What’s NGINX
NGINX is a high-performance web server known for its efficiency, stability, and rich feature set. It’s designed to handle high concurrency with low memory usage, making it ideal for serving static content, acting as a reverse proxy, and handling load balancing. Its event-driven architecture enables it to power many of the world’s busiest websites.
Why use HTTP3/QUIC in NGINX
The introduction of HTTP/3 and QUIC protocols marks a significant evolution in web technologies, offering faster, more secure internet communication. By leveraging UDP, these protocols minimize connection and transport latencies, outperforming their predecessor, HTTP/2, especially in conditions of packet loss and network fluctuations. Integrating HTTP3/QUIC with NGINX can drastically improve your website’s loading times, enhance user experience, and boost your site’s ranking on search engines as speed and security become increasingly important ranking factors.
How to install and enable NGINX HTTP3/QUIC
Installing and enabling HTTP3/QUIC support in NGINX on Ubuntu 22.04 isn’t just about stepping up your web server game; it’s a strategic move towards embracing the future of the internet. This guide will walk you through the pre-requisites for NGINX and HTTP3/QUIC setup, including updating your system, installing required libraries.
Updating Ubuntu OS
apt update && apt upgrade -yInstall and Setup SSL Certificate
HTTP/3 and QUIC fundamentally require SSL/TLS, specifically using TLS 1.3, for a few critical reasons that underscore their emphasis on enhanced security and performance.
We could use Let’s Encrypt for free, if you’ve the paid SSL Certificate should be good.
apt install -y certbot
certbot certonly --standalone -n --agree-tos -m [email protected] -d blackonsole.org --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx"
# Set cronjob for SSL renewal
crontab -e
0 0,12 * * * certbot renew -qSetup NGINX Ubuntu Repository
apt install -y curl gnupg2 ca-certificates lsb-release ubuntu-keyring
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor \
| sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] \
http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" \
| sudo tee /etc/apt/sources.list.d/nginx.list
Install NGINX and Modules (if needed)
# installing
apt update && apt install nginx
# checking the version
nginx -v
nginx version: nginx/1.25.5Enable HTTP3/QUIC in NGINX config or vhost
server {
server_name _;
root /var/www/html;
# HTTP
listen 80 default_server reuseport;
listen [::]:80 default_server reuseport;
# HTTP2/SSL
listen 443 ssl default_server reuseport;
listen [::]:443 ssl default_server reuseport;
http2 on;
# Enable HTTP3/QUIC
listen 443 quic default_server reuseport;
listen [::]:443 quic default_server reuseport;
http3 on;
# Let's Encrypt
ssl_certificate /etc/letsencrypt/live/blackonsole.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/blackonsole.org/privkey.pem;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
location / {
# HTTP3/QUIC Header
add_header Alt-Svc 'h3=":443"; ma=86400';
return 200 '{ "HTTP3/QUIC": "Enabled" }';
}
}Check the config and restart NGINX Service
# test the config file
nginx -t
# reload the service
nginx -s reload
# OR
systemctl restart nginx
systemctl status nginxCheck the HTTP3/QUIC run as expected
# curl -I localhost
HTTP/1.1 200 OK
Server: nginx
Date: Sat, 20 Apr 2024 04:31:29 GMT
Content-Type: application/xhtml+xml; charset=UTF-8
Content-Length: 24568
Connection: keep-alive
Alt-Svc: h3=":443"; ma=86400If you need check from internet, you could use this website – https://http3check.net/
Reference
- http://nginx.org/en/docs/quic.html
- http://nginx.org/en/docs/http/ngx_http_v3_module.html
- https://www.nginx.com/blog/quic-http3-support-openssl-nginx/
