Mercurial > hg > nginx
comparison README @ 9034:79cd6993a3e3 quic
README: converted to passive voice, LibreSSL support.
author | Sergey Kandaurov <pluknet@nginx.com> |
---|---|
date | Thu, 20 Oct 2022 16:30:43 +0400 |
parents | 98e94553ae51 |
children | 3c33d39a51d3 |
comparison
equal
deleted
inserted
replaced
9033:9076a74f1221 | 9034:79cd6993a3e3 |
---|---|
21 The project code base is under the same BSD license as nginx. | 21 The project code base is under the same BSD license as nginx. |
22 | 22 |
23 The code is currently at a beta level of quality, however | 23 The code is currently at a beta level of quality, however |
24 there are several production deployments with it. | 24 there are several production deployments with it. |
25 | 25 |
26 We are working on improving HTTP/3 support to integrate it into | 26 NGINX Development Team is working on improving HTTP/3 support to |
27 the main NGINX codebase. Thus, expect further updates of this code, | 27 integrate it into the main NGINX codebase. Thus, expect further |
28 including features, changes in behaviour, bug fixes, and refactoring. | 28 updates of this code, including features, changes in behaviour, |
29 We'll be grateful for any feedback and code submissions. | 29 bug fixes, and refactoring. NGINX Development team will be |
30 | 30 grateful for any feedback and code submissions. |
31 You can always contact us via nginx-devel mailing list [3]. | 31 |
32 Please contact NGINX Development Team via nginx-devel mailing list [3]. | |
32 | 33 |
33 What works now: | 34 What works now: |
34 | 35 |
35 We support IETF QUIC version 1. Internet drafts are no longer supported. | 36 IETF QUIC version 1 is supported. Internet drafts are no longer supported. |
36 | 37 |
37 nginx should be able to respond to HTTP/3 requests over QUIC and | 38 nginx should be able to respond to HTTP/3 requests over QUIC and |
38 it should be possible to upload and download big files without errors. | 39 it should be possible to upload and download big files without errors. |
39 | 40 |
40 + The handshake completes successfully | 41 + The handshake completes successfully |
50 + Lost packets are detected and retransmitted properly | 51 + Lost packets are detected and retransmitted properly |
51 + Clients may migrate to new address | 52 + Clients may migrate to new address |
52 | 53 |
53 2. Installing | 54 2. Installing |
54 | 55 |
55 You will need a BoringSSL [4] library that provides QUIC support | 56 A library that provides QUIC support is required to build nginx, there |
57 are several of those available on the market: | |
58 + BoringSSL [4] | |
59 + LibreSSL [5] | |
60 + QuicTLS [6] | |
61 | |
62 Clone the NGINX QUIC repository | |
56 | 63 |
57 $ hg clone -b quic https://hg.nginx.org/nginx-quic | 64 $ hg clone -b quic https://hg.nginx.org/nginx-quic |
58 $ cd nginx-quic | 65 $ cd nginx-quic |
66 | |
67 Use the following command to configure nginx with BoringSSL [4] | |
68 | |
59 $ ./auto/configure --with-debug --with-http_v3_module \ | 69 $ ./auto/configure --with-debug --with-http_v3_module \ |
60 --with-cc-opt="-I../boringssl/include" \ | 70 --with-cc-opt="-I../boringssl/include" \ |
61 --with-ld-opt="-L../boringssl/build/ssl \ | 71 --with-ld-opt="-L../boringssl/build/ssl \ |
62 -L../boringssl/build/crypto" | 72 -L../boringssl/build/crypto" |
63 $ make | 73 $ make |
64 | 74 |
65 Alternatively, nginx can be configured with QuicTLS [5] | 75 Alternatively, nginx can be configured with QuicTLS [6] |
66 | 76 |
67 $ ./auto/configure --with-debug --with-http_v3_module \ | 77 $ ./auto/configure --with-debug --with-http_v3_module \ |
68 --with-cc-opt="-I../quictls/build/include" \ | 78 --with-cc-opt="-I../quictls/build/include" \ |
69 --with-ld-opt="-L../quictls/build/lib" | 79 --with-ld-opt="-L../quictls/build/lib" |
70 | 80 |
71 When configuring nginx, you can enable QUIC and HTTP/3 using the | 81 Alternatively, nginx can be configured with a modern version |
72 following new configuration options: | 82 of LibreSSL [7] |
83 | |
84 $ ./auto/configure --with-debug --with-http_v3_module \ | |
85 --with-cc-opt="-I../libressl/build/include" \ | |
86 --with-ld-opt="-L../libressl/build/lib" | |
87 | |
88 When configuring nginx, it's possible to enable QUIC and HTTP/3 | |
89 using the following new configuration options: | |
73 | 90 |
74 --with-http_v3_module - enable QUIC and HTTP/3 | 91 --with-http_v3_module - enable QUIC and HTTP/3 |
75 --with-stream_quic_module - enable QUIC in Stream | 92 --with-stream_quic_module - enable QUIC in Stream |
76 | 93 |
77 3. Configuration | 94 3. Configuration |
80 HTTP/3 over QUIC on the specified port. | 97 HTTP/3 over QUIC on the specified port. |
81 | 98 |
82 The Stream "listen" directive got a new option "quic" which enables | 99 The Stream "listen" directive got a new option "quic" which enables |
83 QUIC as client transport protocol instead of TCP or plain UDP. | 100 QUIC as client transport protocol instead of TCP or plain UDP. |
84 | 101 |
85 Along with "http3" or "quic", you also have to specify "reuseport" | 102 Along with "http3" or "quic", it's also possible to specify "reuseport" |
86 option [6] to make it work properly with multiple workers. | 103 option [8] to make it work properly with multiple workers. |
87 | 104 |
88 To enable address validation: | 105 To enable address validation: |
89 | 106 |
90 quic_retry on; | 107 quic_retry on; |
91 | 108 |
108 To set host key for various tokens: | 125 To set host key for various tokens: |
109 | 126 |
110 quic_host_key <filename>; | 127 quic_host_key <filename>; |
111 | 128 |
112 | 129 |
113 By default, GSO Linux-specific optimization [8] is disabled. | 130 By default, GSO Linux-specific optimization [10] is disabled. |
114 Enable if your network interface is configured to support GSO. | 131 Enable it in case a corresponding network interface is configured to |
132 support GSO. | |
115 | 133 |
116 A number of directives were added that configure HTTP/3: | 134 A number of directives were added that configure HTTP/3: |
117 | 135 |
118 http3_stream_buffer_size | 136 http3_stream_buffer_size |
119 http3_max_concurrent_pushes | 137 http3_max_concurrent_pushes |
162 | 180 |
163 Known to work: Firefox 90+ and Chrome 92+ (QUIC version 1) | 181 Known to work: Firefox 90+ and Chrome 92+ (QUIC version 1) |
164 | 182 |
165 Beware of strange issues: sometimes browser may decide to ignore QUIC | 183 Beware of strange issues: sometimes browser may decide to ignore QUIC |
166 Cache clearing/restart might help. Always check access.log and | 184 Cache clearing/restart might help. Always check access.log and |
167 error.log to make sure you are using HTTP/3 and not TCP https. | 185 error.log to make sure the browser is using HTTP/3 and not TCP https. |
168 | 186 |
169 * Console clients | 187 * Console clients |
170 | 188 |
171 Known to work: ngtcp2, firefox's neqo and chromium's console clients: | 189 Known to work: ngtcp2, firefox's neqo and chromium's console clients: |
172 | 190 |
175 $ ./neqo-client https://127.0.0.1:8443/ | 193 $ ./neqo-client https://127.0.0.1:8443/ |
176 | 194 |
177 $ chromium-build/out/my_build/quic_client http://example.com:8443 | 195 $ chromium-build/out/my_build/quic_client http://example.com:8443 |
178 | 196 |
179 | 197 |
180 If you've got it right, in the access log you should see something like: | 198 In case everyhing is right, the access log should show something like: |
181 | 199 |
182 127.0.0.1 - - [24/Apr/2020:11:27:29 +0300] "GET / HTTP/3" 200 805 "-" | 200 127.0.0.1 - - [24/Apr/2020:11:27:29 +0300] "GET / HTTP/3" 200 805 "-" |
183 "nghttp3/ngtcp2 client" "quic" | 201 "nghttp3/ngtcp2 client" "quic" |
184 | 202 |
185 | 203 |
186 5. Troubleshooting | 204 5. Troubleshooting |
187 | 205 |
188 Here are some tips that may help you to identify problems: | 206 Here are some tips that may help to identify problems: |
189 | 207 |
190 + Ensure you are building with proper SSL library that supports QUIC | 208 + Ensure nginx is built with proper SSL library that supports QUIC |
191 | 209 |
192 + Ensure you are using the proper SSL library in runtime | 210 + Ensure nginx is using the proper SSL library in runtime |
193 (`nginx -V` will show you what you are using) | 211 (`nginx -V` shows what it's using) |
194 | 212 |
195 + Ensure your client is actually sending requests over QUIC | 213 + Ensure a client is actually sending requests over QUIC |
196 (see "Clients" section about browsers and cache) | 214 (see "Clients" section about browsers and cache) |
197 | 215 |
198 We recommend to start with simple console client like ngtcp2 | 216 We recommend to start with simple console client like ngtcp2 |
199 to ensure you've got server configured properly before trying | 217 to ensure the server is configured properly before trying |
200 with real browsers that may be very picky with certificates, | 218 with real browsers that may be very picky with certificates, |
201 for example. | 219 for example. |
202 | 220 |
203 + Build nginx with debug support [7] and check your debug log. | 221 + Build nginx with debug support [9] and check the debug log. |
204 It should contain all details about connection and why it | 222 It should contain all details about connection and why it |
205 failed. All related messages contain "quic " prefix and can | 223 failed. All related messages contain "quic " prefix and can |
206 be easily filtered out. | 224 be easily filtered out. |
207 | 225 |
208 + If you want to investigate deeper, you may want to enable | 226 + For a deeper investigation, please enable additional debugging |
209 additional debugging in src/event/quic/ngx_event_quic_connection.h: | 227 in src/event/quic/ngx_event_quic_connection.h: |
210 | 228 |
211 #define NGX_QUIC_DEBUG_PACKETS | 229 #define NGX_QUIC_DEBUG_PACKETS |
212 #define NGX_QUIC_DEBUG_FRAMES | 230 #define NGX_QUIC_DEBUG_FRAMES |
213 #define NGX_QUIC_DEBUG_ALLOC | 231 #define NGX_QUIC_DEBUG_ALLOC |
214 #define NGX_QUIC_DEBUG_CRYPTO | 232 #define NGX_QUIC_DEBUG_CRYPTO |
215 | 233 |
216 6. Contributing | 234 6. Contributing |
217 | 235 |
218 If you are willing to contribute, please refer to | 236 Please refer to |
219 http://nginx.org/en/docs/contributing_changes.html | 237 http://nginx.org/en/docs/contributing_changes.html |
220 | 238 |
221 7. Links | 239 7. Links |
222 | 240 |
223 [1] https://datatracker.ietf.org/doc/html/rfc9000 | 241 [1] https://datatracker.ietf.org/doc/html/rfc9000 |
224 [2] https://datatracker.ietf.org/doc/html/rfc9114 | 242 [2] https://datatracker.ietf.org/doc/html/rfc9114 |
225 [3] https://mailman.nginx.org/mailman3/lists/nginx-devel.nginx.org/ | 243 [3] https://mailman.nginx.org/mailman3/lists/nginx-devel.nginx.org/ |
226 [4] https://boringssl.googlesource.com/boringssl/ | 244 [4] https://boringssl.googlesource.com/boringssl/ |
227 [5] https://github.com/quictls/openssl | 245 [5] https://www.libressl.org/ |
228 [6] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen | 246 [6] https://github.com/quictls/openssl |
229 [7] https://nginx.org/en/docs/debugging_log.html | 247 [7] https://github.com/libressl-portable/portable/releases/tag/v3.6.0 |
230 [8] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf | 248 [8] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen |
249 [9] https://nginx.org/en/docs/debugging_log.html | |
250 [10] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf |