Copie -> FRsAG
On 28/05/2021 07:23, Stephane Bortzmeyer wrote:
Les quatre RFC sur QUIC viennent d'être publiés. Ce nouveau protocole de transport, concurrent de TCP, pourrait bien devenir le transport majoritaire sur l'Internet, et changer certaines choses (par exemple, la mécanique de la couche transport est désormais chiffrée et n'est plus visible par un observateur indiscret, ce qui fera peut-être râler certains).
On peut tester avec nginx-quic qui utilise boringssl.
https://quic.nginx.org/ https://boringssl.googlesource.com/boringssl/
JFB
PS Testé avec Debian 10 (on peut se passer de ngx-fancyindex et de nginx-ct-master) :
### boringssl # https://boringssl.googlesource.com/boringssl/ cd /usr/src git clone https://boringssl.googlesource.com/boringssl cd boringssl mkdir build cd build cmake .. make
### nginx-quic # https://quic.nginx.org/ # https://hg.nginx.org/nginx-quic/shortlog/quic cd /usr/src hg clone -b quic https://hg.nginx.org/nginx-quic cd nginx-quic # README ./auto/configure --with-debug --with-http_v3_module \ --with-cc-opt="-I../boringssl/include" \ --with-ld-opt="-L../boringssl/build/ssl -L../boringssl/build/crypto" \ --prefix=/usr/local/nginx-quic \ --with-http_ssl_module --with-http_v2_module \ --with-http_stub_status_module --with-http_gzip_static_module \ --with-http_geoip_module \ --with-openssl-opt=no-shared \ --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module \ --add-dynamic-module=/usr/src/nginx-ct-master --add-module=../ngx-fancyindex \ --user=www-data --group=www-data
make make install
### /usr/local/nginx-quic/conf/nginx.conf # (1) events {}
http { log_format quic '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" "$quic" "$http3"';
access_log logs/access.log quic;
server { # for better compatibility it's recommended # to use the same port for quic and https listen 443 http3 reuseport; listen 443 ssl;
ssl_certificate fullchain.pem; ssl_certificate_key privkey.pem; ssl_protocols TLSv1.3;
location / { # required for browsers to direct them into quic port add_header Alt-Svc '$http3=":443"; ma=86400'; add_header QUIC-Status $quic; root /var/www/html/; index index.html index.htm;
} } }