Skip to content
Branch: master
Find file History
Latest commit a27c2b8 Nov 8, 2019
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
README.md extras/nginx: add Alt-Svc header in example configuration Oct 17, 2019
nginx-1.16.patch extras/nginx: sync patch Nov 7, 2019

README.md

Requirements

Note that in addition to the dependencies required for building quiche you'll also need any dependency that might be required for building NGINX itself.

NGINX will need to be built against BoringSSL, not OpenSSL, to work properly with quiche. This is done automatically during the build process described below.

Once OpenSSL merges support for QUIC it will be possible to build using OpenSSL as well.

Building

The first step is to download and unpack the NGINX source code. Note that the HTTP/3 and QUIC patch only works with the 1.16.x release branch (the latest stable release being 1.16.1).

 % curl -O https://nginx.org/download/nginx-1.16.1.tar.gz
 % tar xzvf nginx-1.16.1.tar.gz

As well as quiche, the underlying implementation of HTTP/3 and QUIC:

 % git clone --recursive https://github.com/cloudflare/quiche

Next you’ll need to apply the patch to NGINX:

 % cd nginx-1.16.1
 % patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch

And finally build NGINX with HTTP/3 support enabled:

 % ./configure                                 \
       --prefix=$PWD                           \
       --with-http_ssl_module                  \
       --with-http_v2_module                   \
       --with-http_v3_module                   \
       --with-openssl=../quiche/deps/boringssl \
       --with-quiche=../quiche
 % make

The above command instructs the NGINX build system to enable the HTTP/3 support (--with-http_v3_module) by using the quiche library found in the path it was previously downloaded into (--with-quiche=../quiche).

Running

The following configuration file can be used as a starting point to enable HTTP/3 support:

events {
    worker_connections  1024;
}

http {
    server {
        # Enable QUIC and HTTP/3.
        listen 443 quic reuseport;

        # Enable HTTP/2 (optional).
        listen 443 ssl http2;

        ssl_certificate      cert.crt;
        ssl_certificate_key  cert.key;

        # Enable all TLS versions (TLSv1.3 is required for QUIC).
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;

        # Add Alt-Svc header to negotiate HTTP/3.
        add_header alt-svc 'h3-23=":443"; ma=86400';
    }
}

List of configuration directives

http3_max_concurrent_streams

syntax: http3_max_concurrent_streams number;

default: http3_max_concurrent_streams 128;

context: http, server

Limits the maximum number of concurrent HTTP/3 streams in a connection.

http3_max_requests

syntax: http3_max_requests number;

default: http3_max_requests 1000;

context: http, server

Limits the maximum number of requests that can be served on a single HTTP/3 connection, after which the next client request will lead to connection closing and the need of establishing a new connection.

http3_max_header_size

syntax: http3_max_header_size size;

default: http3_max_header_size 16k;

context: http, server

Limits the maximum size of the entire request header list after QPACK decompression.

http3_initial_max_data

syntax: http3_initial_max_data size;

default: http3_initial_max_data 10m;

context: http, server

Sets the per-connection incoming flow control limit.

http3_initial_max_stream_data

syntax: http3_initial_max_stream_data size;

default: http3_initial_max_stream_data 1m;

context: http, server

Sets the per-stream incoming flow control limit.

http3_idle_timeout

syntax: http3_idle_timeout time;

default: http3_idle_timeout 3m;

context: http, server

Sets the timeout of inactivity after which the connection is closed.

List of variables

$http3

"h3" if HTTP/3 was negotiated, or an empty string otherwise.

You can’t perform that action at this time.