构建支持HTTP3协议的Nginx镜像，并上传到DockerHub说明 Nginx从1.25.0开始支持QUIC和HTT

说明

Nginx从1.25.0开始支持QUIC和HTTP/3协议。此外，从1.25.0开始，Linux二进制包中提供了QUIC和HTTP/3支持。这里构建一个Nginx的镜像，支持HTTP3

所使用的的Dockerfile

# 基础镜像
FROM ubuntu:jammy

# 安装依赖
RUN apt-get update
RUN apt-get install build-essential cmake libpcre3 libpcre3-dev  openssl libssl-dev  zlib1g-dev git wget software-properties-common -y
RUN add-apt-repository ppa:longsleep/golang-backports -y
RUN apt-get update
RUN apt-get install golang-go -y

# 克隆boringssl
RUN git clone --depth=1 https://github.com/google/boringssl.git

# 编译boringssl
RUN cd boringssl && mkdir build && cd build && cmake .. && make && cd ../../

# 下载Nginx源码
RUN wget https://nginx.org/download/nginx-1.25.2.tar.gz

# 解压源码
RUN tar xf nginx-1.25.2.tar.gz

# 编译Nginx
RUN cd nginx-1.25.2 && ./configure  --prefix=/usr/local/nginx \
    --with-debug \
    --with-http_v3_module \
    --with-http_v2_module \
    --with-cc-opt="-I../boringssl/include"    --with-ld-opt="-L../boringssl/build/ssl  -L../boringssl/build/crypto" && make && make install

# 基础镜像
FROM ubuntu:jammy

# 将第一阶段生成的文件拷贝到当前镜像中

COPY --from=0 /usr/local/nginx  /usr/local/nginx

# 开放端口

EXPOSE 80 443

CMD ["/usr/local/nginx/sbin/nginx", "-g", "daemon off;"]

构建镜像

docker build . -t postkarte/nginx-quic:v1.0

将镜像上传到DockerHub

docker push postkarte/nginx-quic:v1.0

运行测试

由于HTTP3底层基于UDP，所以在docker暴露端口时候需要暴露udp的443端口

docker run -d  -p 443:443/tcp -p 443:443/udp  -v /root/nginx-quic/nginx.conf:/usr/local/nginx/conf/nginx.conf  -v /root/nginx-quic/ssl:/etc/nginx/certs   postkarte/nginx-quic:v1.0

nginx.conf配置文件如下

worker_processes  1;
events {
    worker_connections  65535;
}
http {
    log_format quic '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $bodNginx从1.25.0开始支持QUIC和HTTP/3协议。此外，从1.25.0开始，Linux二进制包中提供了QUIC和HTTP/3支持。y_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http3"';
    access_log logs/access.log quic;
    server {
        server_name www.example.top;
        # for better compatibility it's recommended
        # to use the same port for http/3 and https
        listen 443 quic reuseport;
        listen 443 ssl;
        ssl_certificate     /etc/nginx/certs/cert.pem;
        ssl_certificate_key /etc/nginx/certs/key.pem;
        ssl_protocols       TLSv1.3; # QUIC requires TLS 1.3
        location / {
            # used to advertise the availability of HTTP/3
            add_header Alt-Svc 'h3=":443"; ma=86400';
        }
    }
}

使用网站测试

可以使用该网站进行测试 http3check.net/

构建支持HTTP3协议的Nginx镜像，并上传到DockerHub

说明

所使用的的Dockerfile

构建镜像

将镜像上传到DockerHub

运行测试

nginx.conf配置文件如下

使用网站测试

参考链接