ProHoster > Блог > ozi ịntanetị > Ntụle Nginx nwere nkwado QUIC na HTTP/3

Ntụle Nginx nwere nkwado QUIC na HTTP/3

Ụlọ ọrụ NGINX mara ọkwa banyere mmalite nke ule mmejuputa iwu QUIC na HTTP/3 protocol na HTTP sava na nginx proxy. Mmejuputa ya dabere na 27 mpempe akwụkwọ Nkọwapụta IETF-QUIC ma dị site na ebe nchekwa iche, agbaghara na ntọhapụ 1.19.0. A na-ekesa koodu a n'okpuru ikikere BSD na anaghị egbochi ya na mbụ tụrụ aro Mmejuputa HTTP/3 maka nginx sitere na Cloudflare, nke bụ ọrụ dị iche.

Akara nkwado HTTP/3 na nginx dị ka nnwale n'ihi na ọ bụghị ihe niile nwere ike ime a na-emejuputa atumatu. N'otu oge ahụ, enwere ike iji nginx ziga nzaghachi na arịrịọ HTTP/3 dị mfe karịa QUIC na budata/bulite faịlụ buru ibu. Njirimara protocol na-efu ugbu a gụnyere ngwaọrụ mkparita ụka ụdị protocol, ECN na njikwa mkpọchi, ndekọ ahaziri ahazi, ọnọdụ mgbake (nkwụghachi QUIC, mgbake na njikwa mkpọchi), NAT Rebinding, adreesị mkpanaka, ntinye ihe nkesa, ntinye data (trailer). Ọ na-enyekwa naanị nkwado ndabere maka nhazi ngwugwu ACK na njikwa mmiri, nke chọrọ mmepe ọzọ. Ọ bụghị ihe niile achọrọ nke ọkọlọtọ ka etinyere n'uche.

Iji mee HTTP/3 rụọ ọrụ, ịkwesịrị iji modul http_v3_module wuo nginx wee tinye ntuziaka ọzọ.
jiri ọkọlọtọ "http3" jiri "gee ntị" iji mepụta oghere ntị UDP. Ọmụmaatụ:

sava {
gee 443 ssl; # TCP oghere maka HTTP / 1.1
gee 443 http3 reuseport; # UDP oghere maka QUIC+HTTP/3

ssl_protocols TLSv1.3; # QUIC chọrọ TLS 1.3
ssl_certificate ssl/www.example.com.crt;
ssl_certificate_key ssl/www.example.com.key;

add_header Alt-Svc 'quic = ": 443"; # Ọkọlọtọ nnweta QUIC
add_header QUIC-Ọnọdụ $quic; # Isi ihe nwere ọkwa ojiji QUIC
}

Cheta na HTTP/3 na-ahazi iji usoro QUIC dị ka njem maka HTTP/2. Protocol ỌR. (Njikọ Ịntanetị ngwa ngwa UDP) bụ Google mepụtara kemgbe 2013 dị ka ihe ọzọ na nchịkọta TCP + TLS maka Weebụ, na-edozi nsogbu na ogologo oge nhazi na oge mkparịta ụka maka njikọ na TCP na iwepụ oge igbu oge mgbe ngwugwu na-efunahụ n'oge nnyefe data. QUIC bụ ndọtị nke UDP protocol na-akwado multiplexing nke ọtụtụ njikọ ma na-enye ụzọ nzuzo dakọrọ TLS/SSL. N'akụkụ ndị ahịa, agbakwunyela nkwado nnwale maka HTTP/3 na curl, Firefox и chromium.

Ntụle Nginx nwere nkwado QUIC na HTTP/3

Main Atụmatụ QUIC:

  • Nchekwa dị elu dị ka TLS (nke bụ QUIC na-enye ikike iji TLS 1.3 karịa UDP);
  • Njikwa iguzosi ike n'ezi ihe, na-egbochi mfu ngwugwu;
  • Ikike iji guzobe njikọ ozugbo (0-RTT, n'ihe dị ka 75% nke ikpe nwere ike ibunye data ozugbo mgbe ezipụchara ngwugwu njikọ njikọ) ma nye obere oge n'etiti izipu arịrịọ na ịnata nzaghachi (RTT, Oge njem okirikiri);
    Ntụle Nginx nwere nkwado QUIC na HTTP/3
  • Ọ bụghị iji otu nọmba usoro mgbe ị na-ebufe ngwugwu, nke na-ezere enweghị mgbagwoju anya na ịchọpụta ngwugwu natara ma wepụ oge;
  • Ọnwụ nke ngwugwu na-emetụta naanị nnyefe nke iyi nke metụtara ya ma ghara ịkwụsị nnyefe data na iyi iyi ndị a na-ebufe site na njikọ dị ugbu a;
  • Atụmatụ mgbazi mperi na-ebelata igbu oge n'ihi mbufe nke ngwugwu furu efu. Iji koodu mgbazi njehie pụrụ iche na ọkwa ngwugwu iji belata ọnọdụ chọrọ mbugharị data ngwugwu furu efu.
  • A na-ejikọta oke ngọngọ cryptographic na oke ngwugwu QUIC, nke na-ebelata mmetụta nke mfu ngwugwu na ngbanwe ọdịnaya nke ngwugwu na-esote;
  • Enweghị nsogbu na mgbochi TCP kwụ n'ahịrị;
  • Nkwado maka njirimara njikọ, nke na-ebelata oge ọ na-ewe iji guzobe njikọ maka ndị ahịa mkpanaka;
  • Enwere ike ijikọ usoro njikwa mkpọchi njikọ dị elu;
  • Na-eji usoro amụma ntinye ntinye n'otu n'otu iji hụ na ezipụ ngwugwu n'ọnụ ahịa kacha mma, na-egbochi ha ịbanye n'ụkọ na ịkpata mfu ngwugwu;
  • Enwere ike nghọta uto arụmọrụ na ntinye aka tụnyere TCP. Maka ọrụ vidiyo dị ka YouTube, QUIC egosila na ọ na-ebelata ọrụ nkwughachi mgbe ị na-ekiri vidiyo site na 30%.

isi: opennet.ru

Zụta nnabata ntụkwasị obi maka saịtị nwere nchekwa DDoS, sava VPS VDS 🔥 Zụta ebe nrụọrụ weebụ a pụrụ ịtụkwasị obi na nchekwa DDoS, sava VPS VDS | ProHoster