[리눅스] nginx HTTP/3(QUIC) 프로토콜 지원

nginx HTTP/3(QUIC) 프로토콜 지원

 

 

 

테스트 환경

$ lsb_release -d
Description:	Ubuntu 22.04.2 LTS

$ openssl version
OpenSSL 3.0.2 15 Mar 2022 (Library: OpenSSL 3.0.2 15 Mar 2022)

필수 구성 요소 설치

sudo apt-get install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring

공식 nginx 서명 키 가져오기

curl -s https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

nginx 패키지를 위한 리포지토리 설정

• mainline

echo "deb http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list

• stable

echo "deb http://nginx.org/packages/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list

sudo apt-get update

nginx 설치

sudo apt-get install -y nginx

nginx 버전 정보

$ nginx -V
nginx version: nginx/1.25.0
built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1)
built with OpenSSL 3.0.2 15 Mar 2022
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_v3_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.25.0/debian/debuild-base/nginx-1.25.0=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

Let's Encrypt(클라이언트) 설치

sudo apt-get update

sudo apt-get -y install certbot python3-certbot-nginx

SSL/TLS 인증서 생성

sudo certbot --nginx -d quic.sangchul.kr

갱신(renewal) 테스트

certbot renew --dry-run

 

참고URL

- HTTP/3란? https://www.cloudflare.com/ko-kr/learning/performance/what-is-http3/

- Module ngx_http_v2_module : https://nginx.org/en/docs/http/ngx_http_v2_module.html

- Module ngx_http_v3_module : https://nginx.org/en/docs/http/ngx_http_v3_module.html

- https://codedamn.com/news/backend/leveraging-http3-with-nginx

- https://qiita.com/girlfellfromsky/items/a0a797b76b5aa35cca68