By Xiujun Ma in FreeBSD

How to Install Nginx with HTTP/3 Support on FreeBSD

How to Install Nginx with HTTP/3 Support on FreeBSD

HTTP/3 is the latest version of the HTTP protocol, designed to be faster and more secure than its predecessors. By leveraging QUIC (Quick UDP Internet Connections), HTTP/3 provides significant performance improvements, especially in terms of connection establishment and latency reduction. In this guide, we'll walk you through the process of installing Nginx with HTTP/3 support on FreeBSD.

Prerequisites

Before you begin, ensure you have the following:

  1. A FreeBSD server with root access.
  2. Basic knowledge of the command line.
  3. A domain name pointed to your server.

Step 1: Update Your System

First, ensure your FreeBSD system is up to date. Open your terminal and run the following commands:

sudo freebsd-update fetch
sudo freebsd-update install

Then, update your package repository:

sudo pkg update
sudo pkg upgrade

Step 2: Install Prerequisites

You need to install several packages before building Nginx with HTTP/3 support. These include the necessary compilers and libraries:

sudo pkg install git gmake gcc pkgconf libev libevent libnghttp2 brotli

Step 3: Install and Configure OpenSSL with QUIC Support

Nginx with HTTP/3 requires OpenSSL with QUIC support. We will download and compile the custom version of OpenSSL.

cd /usr/local/src
git clone https://github.com/quictls/openssl
cd openssl
git checkout OpenSSL_1_1_1k+quic
./config
gmake
sudo gmake install

Step 4: Download and Compile Nginx with HTTP/3

Next, download the Nginx source code and the necessary modules for HTTP/3 support.

cd /usr/local/src
git clone https://github.com/nginx/nginx.git
cd nginx
git checkout release-1.21.4

# Download the Nginx QUIC patch
git clone https://hg.nginx.org/nginx-quic
cd nginx-quic
git checkout quic-1.21.4

# Apply the patch
patch -p1 < ../nginx-quic/quic.patch

Now, compile Nginx with HTTP/3 support:

./auto/configure --prefix=/usr/local/nginx \
--with-http_v2_module \
--with-http_v3_module \
--with-cc-opt='-I/usr/local/include' \
--with-ld-opt='-L/usr/local/lib' \
--with-openssl=/usr/local/src/openssl \
--with-openssl-opt='enable-tls1_3 enable-ec_nistp_64_gcc_128 enable-tls1_3' \
--with-debug

gmake
sudo gmake install

Step 5: Configure Nginx for HTTP/3

Create and edit the Nginx configuration file to enable HTTP/3. Open /usr/local/nginx/conf/nginx.conf in a text editor:

sudo nano /usr/local/nginx/conf/nginx.conf

Add the following configuration:

events {
    worker_connections 1024;
}

http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        listen 443 quic reuseport;
        listen [::]:443 quic reuseport;

        ssl_certificate     /path/to/your/fullchain.pem;
        ssl_certificate_key /path/to/your/privkey.pem;
        ssl_protocols       TLSv1.3;
        ssl_prefer_server_ciphers off;

        ssl_early_data on;
        ssl_session_cache    shared:SSL:50m;
        ssl_session_timeout  1d;
        ssl_session_tickets  off;
        ssl_dhparam          /path/to/dhparam.pem;

        add_header Alt-Svc 'h3-23=":443"; ma=86400'; # Advertise HTTP/3 support
        add_header QUIC-Status $quic; # Optional

        location / {
            root   html;
            index  index.html index.htm;
        }
    }
}

Replace /path/to/your/fullchain.pem and /path/to/your/privkey.pem with the paths to your SSL certificate and key files. If you don’t have SSL certificates yet, you can use Certbot to obtain them:

sudo pkg install py37-certbot py37-certbot-nginx
sudo certbot --nginx -d your_domain.com

Step 6: Start Nginx

Start Nginx with the following command:

sudo /usr/local/nginx/sbin/nginx

To ensure Nginx starts on boot, add the following line to /etc/rc.conf:

nginx_enable="YES"

You can now start and enable Nginx:

sudo service nginx start

Step 7: Verify HTTP/3 Support

To verify that your Nginx server is using HTTP/3, you can use online tools like https://http3check.net/ or browser developer tools. Open the Network tab in the developer tools, visit your site, and check the protocol used.

Conclusion

Congratulations! You've successfully installed and configured Nginx with HTTP/3 support on FreeBSD. Your server is now equipped to handle the latest HTTP protocol, providing faster and more secure connections for your visitors. If you encounter any issues, refer to the Nginx and FreeBSD documentation for additional guidance. Happy hosting!