nginx-more
nginx-more copied to clipboard
karljohns0n
HTTP/3
Hello,
nginx-more is based on last version of OpenSSL which isn't supporting HTTP/3 yet.
https://github.com/openssl/openssl/pull/8797
I would have to switch to BoringSSL but I prefer to stay with OpenSSL.. for now.
I will implement it as soon as it supported, soon hopefully!
looks like openssl 3.4 will have full QUIC, no dates on when this will be tho. but it progress.
https://www.openssl.org/roadmap.html
Karl, why don't we now compile nginx-more with Openssl 3.2 that has client side QUIC support?
Hi @skrlance sure, I pushed a build with OpenSSL 3.2, seems to works. Although I think full implementation will be done with 3.4.
As per the info, upcoming NGINX 1.26 stable possibly on April will support http3 without requiring OpenSSL to support it. Till then Karl why don't you compile one now with OpenSSL 3.2 just to experiment. Although, I am not sure how client side QUIC works on NGINX!
Hi @skrlance, I pushed a build with OpenSSL 3.2.1 in aeris-testing repo;
Installed Packages
Name : nginx-more
Version : 1.24.0
Release : 5.el8
Architecture : x86_64
Size : 19 M
Source : nginx-more-1.24.0-5.el8.src.rpm
Repository : @System
From repo : aeris-testing
Summary : A high performance web server and reverse proxy server
URL : http://nginx.org/
nginx version: nginx/1.24.0
custom build maintained on github.com/karljohns0n/nginx-more
built by gcc 8.5.0 20210514 (Red Hat 8.5.0-20) (GCC)
built with OpenSSL 3.2.1 30 Jan 2024
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/cache/client_body --http-proxy-temp-path=/var/lib/nginx/cache/proxy --http-fastcgi-temp-path=/var/lib/nginx/cache/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/cache/uwsgi --http-scgi-temp-path=/var/lib/nginx/cache/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --user=nginx --group=nginx --with-compat --with-file-aio --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_geoip_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-threads --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_slice_module --with-stream_ssl_preread_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection -DTCP_FASTOPEN=23' --with-openssl=modules/openssl-3.2.1 --with-openssl-opt=enable-ktls --with-http_v2_hpack_enc --add-dynamic-module=modules/ngx_modsecurity-1.0.3 --add-module=modules/ngx_pagespeed-1.13.35.2 --add-module=modules/ngx_headers_more-0.37 --add-module=modules/ngx_cache_purge-2.3 --add-module=modules/ngx_brotli-1.0.0rc-2-g6e97 --add-module=modules/ngx_module_vts-0.2.2 --add-module=modules/ngx_http_geoip2_module-3.4 --add-module=modules/ngx_echo-0.63
@skrlance client side QUIC support in recent releases of OpenSSL has nothing to do with NGINX, because it's a web server, not a client. If you must use packages, I'd recommend looking into GetPageSpeed's NGINX Extras. It's a paid repo overall, but I'm using Fedora Linux and it's free. They use QuicTLS for full QUIC support.
