Cloudflare has prepared a module to provide support for the HTTP / 3 protocol in NGINX. The module is done in the form of a snap on the quiche library developed at Cloudflare with the implementation of the QUIC and HTTP / 3 transport protocol. The quiche code is written in Rust, but the module for NGINX is written in C and accesses the library through dynamic links. Hours of operation are open under the BSD license.
From the client software, HTTP / 3 support has already been added to Chrome Canary experimental builds and the curl utility. On the server side, the use of isolated test implementations that have limited capabilities has so far been required. The ability to handle HTTP / 3 in nginx will significantly simplify the deployment of servers with HTTP / 3 support and it will make the test implementation of the new protocol more accessible.
HTTP / 3 standardizes the use of the QUIC protocol as a transport for HTTP / 2. The QUIC protocol was developed by Google as an alternative to TCP + TLS for the Web, thereby intends to solve problems with a long time of installation and coordination compounds in TCP and delays elimination of packet loss during data transmission. QUIC is a plug-in to the UDP protocol that supports multiplexing of multiple connections and provides encryption methods equivalent to TLS / SSL.
Among the key characteristics of QUIC that stand out:
- High security, similar to TLS (in fact, QUIC provides the ability to use TLS over UDP).
- Flow integrity control that prevents packet loss.
- The ability to establish a connection instantly (0-RTT, in about 75% of cases, data can be transferred immediately after sending the connection setup packet) and ensure minimal delays between sending a request and receiving a response (RTT, Round Trip Time).
- Not using the same sequence number when retransmitting a packet, which avoids ambiguity in determining received packets and eliminates timeouts.
- Losing a packet affects the delivery of only the stream associated with it and does not stop the delivery of data in streams transmitted in parallel over the current connection.
- Error correction tools that minimize delays due to retransmission of lost packets. The use of special packet-level error correction codes to reduce situations that require retransmission of lost packet data.
- Cryptographic block boundaries are aligned with QUIC packet boundaries, reducing the effect of packet loss on decoding the content of subsequent packets
- No problems with blocking the TCP queue
- Support for connection identifier, which reduces the time to establish a reconnection for mobile clients
- Ability to connect advanced mechanisms to control connection overload
- Using the technique of predicting the bandwidth in each direction to ensure an optimal intensity of sending packets, preventing it from reaching a state of congestion in which packet loss is observed
- Remarkable performance and performance gains over TCP. For video services like YouTube, QUIC showed a 30% reduction in re-buffering operations when watching videos.
How to implement the module to support HTTP / 3 in NGINX?
For those who are interested in being able to implement this module on their server, They can do so by following the instructions we share below.
To compile it, they just have to download the patch for nginx 1.16 and the quiche library code.
curl -O https://nginx.org/download/nginx-1.16.1.tar.gz tar xzvf nginx-1.16.1.tar.gz git clone --recursive https://github.com/cloudflare/quiche cd nginx-1.16.1 patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch
And we compile NGINX with HTTP / 3 support enabled:
./configure \ --prefix=$PWD \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_v3_module \ --with-openssl=../quiche/deps/boringssl \ --with-quiche=../quiche make
During compilation, TLS support should be based on the BoringSSL library ("–with-openssl = .. / quiche / deps / boringssl"), the use of OpenSSL is not yet supported.
To accept connections in the configuration, they will need to add the listening directive with the "quic" flag.