秋明 | CentOS7下编译nginx支持quic等[cloudflare,nginx-1.16.1]

参照：

https://github.com/cloudflare/quiche/tree/master/extras/nginx

https://vqiu.cn/nginx-ti-yan-http-3-0-cloudflarebu-ding/

https://github.com/cloudflare/quiche

1、升级cmake
参照：https://www.jianshu.com/p/d5dd6514526a
yum remove cmake
cd /opt
wget https://github.com/Kitware/CMake/releases/download/v3.14.5/cmake-3.14.5-Linux-x86_64.tar.gz
tar zxvf cmake-3.14.5-Linux-x86_64.tar.gz

编辑：/etc/profile.d/cmake.sh

export CMAKE_HOME=/opt/cmake-3.14.5-Linux-x86_64
export PATH=$PATH:$CMAKE_HOME/bin

1 2	export CMAKE_HOME=/opt/cmake-3.14.5-Linux-x86_64 export PATH=$PATH:$CMAKE_HOME/bin

source /etc/profile

cmake -version
2、安装golang等
yum install go -y
yum install cargo -y
yum install openssl openssl-devel -y
yum install 一些别的需要用到的组件，比如：gcc编译环境等
3、编译安装nginx
来源：https://blog.cloudflare.com/experiment-with-http-3-using-nginx-and-quiche/
curl -O https://nginx.org/download/nginx-1.16.1.tar.gz
tar xvzf nginx-1.16.1.tar.gz
git clone –recursive https://github.com/cloudflare/quiche
cd nginx-1.16.1
patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch

% ./configure \
–prefix=$PWD \
–with-http_ssl_module \
–with-http_v2_module \
–with-http_v3_module \
–with-openssl=../quiche/deps/boringssl \
–with-quiche=../quiche
% make

这里需要注意一个事项，就是编译的过程中会找一些依赖，需要科学上网一下才行。不然对应的依赖拉不下来【或者直接在国外的服务器上面进行编译也可以】

4、配置启动

events {
    worker_connections  1024;
}

http {
    server {
        # Enable QUIC and HTTP/3.
        listen 443 quic reuseport;

        # Enable HTTP/2 (optional).
        listen 443 ssl http2;

        ssl_certificate      cert.crt;
        ssl_certificate_key  cert.key;

        # Enable all TLS versions (TLSv1.3 is required for QUIC).
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
        
        # Add Alt-Svc header to negotiate HTTP/3.
        add_header alt-svc 'h3-23=":443"; ma=86400';
    }
}

events {

worker_connections 1024;

}

http {

server {

# Enable QUIC and HTTP/3.

listen 443 quic reuseport;

# Enable HTTP/2 (optional).

listen 443 ssl http2;

ssl_certificate cert.crt;

ssl_certificate_key cert.key;

# Enable all TLS versions (TLSv1.3 is required for QUIC).

ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

# Add Alt-Svc header to negotiate HTTP/3.

add_header alt-svc 'h3-23=":443"; ma=86400';

}

5、测试验证
参照：https://halfrost.com/quic_start/#1
curl客户端：https://github.com/curl/curl/blob/master/docs/HTTP3.md#quiche-version

[root@tyumen-test curl]# ./src/curl -vo /dev/null https://quic.tyumen.cn/css/litespeed.min-010419.css --http3
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0*   Trying 10.10.10.15:443...
* Sent QUIC client Initial, ALPN: h3-25h3-24h3-23
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* h3 [:method: GET]
* h3 [:path: /css/litespeed.min-010419.css]
* h3 [:scheme: https]
* h3 [:authority: quic.tyumen.cn]
* h3 [user-agent: curl/7.69.0-DEV]
* h3 [accept: */*]
* Using HTTP/3 Stream ID: 0 (easy handle 0x1a7d320)
> GET /css/litespeed.min-010419.css HTTP/3
> Host: quic.tyumen.cn
> user-agent: curl/7.69.0-DEV
> accept: */*
>
< HTTP/3 200
< server: nginx
< date: Sat, 04 Apr 2020 14:39:34 GMT
< content-type: text/css
< content-length: 200229
< last-modified: Wed, 19 Feb 2020 10:38:14 GMT
< vary: Accept-Encoding
< etag: "5e4d1016-30e25"
< expires: Sat, 04 Apr 2020 14:39:44 GMT
< cache-control: max-age=10
< alt-svc: h3-25=":443"; ma=86400
< accept-ranges: bytes
<
{ [6142 bytes data]
100  195k  100  195k    0     0   560k      0 --:--:-- --:--:-- --:--:--  558k
* Connection #0 to host quic.tyumen.cn left intact

[root@tyumen-test curl]# ./src/curl -vo /dev/null https://quic.tyumen.cn/css/litespeed.min-010419.css --http3

% Total % Received % Xferd Average Speed Time Time Time Current

Dload Upload Total Spent Left Speed

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 10.10.10.15:443...

* Sent QUIC client Initial, ALPN: h3-25h3-24h3-23

0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* h3 [:method: GET]

* h3 [:path: /css/litespeed.min-010419.css]

* h3 [:scheme: https]

* h3 [:authority: quic.tyumen.cn]

* h3 [user-agent: curl/7.69.0-DEV]

* h3 [accept: */*]

* Using HTTP/3 Stream ID: 0 (easy handle 0x1a7d320)

> GET /css/litespeed.min-010419.css HTTP/3

> Host: quic.tyumen.cn

> user-agent: curl/7.69.0-DEV

> accept: */*

< HTTP/3 200

< server: nginx

< date: Sat, 04 Apr 2020 14:39:34 GMT

< content-type: text/css

< content-length: 200229

< last-modified: Wed, 19 Feb 2020 10:38:14 GMT

< vary: Accept-Encoding

< etag: "5e4d1016-30e25"

< expires: Sat, 04 Apr 2020 14:39:44 GMT

< cache-control: max-age=10

< alt-svc: h3-25=":443"; ma=86400

< accept-ranges: bytes

{ [6142 bytes data]

100 195k 100 195k 0 0 560k 0 --:--:-- --:--:-- --:--:-- 558k

* Connection #0 to host quic.tyumen.cn left intact

上面的报文回应能够看到响应头的协议是HTTP/3了。然后抓包查看发现传输的数据通过udp进行的数据传输，比如：

22:51:54.682129 IP (tos 0x0, ttl 53, id 12067, offset 0, flags [DF], proto UDP (17), length 1228)
    10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 1200
22:51:54.684362 IP (tos 0x0, ttl 64, id 57217, offset 0, flags [DF], proto UDP (17), length 227)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5a3c -> 0x7c1c!] UDP, length 199
22:51:54.684391 IP (tos 0x0, ttl 64, id 57218, offset 0, flags [DF], proto UDP (17), length 1224)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5e21 -> 0x16a7!] UDP, length 1196
22:51:54.684403 IP (tos 0x0, ttl 64, id 57219, offset 0, flags [DF], proto UDP (17), length 1225)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5e22 -> 0x26db!] UDP, length 1197
22:51:54.684410 IP (tos 0x0, ttl 64, id 57220, offset 0, flags [DF], proto UDP (17), length 906)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5ce3 -> 0xb494!] UDP, length 878
22:51:54.689627 IP (tos 0x0, ttl 53, id 12069, offset 0, flags [DF], proto UDP (17), length 1228)
    10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 1200
22:51:54.689634 IP (tos 0x0, ttl 53, id 12070, offset 0, flags [DF], proto UDP (17), length 138)
    10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 110
22:51:54.689636 IP (tos 0x0, ttl 53, id 12071, offset 0, flags [DF], proto UDP (17), length 89)
    10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 61
22:51:54.689812 IP (tos 0x0, ttl 64, id 57223, offset 0, flags [DF], proto UDP (17), length 98)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59bb -> 0xb0fd!] UDP, length 70
22:51:54.689831 IP (tos 0x0, ttl 64, id 57224, offset 0, flags [DF], proto UDP (17), length 527)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5b68 -> 0x707a!] UDP, length 499
22:51:54.689836 IP (tos 0x0, ttl 64, id 57225, offset 0, flags [DF], proto UDP (17), length 71)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59a0 -> 0x79fa!] UDP, length 43
22:51:54.689841 IP (tos 0x0, ttl 64, id 57226, offset 0, flags [DF], proto UDP (17), length 71)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59a0 -> 0xac17!] UDP, length 43
22:51:54.689847 IP (tos 0x0, ttl 64, id 57227, offset 0, flags [DF], proto UDP (17), length 96)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59b9 -> 0x9ba3!] UDP, length 68
22:51:54.689874 IP (tos 0x0, ttl 64, id 57228, offset 0, flags [DF], proto UDP (17), length 71)
    10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59a0 -> 0xf67c!] UDP, length 43
22:51:54.690071 IP (tos 0x0, ttl 53, id 12072, offset 0, flags [DF], proto UDP (17), length 71)
    10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 43
22:51:54.690077 IP (tos 0x0, ttl 53, id 12073, offset 0, flags [DF], proto UDP (17), length 71)
    10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 43
22:51:54.690078 IP (tos 0x0, ttl 53, id 12074, offset 0, flags [DF], proto UDP (17), length 167)
    10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 139
22:51:54.690097 IP (tos 0x0, ttl 64, id 57229, offset 0, flags [DF], proto UDP (17), length 71)

22:51:54.682129 IP (tos 0x0, ttl 53, id 12067, offset 0, flags [DF], proto UDP (17), length 1228)

10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 1200

22:51:54.684362 IP (tos 0x0, ttl 64, id 57217, offset 0, flags [DF], proto UDP (17), length 227)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5a3c -> 0x7c1c!] UDP, length 199

22:51:54.684391 IP (tos 0x0, ttl 64, id 57218, offset 0, flags [DF], proto UDP (17), length 1224)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5e21 -> 0x16a7!] UDP, length 1196

22:51:54.684403 IP (tos 0x0, ttl 64, id 57219, offset 0, flags [DF], proto UDP (17), length 1225)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5e22 -> 0x26db!] UDP, length 1197

22:51:54.684410 IP (tos 0x0, ttl 64, id 57220, offset 0, flags [DF], proto UDP (17), length 906)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5ce3 -> 0xb494!] UDP, length 878

22:51:54.689627 IP (tos 0x0, ttl 53, id 12069, offset 0, flags [DF], proto UDP (17), length 1228)

10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 1200

22:51:54.689634 IP (tos 0x0, ttl 53, id 12070, offset 0, flags [DF], proto UDP (17), length 138)

10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 110

22:51:54.689636 IP (tos 0x0, ttl 53, id 12071, offset 0, flags [DF], proto UDP (17), length 89)

10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 61

22:51:54.689812 IP (tos 0x0, ttl 64, id 57223, offset 0, flags [DF], proto UDP (17), length 98)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59bb -> 0xb0fd!] UDP, length 70

22:51:54.689831 IP (tos 0x0, ttl 64, id 57224, offset 0, flags [DF], proto UDP (17), length 527)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x5b68 -> 0x707a!] UDP, length 499

22:51:54.689836 IP (tos 0x0, ttl 64, id 57225, offset 0, flags [DF], proto UDP (17), length 71)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59a0 -> 0x79fa!] UDP, length 43

22:51:54.689841 IP (tos 0x0, ttl 64, id 57226, offset 0, flags [DF], proto UDP (17), length 71)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59a0 -> 0xac17!] UDP, length 43

22:51:54.689847 IP (tos 0x0, ttl 64, id 57227, offset 0, flags [DF], proto UDP (17), length 96)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59b9 -> 0x9ba3!] UDP, length 68

22:51:54.689874 IP (tos 0x0, ttl 64, id 57228, offset 0, flags [DF], proto UDP (17), length 71)

10.10.10.15.https > 10.0.2.6.42136: [bad udp cksum 0x59a0 -> 0xf67c!] UDP, length 43

22:51:54.690071 IP (tos 0x0, ttl 53, id 12072, offset 0, flags [DF], proto UDP (17), length 71)

10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 43

22:51:54.690077 IP (tos 0x0, ttl 53, id 12073, offset 0, flags [DF], proto UDP (17), length 71)

10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 43

22:51:54.690078 IP (tos 0x0, ttl 53, id 12074, offset 0, flags [DF], proto UDP (17), length 167)

10.0.2.6.42136 > 10.10.10.15.https: [udp sum ok] UDP, length 139

22:51:54.690097 IP (tos 0x0, ttl 64, id 57229, offset 0, flags [DF], proto UDP (17), length 71)

原理：https://www.cnblogs.com/mod109/p/7372577.html

ats的quic版本：https://github.com/apache/trafficserver/tree/quic-latest

秋明

CentOS7下编译nginx支持quic等[cloudflare,nginx-1.16.1]

发表评论

发表评论取消回复

CentOS7下编译nginx支持quic等[cloudflare,nginx-1.16.1]

发表评论

发表评论 取消回复

发表评论取消回复