HQY 一个和谐有爱的空间

背景

自2022年6月6日，IETF正式标准化HTTP/3为RFC9114。3年前自己还是用nginx加插件的方式跑起来的--链接：https://vqiu.cn/nginx-ti-yan-http-3-0-cloudflarebu-ding/，一直用接触nginx比较多，近发现nginx单独开了个nginx-quic，如下图所示：

于是尝试将自己的小站也润起来，如此如此，甚是美哉！

操作步骤

1、更新docker-compose文件：

version: '3.9'
services:
  ingress:              
    image: dasskelett/nginx-quic:1.23.3 # 改用该镜像
    container_name: ingress-with-nginx
    restart: always
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443/udp         # udp协议也需要开放出来
      - 443:443/tcp
    volumes:
      - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./config/nginx/conf.d/:/etc/nginx/conf.d:ro
      - ./config/nginx/.auth:/etc/nginx/.auth:ro
      - ./config/nginx/certs/:/etc/nginx/certs:ro
      - ./config/nginx/include/:/etc/nginx/include:ro

networks:
  proxy:
    name: proxy-network

2、nginx 配置文件更新如下：

server {
	listen 443 http3 reuseport;     # 新增
	listen 443 ssl http2;
	server_name vqiu.cn www.vqiu.cn;

	# SSL
	ssl_certificate      certs/www.vqiu.cn.pem;
	ssl_certificate_key  certs/www.vqiu.cn.key;

	# additional config
	#include include/general.conf;

	# security
	include include/security.conf;

	location / {
		set        $upstream_name  ghost;
		set        $upstream_port  2368;
		proxy_pass http://$upstream_name:$upstream_port;
		add_header Alt-Svc 'h3=":$server_port"; ma=86400';   # 新增
		include    include/proxy.conf;
	}

	error_page 497 https://vqiu.cn$request_uri;

	access_log  /var/log/nginx/access_vqiu.cn.log combined buffer=4k flush=10;
	error_log  /var/log/nginx/error_vqiu.cn.log warn;

3、重启

# docker-compose up -d

2023/05/31 更新

自版本1.25开始，已并入到主线，所以我们直接可以使用nginx的mainline镜像即可，配置如下：

• docker-compose.yml

version: '3.9'
services:
  ingress:
    image: nginx:1.25-bullseye
    container_name: ingress-with-nginx
    cpus: 0.2
    mem_limit: 64mb
    restart: always
    networks:
      - proxy
    ports:
      - 80:80
      - 443:443/udp
      - 443:443/tcp
    volumes:
      - ./config/nginx/nginx.conf:/etc/nginx/nginx.conf:ro
      - ./config/nginx/conf.d/:/etc/nginx/conf.d:ro
      - ./config/nginx/.auth:/etc/nginx/.auth:ro
      - ./config/nginx/certs/:/etc/nginx/certs:ro
      - ./config/nginx/include/:/etc/nginx/include:ro

networks:
  proxy:
    name: proxy-network

nginx的配置文件也发生一些改变（可参照：https://nginx.org/en/docs/quic.html)

server {
	listen 443 quic reuseport;
	listen 443 ssl;
	server_name vqiu.cn www.vqiu.cn;
    
	http2                on;
	ssl_certificate      certs/www.vqiu.cn.pem;
	ssl_certificate_key  certs/www.vqiu.cn.key;

	# additional config
	#include include/general.conf;

	# security
	include include/security.conf;

	location / {
		set        $upstream_name  ghost;
		set        $upstream_port  2368;
		proxy_pass http://$upstream_name:$upstream_port;
		add_header Alt-Svc 'h3=":$server_port"; ma=86400';
		include    include/proxy.conf;
	}

	error_page 497 https://vqiu.cn$request_uri;

	access_log  /var/log/nginx/access_vqiu.cn.log combined buffer=4k flush=10;
	error_log  /var/log/nginx/error_vqiu.cn.log warn;

测试

1、 使用http3check

2、使用Chrome浏览器，打开"Protocol"列

参考引用

• [1] https://zh.wikipedia.org/wiki/HTTP/3

• [2] https://quic.nginx.org/

• [3] https://www.nginx.com/blog/binary-packages-for-preview-nginx-quic-http3-implementation/

推荐本站淘宝优惠价购买喜欢的宝贝:

本文链接：https://sg.hqyman.cn/post/9549.html 非本站原创文章欢迎转载，原创文章需保留本站地址！

休息一下~~