Nginx mainline added (experimental) http3/quic support with version 1.25
in late May.
Is there any interest in adding support to our nginx-mainline package?
It can be optionally turned on in server config, so having it compiled
in and available shouldn't have any impact until it's activated by
changing the web server configs. I confirmed this with my web servers.
I've been running this for a while now (even before the quic branch was
merged into mainline) and it has been working well both with and without
http3. Since quic uses udp, I did need to change the firewall to allow
udp in addition to tcp for the web servers on port 443.
In case of interest, here's what I did to build and get it running.
Since openssl doesn't support quic, nginx provides for some
alternatives; quictls, boringssl or libressl. I chose to use quictls.
Since quictls is openssl plus quic support, I want to be sure it did not
interfere in any way with the default Arch openssl libraries or binaries.
So, I made a quictls package which installed into it's own tree not in
/usr or /usr/local. I chose to use /usr/local/quictls/. This keeps the
binaries in and libraries away from all normal paths while making the
libraries readily available for nginx. I imagine there are other
approaches to dealing with this.
Once quictls was built and installed it is quite simple to use it to add
quic support to the nginx-mainline package.
As always, thanks to those keeping Arch vibrant and at the leading edge.
gene
