ICloudflare inikezela ngemodyuli yokuxhasa i-HTTP / 3 ku-NGINX

Darkcrizt

Imizuzu ye-4

I-Cloudflare

ICloudflare isilungiselele imojuli yokunikeza ukusekelwa kwephrothokholi ye-HTTP / 3 ku-NGINX. Imodyuli isiqediwe ngesimo se-snap kumtapo wezincwadi we-quiche ithuthukiswe eCloudflare ngokusetshenziswa komthetho olandelwayo wezokuthutha we-QUIC kanye ne-HTTP / 3. Ikhodi ye-quiche ibhalwe kuRust, kepha imodyuli ye-NGINX ibhalwe ku-C futhi ifinyelela kumtapo wezincwadi ngezixhumanisi ezinamandla. Amahora wokusebenza avulekile ngaphansi kwelayisense ye-BSD.

Kusuka kwisoftware yeklayenti, Ukuxhaswa kwe-HTTP / 3 sekuvele kungezwe ekwakhiweni kokuhlolwa kwe-Canary ye-Chrome nokusetshenziswa kwe-curl. Ohlangothini lweseva, ukusetshenziswa kokuqalwa kokuhlolwa okukude okunamakhono alinganiselwe kuze kube manje kuyadingeka. Amandla okuphatha i-HTTP / 3 ku-nginx kuzokwenza lula kakhulu ukuthunyelwa kwamaseva ngosizo lwe-HTTP / 3 futhi kuzokwenza ukuqaliswa kokuhlolwa kweprotocol entsha kufinyeleleke kalula.

I-HTTP / 3 ifanisa ukulinganisa ukusetshenziswa kwephrothokholi ye-QUIC njengesithuthi se-HTTP / 2. Iphrothokholi ye-QUIC yathuthukiswa yiGoogle njengenye indlela ye-TCP + TLS yeWebhu, ngalokho ihlose ukuxazulula izinkinga isikhathi eside sokufakwa kanye nokuhlanganiswa kokuhlanganiswa ku-TCP nokubambezeleka ukuqedwa kokulahleka kwepakethe ngesikhathi sokudluliswa kwedatha. I-QUIC ihambisana nephrothokholi ye-UDP esekela ukuphindaphindwa kokuxhuma okuningi futhi inikeze izindlela zokubethela ezilingana ne-TLS / SSL.

Phakathi kwezimpawu ezisemqoka ze-QUIC ezigqamile:

  • Ukuphepha okuphezulu, okufana ne-TLS (empeleni, i-QUIC inikeza amandla wokusebenzisa i-TLS ngaphezulu kwe-UDP).
  • Ukulawulwa kobuqotho bokugeleza okuvimbela ukulahleka kwepakethe.
  • Amandla okusungula ukuxhumana ngokushesha (0-RTT, kumacala angaba ngu-75%, idatha ingadluliselwa ngokushesha ngemuva kokuthumela iphakethe lokusetha uxhumano) futhi iqinisekise ukubambezeleka okuncane phakathi kokuthumela isicelo nokuthola impendulo (i-RTT, Isikhathi Sokujikeleza) .
  • Ukungasebenzisi inombolo efanayo yokulandelana lapho uthumela kabusha iphakethe, eligwema ukungaqondakali ekunqumeni amaphakethe atholiwe futhi kuqede ukuphela kwesikhathi.
  • Ukulahlekelwa yiphakethe kuthinta ukulethwa kokusakazwa okuhambisana nakho kuphela futhi akumisi ukulethwa kwedatha emifudlaneni edluliselwe ngokufana nokuxhumeka kwamanje.
  • Iphutha amathuluzi okulungisa anciphisa ukubambezeleka ngenxa yokudluliswa kabusha kwamaphakethe alahlekile. Ukusetshenziswa kwamakhodi wokulungisa amaphutha wezinga elikhethekile ukunciphisa izimo ezidinga ukudluliswa kabusha kwedatha yepakethe elahlekile.
  • Imingcele yamabhulokhi we-Cryptographic iqondaniswe nemingcele yamaphakethe we-QUIC, kunciphisa umphumela wokulahleka kwepakethe ekunqumeni okuqukethwe kwamaphakethe alandelayo
  • Akunazinkinga ngokuvimba ulayini we-TCP
  • Ukusekelwa kokokuhlonza ukuxhumeka, okunciphisa isikhathi sokusungula ukuxhumana kabusha kwamakhasimende weselula
  • Amandla wokuxhuma izindlela ezithuthukile zokulawula ukulayishwa okugcwele
  • Kusetshenziswa inqubo yokubikezela umkhawulokudonsa ohlangothini ngalunye ukuze kuqinisekiswe ukuqina kwephakethe lokudlulisela phambili, ukukuvimbela ukuthi kufinyelele esimweni sokuminyana lapho kutholakala ukulahleka kwepakethe
  • Ukusebenza okuphawulekayo nokuzuza kokusebenza ngaphezu kwe-TCP. Kumasevisi wevidiyo afana ne-YouTube, i-QUIC ikhombise ukwehliswa okungu-30% kokusebenza kabusha kwebhafa lapho ubuka amavidiyo.

Ungayisebenzisa kanjani imodyuli yokuxhasa i-HTTP / 3 ku-NGINX?

Okwalabo abanentshisekelo yokukwazi ukusebenzisa le moduli kuseva yabo, Bangakwenza lokho ngokulandela imiyalo esabelana ngayo ngezansi.

Ukuyihlanganisa, kufanele nje balande i-patch ye-nginx 1.16 nekhodi yomtapo wolwazi eyi-quiche.

curl -O https://nginx.org/download/nginx-1.16.1.tar.gz

tar xzvf nginx-1.16.1.tar.gz

git clone --recursive https://github.com/cloudflare/quiche

cd nginx-1.16.1

patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch

Futhi sihlanganisa i-NGINX ngokuxhaswa kwe-HTTP / 3 kunikwe amandla:

 ./configure                                 \

--prefix=$PWD                           \

--with-http_ssl_module                  \

--with-http_v2_module                   \

--with-http_v3_module                   \

--with-openssl=../quiche/deps/boringssl \

--with-quiche=../quiche

make

Ngesikhathi sokuhlanganiswa, ukusekelwa kwe-TLS kufanele kusekelwe kumtapo wezincwadi we-BoringSSL ("–with-openssl = .. / quiche / deps / boringssl"), ukusetshenziswa kwe-OpenSSL akukasekelwa.

Ukwamukela ukuxhumana ekucushweni, bazodinga ukungeza inkomba yomlaleli nefulegi le- "quic".


Shiya umbono wakho

Ikheli lakho le ngeke ishicilelwe. Ezidingekayo ibhalwe nge *

*

*

  1. Ubhekele imininingwane: Miguel Ángel Gatón
  2. Inhloso yedatha: Lawula Ugaxekile, ukuphathwa kwamazwana.
  3. Ukusemthethweni: Imvume yakho
  4. Ukuxhumana kwemininingwane: Imininingwane ngeke idluliselwe kubantu besithathu ngaphandle kwesibopho esisemthethweni.
  5. Isitoreji sedatha: Idatabase ebanjwe yi-Occentus Networks (EU)
  6. Amalungelo: Nganoma yisiphi isikhathi ungakhawulela, uthole futhi ususe imininingwane yakho.