Cloudflare inopa module yekutsigira HTTP / 3 muNGINX

Darkcrizt

4 maminitsi

Cloudflare

Cloudflare yakagadzirira module kuti ipe rutsigiro rweiyo HTTP / 3 protocol mu NGINX. Iyo module yaitwa muchimiro chekukasira pane iyo quiche raibhurari yakagadzirirwa kuCloudflare pamwe nekuitiswa kweQuIC uye HTTP / 3 protocol yekufambisa. Iyo quiche kodhi yakanyorwa muRust, asi module ye NGINX yakanyorwa muC uye inowana raibhurari kuburikidza nehukama hwakasimba. Maawa ekushanda akavhurwa pasi pezenisi reBSD.

Kubva kune mutengi software, HTTP / 3 rutsigiro rwakatowedzerwa kuChannel Canary yekuyedza inovaka uye iyo curl zvinoshandiswa. Padivi re server, iko kushandiswa kwega kwega kuita kwekuyedza kune mashoma mashandiro kusvika parizvino kwave kudikanwa. Iko kugona kubata HTTP / 3 mune nginx zvicharerutsa zvikuru kuendeswa kwemaseva ane rutsigiro rweHTTP / 3 uye ichaita kuti kuitiswa kwekuyedzwa kweprotocol nyowani kuve nyore.

HTTP / 3 inomiririra kushandiswa kwequic protocol sekufambisa kweHTTP / 2. Iyo QuIC protocol yakagadzirwa neGoogle seimwe nzira yeTCP + TLS yeWebhu, nokudaro inotarisira kugadzirisa matambudziko neyakareba nguva yekumisikidza uye yekubatanidza makomponi muTCP uye kunonoka kubviswa kwepaketi kurasikirwa panguva yekufambiswa kwedata. QUIC ipulagi-in kune iyo UDP protocol inotsigira kuwanda kwekubatana kwakawanda uye inopa nzira dzekunyorera dzakaenzana neTLS / SSL.

Pakati peakakosha maitiro eQUIC anomira pachena:

  • Kuchengetedzwa kwepamusoro, kwakafanana neTLS (kutaura zvazviri, QUIC inopa kugona kushandisa TLS pamusoro peUDP).
  • Kuyerera kwekuvimbika kudzora kunodzivirira kurasika kwepaketi.
  • Iko kugona kwekubatanidza kubatana ipapo ipapo (0-RTT, mune ingangoita 75% yematambudziko, dhata dzinogona kuendeswa pakarepo mushure mekutumira yekubatanidza setup packet) uye nekuona kushomeka kunonoka pakati pekutumira chikumbiro uye kugamuchira mhinduro (RTT, Round Rwendo Nguva) .
  • Kwete kushandisa imwecheteyo kuteedzana nhamba kana uchidzosera pakiti, iyo inodzivirira kusanzwisisika pakusarudza mapaketi akagashirwa uye kubvisa nguva dzekubuda.
  • Kurasikirwa kwepaketi kunokanganisa kuendeswa kwerukova chete rwakabatana narwo uye hakumise kuendesa kwedata mumisasa inopfuudzwa zvakafanana pamusoro pechizvino kubatana.
  • Zvikanganiso zvekururamisa maturusi ayo anoderedza kunonoka nekuda kwekutamisazve kwemapaketi akarasika. Iko kushandiswa kweakakosha mapaketi-chikamu kukanganisa kukanganisa kodhi kudzora mamiriro ezvinhu anoda kudzoserwa kweakarasika mapaketi data.
  • Cryptographic block miganhu inoenderana neQUIC mapakeji miganhu, ichideredza zvinoitika zvepaketi kurasikirwa pakurongedza zvirimo zvemapakeji anotevera
  • Hapana matambudziko nekuvhara iyo TCP mutsara
  • Tsigiro yekubatanidza chinongedzo, iyo inoderedza nguva yekumisazve kubatanidza kwevatyairi mbozha
  • Kugona kubatanidza epamberi nzira dzekudzivirira kubatana kwakawanda
  • Uchishandisa hunyanzvi hwekufanofungidzira bandwidth munzira yega yega kuona zvakakwana pakiti yekuendesa mberi kusimba, kuchidzivirira kuti dzisasvike padanho rekusangana umo kurasikirwa kwepaketi kunoonekwa
  • Kuita kunoshamisa uye kuita kunowanikwa pamusoro peTCP. Kune evhidhiyo masevhisi seYouTube, QUIC yakaratidza kudzikiswa kwemakumi matatu muzana mukudzokorodza mashandiro kana uchiona mavhidhiyo.

Maitiro ekushandisa module kuti utsigire HTTP / 3 muNGINX?

Kune avo vanofarira kugona kuita iyi module pane yavo server, Vanogona kuzviita nekutevera rairo dzatinogovana pazasi.

Kuinyora, ivo vanongofanirwa kurodha chigamba che nginx 1.16 uye iyo quiche raibhurari kodhi.

curl -O https://nginx.org/download/nginx-1.16.1.tar.gz

tar xzvf nginx-1.16.1.tar.gz

git clone --recursive https://github.com/cloudflare/quiche

cd nginx-1.16.1

patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch

Uye isu tinounganidza NGINX neHTTP / 3 rutsigiro rwakagoneswa:

 ./configure                                 \

--prefix=$PWD                           \

--with-http_ssl_module                  \

--with-http_v2_module                   \

--with-http_v3_module                   \

--with-openssl=../quiche/deps/boringssl \

--with-quiche=../quiche

make

Munguva yekuumbwa, rutsigiro rweTLS runofanirwa kunge rwakavakirwa paBoringSSL raibhurari ("- ne-openssl = .. / quiche / deps / boringssl"), kushandiswa kweOpenSSL hakusati kwatsigirwa.

Kuti vagamuchire kubatana mune yekumisikidza, ivo vanofanirwa kuwedzera rairo yemuteereri neiyo "quic" mureza.


Siya yako yekutaura

Your kero e havazobvumirwi ichibudiswa. Raida minda anozivikanwa ne *

*

*

  1. Inotarisira iyo data: Miguel Ángel Gatón
  2. Chinangwa cheiyo data: Kudzora SPAM, manejimendi manejimendi.
  3. Legitimation: Kubvuma kwako
  4. Kutaurirana kwedata
  5. Dhata yekuchengetedza: Dhatabhesi inobatwa neOccentus Networks (EU)
  6. Kodzero: Panguva ipi neipi iwe unogona kudzora, kupora uye kudzima ruzivo rwako