ProHoster > Блог > ozi ịntanetị > Cloudflare emejuputala modul iji kwado HTTP/3 na NGINX

Cloudflare emejuputala modul iji kwado HTTP/3 na NGINX

Ụlọ ọrụ Cloudflare kwadebere na modul iji nye nkwado maka protocol HTTP/3 na NGINX. Emebere modul a ka mgbakwunye na ọbaakwụkwọ nke Cloudflare mepụtara Quiche site na mmejuputa nke QUIC na HTTP/3 protocol njem. Edere koodu quiche na Rust, mana NGINX modul n'onwe ya ka edere ya na C wee banye n'ọbá akwụkwọ site na iji njikọ dị ike. Mmepe meghere n'okpuru ikikere BSD.

Iji gbakọta, dị nnọọ budata kwachie na nginx 1.16 na koodu ọba akwụkwọ quiche, wee wughachi nginx site na iji nhọrọ “—with-http_v3_module —with-quiche=../quiche”. Mgbe ị na-ewu ụlọ, nkwado TLS kwesịrị ịdabere na ọbá akwụkwọ BoringSSL ("-with-openssl=../quiche/deps/boringssl"), akwadobeghị iji OpenSSL. Iji nabata njikọ, ịkwesịrị ịgbakwunye ntuziaka nge ntị yana ọkọlọtọ “quic” na ntọala (dịka ọmụmaatụ, “gee ntị 443 quic reuseport”).

Na ngwanrọ ndị ahịa, agbakwunyela nkwado HTTP/3 na nnwale nnwale nke Chrome Canary yana ịba uru curl. N'akụkụ ihe nkesa, ruo ugbu a ọ dị mkpa iji dị iche iche, oke ule mmejuputa iwu. Ikike ịhazi HTTP/3 na nginx ga-eme ka ntinye nke sava dị mfe na nkwado HTTP/3 ma mee ka ntinye ule nke usoro ọhụrụ ahụ dịkwuo mfe. Mpụta nkwado ọkọlọtọ maka HTTP/3 na nginx na-atụ anya na ngalaba 1.17.x maka ọnwa 6-12.

Cheta na HTTP/3 na-ahazi iji usoro QUIC dị ka njem maka HTTP/2. Protocol ỌR. (Njikọ Ịntanetị ngwa ngwa UDP) bụ Google mepụtara kemgbe 2013 dị ka ihe ọzọ na nchịkọta TCP + TLS maka Weebụ, na-edozi nsogbu na ogologo oge nhazi na oge mkparita uka maka njikọ na TCP na iwepụ oge igbu oge mgbe ngwugwu na-efunahụ n'oge nnyefe data. QUIC bụ ndọtị nke UDP protocol na-akwado multiplexing nke ọtụtụ njikọ ma na-enye ụzọ nzuzo dakọrọ TLS/SSL.

Main Atụmatụ QUIC:

  • Nchekwa dị elu dị ka TLS (nke bụ QUIC na-enye ike iji TLS karịa UDP);
  • Njikwa iguzosi ike n'ezi ihe, na-egbochi mfu ngwugwu;
  • Ikike iji guzobe njikọ ozugbo (0-RTT, n'ihe dị ka 75% nke ikpe nwere ike ibunye data ozugbo mgbe ezipụchara ngwugwu njikọ njikọ) ma nye obere oge n'etiti izipu arịrịọ na ịnata nzaghachi (RTT, Oge njem okirikiri);
  • Ọ bụghị iji otu nọmba usoro mgbe ị na-ebufe ngwugwu, nke na-ezere enweghị mgbagwoju anya na ịchọpụta ngwugwu natara ma wepụ oge;
  • Ọnwụ nke ngwugwu na-emetụta naanị nnyefe nke iyi nke metụtara ya ma ghara ịkwụsị nnyefe data na iyi iyi ndị a na-ebufe site na njikọ dị ugbu a;
  • Atụmatụ mgbazi mperi na-ebelata igbu oge n'ihi mbufe nke ngwugwu furu efu. Iji koodu mgbazi njehie pụrụ iche na ọkwa ngwugwu iji belata ọnọdụ chọrọ mbugharị data ngwugwu furu efu.
  • A na-ejikọta oke ngọngọ cryptographic na oke ngwugwu QUIC, nke na-ebelata mmetụta nke mfu ngwugwu na ngbanwe ọdịnaya nke ngwugwu na-esote;
  • Enweghị nsogbu na mgbochi TCP kwụ n'ahịrị;
  • Nkwado maka njirimara njikọ, nke na-ebelata oge ọ na-ewe iji guzobe njikọ maka ndị ahịa mkpanaka;
  • Enwere ike ijikọ usoro njikwa mkpọchi njikọ dị elu;
  • Na-eji usoro amụma ntinye ntinye n'otu n'otu iji hụ na ezipụ ngwugwu n'ọnụ ahịa kacha mma, na-egbochi ha ịbanye n'ụkọ na ịkpata mfu ngwugwu;
  • Enwere ike nghọta uto arụmọrụ na ntinye aka tụnyere TCP. Maka ọrụ vidiyo dị ka YouTube, QUIC egosila na ọ na-ebelata ọrụ nkwughachi mgbe ị na-ekiri vidiyo site na 30%.

    • isi: opennet.ru

Tinye a comment