listen 443 ssl http2;              # TCP listener for HTTP/2
    listen 443 http3 reuseport;  # UDP listener for QUIC+HTTP/3
 
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # QUIC requires TLS 1.3
    ssl_certificate     ssl/www.example.com.crt;
    ssl_certificate_key ssl/www.example.com.key;
 
    add_header Alt-Svc 'quic=":443"; h3-27=":443";h3-25=":443"; h3-T050=":443"; h3-Q050=":443";h3-Q049=":443";h3-Q048=":443"; h3-Q046=":443"; h3-Q043=":443"'; # Advertise that QUIC is available
    
    location / {
                # required for browsers to direct them into quic port
        add_header Alt-Svc '$http3=":443"; ma=86400';
    }

}

firewall-cmd --zone=public --add-port=443/udp --permaent
firewall-cmd --reload

#openssl自签名证书
https://www.cnblogs.com/hnxxcxg/p/7610582.html

#生成私钥：
openssl genrsa -des3 -out server.key 1024

#证书签名请求
openssl req -new -key server.key -out server.csr

说明：需要依次输入国家，地区，城市，组织，组织单位，Common Name和Email。其中Common Name，可以写自己的名字或者域名，

如果要支持https，Common Name应该与域名保持一致，否则会引起浏览器警告
#删除私钥密码：
openssl rsa -in server.key -out server.key

#生成自签名证书
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

#配置流媒体服务器
需要使用nginx-rtmp模块，需要重新编译
#下载nginx-rtmp模块 
git clone https://github.com/arut/nginx-rtmp-module.git
重新配置
./auto/configure --with-http_v3_module --with-stream --with-http_quic_module --with-http_gunzip_module \
    --with-stream_quic_module --with-http_ssl_module --with-http_v2_module --add-module=/opt/nginx-rtmp-module --with-http_stub_status_module --with-pcre --with-http_dav_module --with-http_flv_module --with-http_mp4_module \
                       --with-cc-opt="-I../boringssl/include"   \
                       --with-ld-opt="-L../boringssl/build/ssl  \
                                      -L../boringssl/build/crypto"
                                      
                                      
                                      
                                      
make && make install

#流媒体配置：
这里自己编译的始终不行，还需要再研究研究。
https://github.com/evansun922/nginx-quic 参考此开源项目

    
参考文章：
https://www.nange.cn/quic-and-http3-for-nginx.html
https://blog.csdn.net/maimang1001/article/details/103603434
https://blog.csdn.net/aria_miazzy/article/details/107532236

简单安装方式：
https://www.mingilin.com/2020/11/06/centos/centos-nginx-quic/
https://copr.fedorainfracloud.org/coprs/ryoh/nginx-quic/

Centos 7:
sudo yum install epel-release
sudo yum install centos-release-scl
sudo yum install yum-plugin-copr
sudo yum copr enable ryoh/nginx-quic
sudo yum install nginx-quic

Centos 8:
sudo dnf install epel-release
sudo dnf copr enable ryoh/nginx-quic
sudo dnf install nginx-quic

增加配置：
listen 443 http3 reuseport;  # UDP listener for QUIC+HTTP/3
ssl_protocols TLSv1.3; # QUIC requires TLS 1.3
add_header Alt-Svc '$http3=":443"; ma=86400'; # Advertise that QUIC is available
add_header QUIC-Status $quic;