How toNGINXUbuntuWeb Server

Ubuntu 22.04 How to install NGINX HTTP3/QUIC

Sysadmin.ID4 Comments on Ubuntu 22.04 How to install NGINX HTTP3/QUIC
Installing NGINX with HTTP3/QUIC on Ubuntu 22.04.

What’s NGINX

NGINX is a high-performance web server known for its efficiency, stability, and rich feature set. It’s designed to handle high concurrency with low memory usage, making it ideal for serving static content, acting as a reverse proxy, and handling load balancing. Its event-driven architecture enables it to power many of the world’s busiest websites.

Why use HTTP3/QUIC in NGINX

The introduction of HTTP/3 and QUIC protocols marks a significant evolution in web technologies, offering faster, more secure internet communication. By leveraging UDP, these protocols minimize connection and transport latencies, outperforming their predecessor, HTTP/2, especially in conditions of packet loss and network fluctuations. Integrating HTTP3/QUIC with NGINX can drastically improve your website’s loading times, enhance user experience, and boost your site’s ranking on search engines as speed and security become increasingly important ranking factors.

How to install and enable NGINX HTTP3/QUIC

Installing and enabling HTTP3/QUIC support in NGINX on Ubuntu 22.04 isn’t just about stepping up your web server game; it’s a strategic move towards embracing the future of the internet. This guide will walk you through the pre-requisites for NGINX and HTTP3/QUIC setup, including updating your system, installing required libraries.

Updating Ubuntu OS

apt update && apt upgrade -y

Install and Setup SSL Certificate

HTTP/3 and QUIC fundamentally require SSL/TLS, specifically using TLS 1.3, for a few critical reasons that underscore their emphasis on enhanced security and performance.

We could use Let’s Encrypt for free, if you’ve the paid SSL Certificate should be good.

apt install -y certbot

certbot certonly --standalone -n --agree-tos -m [email protected] -d blackonsole.org --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"

# Set cronjob for SSL renewal
crontab -e

0  0,12 *  *  * certbot renew -q

Setup NGINX Ubuntu Repository

apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring

curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
    | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null

echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
    | sudo tee /etc/apt/sources.list.d/nginx.list

echo -e "Package: *\nPin: origin nginx.org\nPin: release o=nginx\nPin-Priority: 900\n" \
    | sudo tee /etc/apt/preferences.d/99nginx

Install NGINX and Modules (if needed)

# installing
apt update && apt install nginx

# checking the version and http3_module
nginx -v
nginx version: nginx/1.25.5

nginx -V 2>&1 | tr ' ' '\n' | grep --color 'http_v3'
--with-http_v3_module

Enable HTTP3/QUIC in NGINX config or vhost

server {
  server_name   _;
  root          /var/www/html;

  # HTTP
  listen 80 default_server reuseport;
  listen [::]:80 default_server reuseport;

  # HTTP2/SSL
  listen 443 ssl default_server reuseport;
  listen [::]:443 ssl default_server reuseport;
  http2 on;

  # Enable HTTP3/QUIC
  listen 443 quic default_server reuseport;
  listen [::]:443 quic default_server reuseport;
  http3 on;

  # Let's Encrypt
  ssl_certificate 	    /etc/letsencrypt/live/blackonsole.org/fullchain.pem;
  ssl_certificate_key 	/etc/letsencrypt/live/blackonsole.org/privkey.pem;
  ssl_dhparam           /etc/letsencrypt/ssl-dhparams.pem;

  include               /etc/letsencrypt/options-ssl-nginx.conf;
  
  location / {
    # HTTP3/QUIC Header
    add_header Alt-Svc 'h3=":443"; ma=86400';
    return 200 '{ "HTTP3/QUIC": "Enabled" }';
  }
}

Check the config and restart NGINX Service

# test the config file
nginx -t

# reload the service
nginx -s reload

# OR

systemctl restart nginx
systemctl status nginx

Check the HTTP3/QUIC run as expected

Using CURL

# Make sure your curl compiled with HTTP3 support
curl --version | grep HTTP3
Features: alt-svc AsynchDNS brotli GSS-API HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Kerberos Largefile libz NTLM SPNEGO SSL threadsafe UnixSockets zstd

# Test the HTTP3 QUIC
curl -I --http3 https://blackonsole.org
HTTP/3 200

If you need enable cURL with HTTP3 please refer to How to Enable cURL with HTTP/3 on Ubuntu 24.04

Using online tools

If you need check from internet, you could use this website – https://http3check.net/

Reference

  • http://nginx.org/en/docs/quic.html
  • http://nginx.org/en/docs/http/ngx_http_v3_module.html
  • https://www.nginx.com/blog/quic-http3-support-openssl-nginx/

Hi, I’m Sysadmin.ID

Related Posts

Grafana Alloy in Ubuntu 24.04, dance collections of matrics.

Ubuntu 24.04: How to install Grafana Alloy

Discover Grafana Alloy, a versatile, vendor-neutral distribution of the OpenTelemetry Collector that simplifies the integration of metrics, logs, and traces across various tools. Follow our step-by-step guide to easily install and configure Grafana Alloy on Ubuntu 24.04, and seamlessly connect it to Grafana Cloud for enhanced monitoring capabilities.
Sysadmin.ID

4 Comments

  1. I tried the steps on Kali linux but not working specially the certbot is not downloading the cert and authorization fail though have full connectivity and port 80 open. Also how to enable curl for quick and http3 access request you to share more detailed info

    Server block config also says while running nginx -t that it need http3 module enabled

    Reply

  2. above steps followed in ubuntu 22.04 server, but getting this error QUIC connection could not be established whenever I am putting my domain in https://http3check.net, please help if u have any solution. my nginx version is 1.27.0. once I am putting nginx -V this is the result I am getting.
    built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
    built with OpenSSL 3.0.2 15 Mar 2022 (running with OpenSSL 3.1.5 30 Jan 2024)
    TLS SNI support enabled
    configure arguments: –prefix=/etc/nginx –sbin-path=/usr/sbin/nginx –modules-path=/usr/lib/nginx/modules –conf-path=/etc/nginx/nginx.conf –error-log-path=/var/log/nginx/error.log –http-log-path=/var/log/nginx/access.log –pid-path=/var/run/nginx.pid –lock-path=/var/run/nginx.lock –http-client-body-temp-path=/var/cache/nginx/client_temp –http-proxy-temp-path=/var/cache/nginx/proxy_temp –http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp –http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp –http-scgi-temp-path=/var/cache/nginx/scgi_temp –user=nginx –group=nginx –with-compat –with-file-aio –with-threads –with-http_addition_module –with-http_auth_request_module –with-http_dav_module –with-http_flv_module –with-http_gunzip_module –with-http_gzip_static_module –with-http_mp4_module –with-http_random_index_module –with-http_realip_module –with-http_secure_link_module –with-http_slice_module –with-http_ssl_module –with-http_stub_status_module –with-http_sub_module –with-http_v2_module –with-http_v3_module –with-mail –with-mail_ssl_module –with-stream –with-stream_realip_module –with-stream_ssl_module –with-stream_ssl_preread_module –with-cc-opt=’-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.27.0/debian/debuild-base/nginx-1.27.0=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC’ –with-ld-opt=’-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -Wl,–as-needed -pie’

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

We use cookies to improve your experience on our website