ICloudflare ilungiselele imodyuli yokubonelela ngenkxaso ye-HTTP / 3 protocol kwi-NGINX. Imodyuli yenziwe ngohlobo lwe-snap kwilayibrari ye-quiche iphuhliswe e-Cloudflare ngokuphunyezwa kwe-QUIC kunye ne-HTTP / 3 protocol yothutho. Ikhowudi ye-quiche ibhaliwe kwiRust, kodwa imodyuli ye-NGINX ibhaliwe kwi-C kwaye ifikelela kwilayibrari ngokusebenzisa amakhonkco ashukumisayo. Iiyure zokusebenza zivulekile phantsi kwelayisensi ye-BSD.
Ukusuka kwisoftware yomthengi, Inkxaso ye-HTTP / 3 sele yongezwe kuvavanyo lweCanary Canary kunye nokusetyenziswa kwe-curl. Kwicala leseva, ukusetyenziswa kovavanyo olwenziweyo olunezithintelo kude kube ngoku kuye kwafuneka. Ukukwazi ukuphatha i-HTTP / 3 kwi-nginx iya kwenza lula kakhulu ukuhanjiswa kweeseva ngenkxaso ye-HTTP / 3 kwaye iya kwenza ukuphunyezwa kovavanyo lwenkqubo entsha kufikeleleke ngakumbi.
I-HTTP / 3 ibeka emgangathweni ukusetyenziswa kweprotocol ye-QUIC njengothutho lwe-HTTP / 2. Umgaqo olandelwayo we-QUIC waphuhliswa nguGoogle njengenye indlela ye-TCP + TLS yeWebhu, ngaloo ndlela ijonge ukusombulula iingxaki ixesha elide lofakelo kunye nokulungelelanisa iikhompawundi kwi-TCP kunye nokulibaziseka ukupheliswa kwepakethi yokulahleka ngexesha lokuhambisa idatha. I-QUIC yiplagi-kwiprothokholi ye-UDP exhasa ukuphindaphindwa konxibelelwano oluninzi kwaye ibonelele ngeendlela zokubhala ngokulingana ne-TLS / SSL.
Phakathi kweempawu eziphambili ze-QUIC ezibalaseleyo:
- Ukhuseleko oluphezulu, olufana ne-TLS (enyanisweni, i-QUIC ibonelela ngokwazi ukusebenzisa i-TLS ngaphezulu kwe-UDP).
- Ukuhamba kolawulo lwengqibelelo okuthintela ukulahleka kwepakethi.
- Isakhono sokuseka unxibelelwano kwangoko (i-0-RTT, malunga neepesenti ezingama-75 zamatyala, idatha inokuhanjiswa kwangoko emva kokuthumela ipakethi yokuseta uqhagamshelo) kunye nokuqinisekisa ukulibaziseka okuncinci phakathi kokuthumela isicelo kunye nokufumana impendulo (i-RTT, ixesha elijikelezayo lokuhamba) .
- Ungasebenzisi inani elifanayo lokulandelelana xa uphinda uthumela ipakethi, ethintela ukungaqondakali ekumiseni iipakethi ezifunyenweyo kunye nokususa ixesha lokuphuma.
- Ukuphulukana nepakethi kuchaphazela ukuhanjiswa komjelo kuphela onxulunyaniswa nawo kwaye ayimisi ukuhanjiswa kwedatha kwimilambo ehanjiswe ngokudibeneyo kunxibelelwano lwangoku.
- Izixhobo zokulungisa iimpazamo ezinciphisa ukulibaziseka ngenxa yokuhanjiswa kwakhona kweepakethi ezilahlekileyo. Ukusetyenziswa kweekhowudi zokulungisa iimpazamo zenqanaba elikhethekileyo ukunciphisa iimeko ezifuna ukuhanjiswa kwakhona kwedatha yepakethi elahlekileyo.
- Imida yebhloko ye-Cryptographic ilungelelaniswe nemida yeepakethe ye-QUIC, ukunciphisa isiphumo sokulahleka kwepakethi ekucaciseni umxholo weepakethi ezilandelayo
- Akukho ngxaki ekuthinteleni umgca we-TCP
- Inkxaso yesazisi sonxibelelwano, esinciphisa ixesha lokuseka ukunxibelelana kwakhona kwabaxhasi abahambahambayo
- Amandla okudibanisa iindlela eziphambili zokulawula umthwalo ongaphezulu koqhagamshelo
- Sebenzisa ubuchule bokuqikelela ubungakanani bebhendi kwicala ngalinye ukuqinisekisa ubungakanani bepakethe yokuhambisa phambili, ukuyikhusela ekufikeleleni kwimeko yokudibana apho ilahleko yepakethi ibonwa khona
- Ukusebenza okumangalisayo kunye nokuzuza kokusebenza ngaphezulu kweTCP. Iinkonzo zevidiyo ezinje ngeYouTube, i-QUIC ibonise ukuncipha okungama-30% ekusebenzeni kwakhona xa ubukele iividiyo.
Uyenza njani imodyuli yokuxhasa i-HTTP / 3 kwi-NGINX?
Kwabo banomdla wokukwazi ukusebenzisa le modyuli kwiseva yabo, Banokwenza oko ngokulandela imiyalelo esabelana ngayo ngezantsi.
Ukuyiqokelela, Kufuneka nje bakhuphele isiziba se-nginx 1.16 kunye nekhowudi yethala leencwadi.
curl -O https://nginx.org/download/nginx-1.16.1.tar.gz tar xzvf nginx-1.16.1.tar.gz git clone --recursive https://github.com/cloudflare/quiche cd nginx-1.16.1 patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch
Kwaye sihlanganisa i-NGINX ngenkxaso ye-HTTP / 3 yenziwe:
./configure \ --prefix=$PWD \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_v3_module \ --with-openssl=../quiche/deps/boringssl \ --with-quiche=../quiche make
Ngexesha lokudityaniswa, inkxaso ye-TLS kufuneka isekwe kwilayibrari ye-BoringSSL ("-with-openssl = .. / quiche / deps / boringssl"), ukusetyenziswa kwe-OpenSSL akukaxhaswa.
Ukwamkela unxibelelwano kuqwalaselo, baya kudinga ukongeza isikhokelo somphulaphuli neflegi "quic".