nginx-quic是nginx正在开发中的支持http3的版本

目前网上大部分的文章都是基于源码编译安装的
下面介绍个可以直接yum安装的版本：
https://copr.fedorainfracloud.org/coprs/ryoh/nginx-quic/

安装

For CentOS 7 :

sudo yum install epel-release

sudo yum install centos-release-scl

sudo yum install yum-plugin-copr

sudo yum copr enable ryoh/nginx-quic

sudo yum install nginx-quic

For CentOS 8

sudo dnf install epel-release

sudo dnf copr enable ryoh/nginx-quic

sudo dnf install nginx-quic

注意：nginx 与 nginx-quic 不能共存，注意备份数据

配置：

在server{}中添加

listen 443 http3 reuseport;  # UDP listener for QUIC+HTTP/3

ssl_protocols TLSv1.3; # QUIC requires TLS 1.3

add_header Alt-Svc '$http3=":443"; ma=86400'; # Advertise that QUIC is available

# 在新版本中$http3变量不存在，使用下面的替换

# add_header Alt-Svc 'h3-27=":443"; h3-28=":443"; h3-29=":443"; ma=86400; quic=":443"';

add_header QUIC-Status $quic;

报错处理

首次启动失败

nginx: [emerg] cannot load certificate "/etc/pki/tls/certs/localhost.crt": BIO_new_file() ...

是因为在/etc/nginx/vhost.d/http/00-default.conf有配置本地签名
可以将其改名 00-default.conf_bak 或者在本地生成一个证书

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/localhost.key -out /etc/ssl/certs/localhost.crt

nginx: [emerg] unknown "http3" variable
将 server{}配置中的

add_header Alt-Svc '$http3=":443"; ma=86400'; # Advertise that QUIC is available

改成

add_header Alt-Svc 'h3-27=":443"; h3-28=":443"; h3-29=":443"; ma=86400; quic=":443"';

并且将log_format.conf(/etc/nginx/conf.d/http)中的$http3去掉

参考文档

https://copr.fedorainfracloud.org/coprs/ryoh/nginx-quic/

https://serverfault.com/questions/648534/accidently-removed-localhost-crt-ssl-in-centos-6-what-can-i-do

https://zhuanlan.zhihu.com/p/159100819