系统更新
sudo apt-get update sudo apt-get upgrade -y安装基础依赖
sudo apt-get install libpcre3 libpcre3-dev zlib1g-dev openssl libssl-dev build-essential -y补全HTTP/3依赖
sudo apt-get install libnghttp2-dev -y- 下载Nginx 1.25.5源码(HTTP3 仅支持Nginx-1.25.X以上 根据自己的需求来)
wget http://nginx.org/download/nginx-1.25.5.tar.gz tar -zxvf nginx-1.25.5.tar.gz cd nginx-1.25.5 - 配置编译参数(保留你原有的参数,确保--with-http_v3_module存在)
./configure \ --prefix=/usr/local/nginx \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_v3_module \ --with-http_realip_module \ --with-http_addition_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_mp4_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_stub_status_module \ --with-http_auth_request_module \ --with-threads \ --with-stream \ --with-stream_ssl_module \ --with-stream_ssl_preread_module \ --with-file-aio \ --with-compat 编译并安装
make sudo make install创建全局符号链接
sudo ln -s /usr/local/nginx/sbin/nginx /usr/sbin/nginx验证HTTP/3模块是否编译成功(执行后能看到http_v3_module即成功)
nginx -V 2>&1 | grep http_v3_module启动命令、停止命令、重新加载配置命令
nginx
nginx -s stop
nginx -s reload
Nginx.conf 配置代码如下 给默认的配置删除替换 仅做参考 也可以直接使用 基本按照步骤都会成功 并且可以HTTP3、HTTP2同时开启 以免有些用户浏览器不支持HTTP3 这样就会自动切换至HTTP2 以免造成访问不了的情况
# user nobody;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
server_tokens off;
access_log off;
error_log off;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_comp_level 6;
gzip_types text/plain text/css text/javascript application/json application/javascript application/x-javascript application/xml;
# 80端口强制跳转到HTTPS
server {
listen 80;
server_name 你的域名 www.的域名; # 替换成实际域名
rewrite ^(.*)$ https://$host$1 permanent;
}
# HTTPS + HTTP2 + HTTP3 核心配置
server {
# 监听443端口(TCP+UDP),开启QUIC/HTTP3
listen 443 ssl;
# http2 on; // 需要HTTP2和HTTP3一起运行的可以给注释去掉
listen 443 quic reuseport;
server_name 你的域名 www.你的域名; # 替换成实际域名
# SSL证书配置(替换成你的真实SSL证书路径)
ssl_certificate /usr/local/nginx/conf/cert/fullchain.pem; # 证书公钥
ssl_certificate_key /usr/local/nginx/conf/cert/privkey.key; # 证书私钥
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
http3 on;
add_header Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000';
add_header Strict-Transport-Security "max-age=31536000" always;
location / {
root /usr/local/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ /\.ht {
deny all;
}
}
}
弄好之后 需要在云厂商的云服务器的安全组里面确保 自定义 TCP 443、自定义 UDP 443 这两个是开着的,自定义 UDP 443 没有就手动增加,这两个不开 HTTP3访问不了会出现意外的报错。
