evansun922 / nginx-quic Goto Github PK

View Code? Open in Web Editor NEW

230.0 24.0 76.0 15.43 MB

nginx support quic

License: BSD 2-Clause "Simplified" License

Python 0.94% C++ 10.05% C 87.58% XSLT 1.12% Shell 0.02% HTML 0.29%

nginx-quic's Introduction

Help us to improve the Nginx-Quic

Begin to Nginx-Quic

Why nginx-quic

The purpose of this project is to make nginx support quic and keep the original functions of nginx unchanged. this project requires nignx and chromium source code

At present, this project had only been tested under the Linux kernel and epoll network, which requires Linux kernel 4.18.20-1. El6. Elrepo. X86_64 and above, currently, nginx-quic only test on 1.14.2 and 1.16.0 version of nginx, and nginx-1.16.0 and above is recommended.

We implemented a set of "RTMP over quic" solutions, using nginx-rtmp-module for the server and srs-librtmp for the client, this srs-librtmp-quic project links is https://github.com/sonysuqin/SrsQuic.

There is a compiled nginx-quic in bin,you can run it on centos, redhat, ubuntu, etc, the test nginx-quic's --prefix=/opt/nginx/.

中文版文档

Compile

The compilation step of nginx-quic is quite complicated, so I will try to explain it in detail. In addition, you can read some gn documents to learn it.

The compilation needs to be carried out under ubuntu 14, which can be compiled using virtual machine. please see the official website of chromium for Linux system requirements.

download chromium, see: the official website of chromium.
download nginx source code.
run mk2gn.py, The parameters of the script are as follows:

            python3 mk2gn.py </path/to/nginx> </path/to/chromium/src> <args>

             </path/to/nginx>:                      path of nginx.
             </path/to/chromium/src>:    path of chromium/src.
             < args>:                                          when configure nginx, the parameters required to configure.

if you need to build rtmp-quic, you can add "--add-module=/path/to/nginx-quic/quic_rtmp/nginx-rtmp-module".
cd /path/to/chromium/src, and run gn gen out/Release --args="is_component_build=false is_debug=false".
run ninja -C out/Release nginx.

Mark：

If you need to define macros or add some libraries, you can manually modify the chromium/src/net/BUILD.gn about the configuration of nginx.

                            executable("nginx") {
                                sources = [
                                    # the source file .c or .cc,  you don't usually modify it.
                                ]
                                include_dirs = [
                                    #add the directory dir to the list of directories to be searched for header files during preprocessing.
                                ]
                                lib_dirs = [
                                    #  add directory dir to the list of directories to be searched for libraries.
                                ]
                                libs = [
                                    # dynamic library: pthread or static library: /path/xxx.a
                                ]
                                cflags_c = [
                                    # compile option flags
                                    "-D_FORTIFY_SOURCE=2",
                                    "-DTCP_FASTOPEN=23",
                                    "-DNDK_SET_VAR",
                                ]
                            }

All of static libraries used by nginx, which should be compiled with the flag "-fPIC".
no use openssl, nginx-quic use boringssl of chromium.

nginx-quic Configuration

Example Configuration

      http {

          ...

          server {
               listen              443 quic reuseport  sndbuf=1048576 rcvbuf=1048576;
              
              ssl_certificate           ssl/tv.test.com.crt;
              ssl_certificate_key       ssl/tv.test.com.pkcs8;



              ...
          }

Directives

Syntax:                listen   quic;
Default:               listen   *:80 | *:8000 quic;
Context:              server
Example:             listen       443 quic reuseport sndbuf=1048576 rcvbuf=1048576;
add flag "quic" of "listen" for using quic ,  when you use flag "quic", be sure to bring the flag "reuseport" and you can not used "ssl" or "http2" at the same time.


Syntax:       quic_stream_buffered_size   1048576;
Default:      1048576 
Context:      server
send cache size of quic stream.


Syntax:            quic_bbr      on | off;
Default:           quic_bbr      off;
Context:          http,  server,  location
enable bbr of quic


Syntax:            quic_ietf_draft      on | off;
Default:           quic_ietf_draft      off;
Context:          http,  server,  location
use the IETF draft version.


Syntax:          quic_flush_interval     number;
Default:         quic_flush_interval     40;
Context:        http,  server,   location
the buffered of sendmmsg is refreshed every "number" milliseconds.


Syntax:          quic_idle_network_timeout     time;
Default:         quic_idle_network_timeout     10m;
Context:        http,  server,   location
Idle network timeout in seconds.

nginx-rtmp Configuration

Example Configuration

      rtmp {

          ...

          server {

                     listen         1935 so_keepalive=on;
                     listen         1935 quic reuseport;

                     ssl_certificate                ssl/tv.test.com.crt;
                     ssl_certificate_key       ssl/tv.test.com.key; 
                                                             
                   application live {
                             live on;
                             idle_streams        off;
                             drop_idle_publisher 1800s;
                             sync                1s;
                             wait_key            on;
                             wait_video          on;    
                    }
          }
  }

Directives

Syntax:                listen   quic;
Default:               listen   *:80 | *:8000 quic;
Context:              server
Example:             listen       1935 quic reuseport sndbuf=1048576 rcvbuf=1048576;
add flag "quic" of "listen" for using quic ,  when you use flag "quic", be sure to bring the flag "reuseport" and you can not used "ssl" or "http2" at the same time.


Syntax:       quic_stream_buffered_size   1048576;
Default:      1048576 
Context:      server
send cache size of quic stream.


Syntax:          quic_flush_interval     number;
Default:         quic_flush_interval     40;
Context:        http,  server,   location
the buffered of sendmmsg is refreshed every "number" milliseconds.

Copyright

SOHU-TV, Inc.

Author

sunlei email: [email protected]

nginx-quic's People

Contributors

Stargazers

Watchers

Forkers

1995zyf lcax200000 cmathser devangle han4235 gundam001 zuobeixing compmfm funnyproject 1008610010 mrsz swinsey liunianjie aguaimama zhaominso jasongwq matirx-tian zzhcs yefy charlesvhe anotherjin dengmh123 inste lihaogu alexliyu7352 zxbin2000 wilsondhchen niesongsong saminigod hank4187yan ashleemikeyoung husttb ytwang0320 coding-ha sihaizhida donnyliuyang medialib-leo zengqiang2013 agent-tao wschacker xvmoon adteven kevinzhu2014 ldong2014 macrolau zjd87 chundonglinlin freemind-lj zhangbao0325 think-me zhanghuanwang merry1314 taohaolong letemps ganyuanzhen anders0913 wwbingo jorenwu84 dyadyajora fklearn elivesgm 406345 lmhit yfming rumjxl smilebinbin proud-sun geniuschishao adas-eye sunnie-star weiyiqianlima fairyqb junkai0531 qcmc17 freashmeat

nginx-quic's Issues

listen quic时，所有server块对应的网页都无法访问

使用本项目master分支和chromuim 83.0.4100.2编译，在不打开quic时工作正常，打开quic后所有网页都无法访问，查看log表明nginx没有接收到任何请求
使用nmap扫描443端口，tcp状态为fliter，udp状态为open|fliter
系统的内核版本是4.14.129，发行版本是CentOS Linux release 7.8.2003 (Core)
在Ubuntu18.04上完成编译

附上编译完成的文件
nginx.zip

能否说明一下项目对应的chromium版本？

编译失败，怀疑是chromium的问题

[157/503] CXX obj/net/nginx/quic_ngx_http_interface.o
FAILED: obj/net/nginx/quic_ngx_http_interface.o 
../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/net/nginx/quic_ngx_http_interface.o.d -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_GNU_SOURCE -DCR_CLANG_REVISION=\"n346557-4e0d9925-3\" -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -D_LIBCPP_ABI_UNSTABLE -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCXXABI_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCPP_ENABLE_NODISCARD -DCR_LIBCXX_REVISION=375504 -DCR_SYSROOT_HASH=52cf2961a3cddc0d46e1a2f7d9bf376fc16a61de -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_40 -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_40 -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -I/home/zxilly/Downloads/nginx-1.18.0/src/core -I/home/zxilly/Downloads/nginx-1.18.0/src/event -I/home/zxilly/Downloads/nginx-1.18.0/src/event/modules -I/home/zxilly/Downloads/nginx-1.18.0/src/os/unix -I/www/server/nginx/src/ngx_devel_kit/objs -I/home/zxilly/Downloads/nginx-1.18.0/objs/addon/ndk -I/home/zxilly/Downloads/nginx-1.18.0/pcre-8.43 -I/usr/include/libxml2 -I/home/zxilly/Downloads/nginx-1.18.0/objs -I/home/zxilly/Downloads/nginx-1.18.0/src/http -I/home/zxilly/Downloads/nginx-1.18.0/src/http/modules -I/home/zxilly/Downloads/nginx-1.18.0/src/http/v2 -I/www/server/nginx/src/ngx_devel_kit/src -I/www/server/nginx/src/ngx_devel_kit/src -I/www/server/nginx/src/ngx_devel_kit/objs -I/home/zxilly/Downloads/nginx-1.18.0/objs/addon/ndk -I/root/ngx_brotli/deps/brotli/c/include -I/www/server/nginx/chromium/nginx-quic/quic_http/chromium -I/www/server/nginx/chromium/nginx-quic/quic_tools -I/home/zxilly/Downloads/nginx-1.18.0/src/stream -I/www/server/nginx/include -I../.. -Igen -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/protobuf/src -I../../third_party/boringssl/src/include -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -B../../third_party/binutils/Linux_x64/Release/bin -pthread -fcolor-diagnostics -fmerge-all-constants -fcrash-diagnostics-dir=../../tools/clang/crashreports -Xclang -mllvm -Xclang -instcombine-lower-dbg-declare=0 -fcomplete-member-pointers -m64 -march=x86-64 -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -Xclang -fdebug-compilation-dir -Xclang . -no-canonical-prefixes -Wall -Werror -Wextra -Wimplicit-fallthrough -Wunreachable-code -Wthread-safety -Wextra-semi -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-unneeded-internal-declaration -Wno-undefined-var-template -Wno-ignored-pragma-optimize -Wno-implicit-int-float-conversion -Wno-final-dtor-non-final-class -Wno-builtin-assume-aligned-alignment -Wno-deprecated-copy -Wno-non-c-typedef-for-linkage -O2 -fno-ident -fdata-sections -ffunction-sections -fno-omit-frame-pointer -g0 -ftrivial-auto-var-init=pattern -fvisibility=hidden -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-ipc -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/glib-2.0 -isystem../../build/linux/debian_sid_amd64-sysroot/usr/lib/x86_64-linux-gnu/glib-2.0/include -Wno-shorten-64-to-32 -Wno-header-guard -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/nss -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/nspr -std=c++14 -fno-exceptions -fno-rtti -nostdinc++ -isystem../../buildtools/third_party/libc++/trunk/include -isystem../../buildtools/third_party/libc++abi/trunk/include --sysroot=../../build/linux/debian_sid_amd64-sysroot -fvisibility-inlines-hidden -c /www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc -o obj/net/nginx/quic_ngx_http_interface.o
In file included from /www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc:8:
In file included from ../../buildtools/third_party/libc++/trunk/include/vector:274:
In file included from ../../buildtools/third_party/libc++/trunk/include/__bit_reference:15:
In file included from ../../buildtools/third_party/libc++/trunk/include/algorithm:643:
../../buildtools/third_party/libc++/trunk/include/memory:3043:32: error: allocating an object of abstract class type 'quic::ProofSourceNginx'
    return unique_ptr<_Tp>(new _Tp(_VSTD::forward<_Args>(__args)...));
                               ^
/www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc:116:28: note: in instantiation of function template specialization 'std::__1::make_unique<quic::ProofSourceNginx>' requested here
  auto proof_source = std::make_unique<quic::ProofSourceNginx>();
                           ^
../../net/third_party/quiche/src/quic/core/crypto/proof_source.h:194:26: note: unimplemented pure virtual method 'GetTicketCrypter' in 'ProofSourceNginx'
  virtual TicketCrypter* GetTicketCrypter() = 0;
                         ^
1 error generated.
[170/503] CXX obj/net/simple_quic_tools/quic_http_proxy_backend.o
ninja: build stopped: subcommand failed.

通过SrsQuic无法推流成功

通过SrsQuic编译后的raw_h264_publisher推流到nginx失败，nginx采用的是提供的bin文件，没有自己编译，失败原因是提示协议不支持，协议列表是空的，这是什么原因呢？在CentOS6或7上面都是一样的错误

nginx_quic编译问题

1 nginx编译configure参数是只有--add-module=/path/to/nginx-quic/quic_rtmp/nginx-rtmp-module吗，这样配置的话，编译报错：
ngx_http_quic_module.c:255:3: error: use of undeclared identifier 'ngx_http_ssl_srv_conf_t'
ngx_http_ssl_srv_conf_t *sscf;
^
ngx_http_quic_module.c:255:36: error: use of undeclared identifier 'sscf'; did you mean 'qscf'?
ngx_http_ssl_srv_conf_t *sscf;
^~~~
qscf
ngx_http_quic_module.c:250:36: note: 'qscf' declared here
ngx_http_quic_srv_conf_t *qscf;
似乎加上 --with-http_ssl_module可以编译通过

2 使用带--with-http_ssl_module编译的nginx,没有看到向client发包的过程，error.log提示进程挂掉，如下：
2020/10/28 21:04:55 [notice] 52964#0: signal 17 (SIGCHLD) received from 52972
2020/10/28 21:04:55 [alert] 52964#0: worker process 52972 exited on signal 11
2020/10/28 21:04:55 [notice] 52964#0: start worker process 52973
定位像是SSL_do_handshake挂掉，请问该如何继续定位呢

3 贴下nginx.conf
worker_processes 1;

error_log logs/error.log debug;
worker_rlimit_core 10000m;
working_directory /usr/local/nginx/logs;

events {
worker_connections 1024;
}

rtmp {
log_format rtmp_log '$remote_addr [$time_local] $command "$app" "$name" "$args" '
'$bytes_received $bytes_sent $session_time '
'"$pageurl" "$tcurl" "$swfurl" "$flashver"';
access_log logs/rtmp.log;
server {
listen 1935 so_keepalive=on;
listen 1935 quic reuseport;

    ssl_certificate     out/leaf_cert.pem;
    ssl_certificate_key out/leaf_cert.key;
    
    max_message 10M;
    publish_time_fix  on;
    chunk_size     4096;
    out_queue      17;

    application show {
        live on;

        idle_streams        off;
        drop_idle_publisher 1800s;
        sync                1s;
        wait_key            on;
        wait_video          off;
        notify_method       get;

        #record keyframes;
        #record_path /tmp;
        #record_max_size 128K;
        #record_interval 30s;
        #record_suffix .this.is.flv;

        #on_publish http://localhost:8080/publish;
        #on_play http://localhost:8080/play;
        #on_record_done http://localhost:8080/record_done;
    }
}

}

http {
server {
listen 8080;

    location /stat {
        rtmp_stat all;
        rtmp_stat_stylesheet stat.xsl;
    }

    location /stat.xsl {
        root /path/to/nginx-rtmp-module/;
    }

    location /control {
        rtmp_control all;
    }

    #location /publish {
    #    return 201;
    #}

    #location /play {
    #    return 202;
    #}

    #location /record_done {
    #    return 203;
    #}

    location /rtmp-publisher {
        root /home/jack/workspace/quic/server/nginx-rtmp-module/test;
    }

    location / {
        root /home/jack/workspace/quic/server/nginx-rtmp-module/test/www;
    }
}

}
crt和key文件都是chromium里的脚本生成的

感谢开源，求指导

欲编译 nginx 时报错

执行编译脚本后最后一行报错：
` nginx path prefix: "/www/server/nginx"
nginx binary file: "/www/server/nginx/sbin/nginx"
nginx modules path: "/www/server/nginx/modules"
nginx configuration prefix: "/www/server/nginx/conf"
nginx configuration file: "/www/server/nginx/conf/nginx.conf"
nginx pid file: "/www/server/nginx/logs/nginx.pid"
nginx error log file: "/www/server/nginx/logs/error.log"
nginx http access log file: "/www/server/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"

open "objs/Makefile" failed, string index out of range`
好像是 Python 执行过程中出错了。

compatible with dash_variant

这个会支持mpeg-dash的的一些配置吗？比如dash_variant等

quic这边是等body接收完了才响应的?

请求最后提交到nginx层是通过QuicNgxBackend::FetchResponseFromBackend的，而这是在body都接收完成才走的？

能否介绍下使用QUIC后的提升效果

请求一份Nginx-quic的客户端demo的源码

您好！我最近在学习Nginx相关的实践项目, 请问您是否方便分享客户端demo，即bequic_client的源代码给我一份呢？

log_level do not work

hi,when i set error log_level in nginx.conf like this :
error_log /data/proclog/log/error.log info;
but the quic info do not print to error.log

How to let nginx log the ssl key log file by changing nginx.conf file

Hi @evansun922 ,

My goal is capture the pcap file on my linux machine which is using nginx to connect and decrypt those packets using ssl key log file.but i am unable to find how to capture ssl key log file on nginx. Could someone please help me how to capture ssl key log file ?

Thanks,
Kartheek.

可否提供一个Nginx配置文件的完整示例

Hi Evan，

我在使用 chromium-80.0.3963.1 配置文件如下：
使用listen 443 ssl;时可以正常访问，
使用listen 443 quic reuseport sndbuf=1048576 rcvbuf=1048576;时页面无法访问，
请问是不是我配置文件有问题，能否给个完整的nginx配置示例呀？

worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

server {
    listen       80;
    server_name  example.com;

    location / {
        root   /mnt/d/wsl/MaxiBiz;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

}

server {
    listen              443 quic reuseport  sndbuf=1048576 rcvbuf=1048576;
    server_name  example.com;

    ssl_certificate      /mnt/d/wsl/example_com.pem;
    ssl_certificate_key  /mnt/d/wsl/example_com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /mnt/d/wsl/MaxiBiz;
        index  index.html index.htm;
    }
}

}

evansun922 / nginx-quic Goto Github PK

nginx-quic's Introduction

Help us to improve the Nginx-Quic

Begin to Nginx-Quic

Why nginx-quic

Compile

Mark：

nginx-quic Configuration

Example Configuration

Directives

nginx-rtmp Configuration

Example Configuration

Directives

Copyright

Author

nginx-quic's People

Contributors

Stargazers

Watchers

Forkers

nginx-quic's Issues

Recommend Projects

Recommend Topics

Recommend Org