ICloudflare isilungiselele imojuli yokunikeza ukusekelwa kwephrothokholi ye-HTTP / 3 ku-NGINX. Imodyuli isiqediwe ngesimo se-snap kumtapo wezincwadi we-quiche ithuthukiswe eCloudflare ngokusetshenziswa komthetho olandelwayo wezokuthutha we-QUIC kanye ne-HTTP / 3. Ikhodi ye-quiche ibhalwe kuRust, kepha imodyuli ye-NGINX ibhalwe ku-C futhi ifinyelela kumtapo wezincwadi ngezixhumanisi ezinamandla. Amahora wokusebenza avulekile ngaphansi kwelayisense ye-BSD.
Kusuka kwisoftware yeklayenti, Ukuxhaswa kwe-HTTP / 3 sekuvele kungezwe ekwakhiweni kokuhlolwa kwe-Canary ye-Chrome nokusetshenziswa kwe-curl. Ohlangothini lweseva, ukusetshenziswa kokuqalwa kokuhlolwa okukude okunamakhono alinganiselwe kuze kube manje kuyadingeka. Amandla okuphatha i-HTTP / 3 ku-nginx kuzokwenza lula kakhulu ukuthunyelwa kwamaseva ngosizo lwe-HTTP / 3 futhi kuzokwenza ukuqaliswa kokuhlolwa kweprotocol entsha kufinyeleleke kalula.
I-HTTP / 3 ifanisa ukulinganisa ukusetshenziswa kwephrothokholi ye-QUIC njengesithuthi se-HTTP / 2. Iphrothokholi ye-QUIC yathuthukiswa yiGoogle njengenye indlela ye-TCP + TLS yeWebhu, ngalokho ihlose ukuxazulula izinkinga isikhathi eside sokufakwa kanye nokuhlanganiswa kokuhlanganiswa ku-TCP nokubambezeleka ukuqedwa kokulahleka kwepakethe ngesikhathi sokudluliswa kwedatha. I-QUIC ihambisana nephrothokholi ye-UDP esekela ukuphindaphindwa kokuxhuma okuningi futhi inikeze izindlela zokubethela ezilingana ne-TLS / SSL.
Phakathi kwezimpawu ezisemqoka ze-QUIC ezigqamile:
- Ukuphepha okuphezulu, okufana ne-TLS (empeleni, i-QUIC inikeza amandla wokusebenzisa i-TLS ngaphezulu kwe-UDP).
- Ukulawulwa kobuqotho bokugeleza okuvimbela ukulahleka kwepakethe.
- Amandla okusungula ukuxhumana ngokushesha (0-RTT, kumacala angaba ngu-75%, idatha ingadluliselwa ngokushesha ngemuva kokuthumela iphakethe lokusetha uxhumano) futhi iqinisekise ukubambezeleka okuncane phakathi kokuthumela isicelo nokuthola impendulo (i-RTT, Isikhathi Sokujikeleza) .
- Ukungasebenzisi inombolo efanayo yokulandelana lapho uthumela kabusha iphakethe, eligwema ukungaqondakali ekunqumeni amaphakethe atholiwe futhi kuqede ukuphela kwesikhathi.
- Ukulahlekelwa yiphakethe kuthinta ukulethwa kokusakazwa okuhambisana nakho kuphela futhi akumisi ukulethwa kwedatha emifudlaneni edluliselwe ngokufana nokuxhumeka kwamanje.
- Iphutha amathuluzi okulungisa anciphisa ukubambezeleka ngenxa yokudluliswa kabusha kwamaphakethe alahlekile. Ukusetshenziswa kwamakhodi wokulungisa amaphutha wezinga elikhethekile ukunciphisa izimo ezidinga ukudluliswa kabusha kwedatha yepakethe elahlekile.
- Imingcele yamabhulokhi we-Cryptographic iqondaniswe nemingcele yamaphakethe we-QUIC, kunciphisa umphumela wokulahleka kwepakethe ekunqumeni okuqukethwe kwamaphakethe alandelayo
- Akunazinkinga ngokuvimba ulayini we-TCP
- Ukusekelwa kokokuhlonza ukuxhumeka, okunciphisa isikhathi sokusungula ukuxhumana kabusha kwamakhasimende weselula
- Amandla wokuxhuma izindlela ezithuthukile zokulawula ukulayishwa okugcwele
- Kusetshenziswa inqubo yokubikezela umkhawulokudonsa ohlangothini ngalunye ukuze kuqinisekiswe ukuqina kwephakethe lokudlulisela phambili, ukukuvimbela ukuthi kufinyelele esimweni sokuminyana lapho kutholakala ukulahleka kwepakethe
- Ukusebenza okuphawulekayo nokuzuza kokusebenza ngaphezu kwe-TCP. Kumasevisi wevidiyo afana ne-YouTube, i-QUIC ikhombise ukwehliswa okungu-30% kokusebenza kabusha kwebhafa lapho ubuka amavidiyo.
Ungayisebenzisa kanjani imodyuli yokuxhasa i-HTTP / 3 ku-NGINX?
Okwalabo abanentshisekelo yokukwazi ukusebenzisa le moduli kuseva yabo, Bangakwenza lokho ngokulandela imiyalo esabelana ngayo ngezansi.
Ukuyihlanganisa, kufanele nje balande i-patch ye-nginx 1.16 nekhodi yomtapo wolwazi eyi-quiche.
curl -O https://nginx.org/download/nginx-1.16.1.tar.gz tar xzvf nginx-1.16.1.tar.gz git clone --recursive https://github.com/cloudflare/quiche cd nginx-1.16.1 patch -p01 < ../quiche/extras/nginx/nginx-1.16.patch
Futhi sihlanganisa i-NGINX ngokuxhaswa kwe-HTTP / 3 kunikwe amandla:
./configure \ --prefix=$PWD \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_v3_module \ --with-openssl=../quiche/deps/boringssl \ --with-quiche=../quiche make
Ngesikhathi sokuhlanganiswa, ukusekelwa kwe-TLS kufanele kusekelwe kumtapo wezincwadi we-BoringSSL ("–with-openssl = .. / quiche / deps / boringssl"), ukusetshenziswa kwe-OpenSSL akukasekelwa.
Ukwamukela ukuxhumana ekucushweni, bazodinga ukungeza inkomba yomlaleli nefulegi le- "quic".