How to install and configure Nginx with HTTP3 on CentOS 9 Stream / RHEL 9

How to install and configure Nginx with HTTP3 on CentOS 9 Stream

We have been using Nginx with HTTP3 for more than 1 year on our production server and handle daily request (including search engine bots) more than 5 Million and daily human page views about 150.000 – 300.000 without any problem.

We have running Nginx with HTTP3 on CentOS 7 and CentOS 9 Stream.

Nginx Vhost Traffic Status

Also Read: Nginx Virtual Host Traffic Status Module to Monitor Nginx

To install Nginx with HTTP 3 from Codeit Repository, first we need to enable Epel repository and enable CRB repository

sudo dnf config-manager --set-enabled crb
sudo install -y epel-release
sudo dnf update --refresh

On RHEL 9:

sudo subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
sudo dnf install \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
sudo dnf update --refresh

Also Read: How to install and enable REMI repository on CentOS 9 Stream

Then install CodeIt repository using command below:

sudo dnf install -y https://repo.codeit.guru/codeit-repo-release.el9.rpm

Then enable module codeit-mainline

sudo dnf module enable -y nginx:codeit-mainline
sudo dnf update --refresh

Now install Nginx 1.25.0 using command:

sudo dnf install nginx-module-image-filter nginx-module-xslt nginx-module-perl

Now we have Nginx 1.25.0 with HTTP 3 supported

How to enable HTTP3 on Nginx 1.25.0

To enable HTTP 3 on Nginx we need to add configuration on server block

server {
	listen   443 quic reuseport;
	listen   443 ssl http2;
	server_name serverdiary.com;
	
	ssl_session_tickets on;
	# Generate 4K Diffie-Hellman params file with
	# mkdir /etc/pki/nginx && openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
	# and uncomment the following line:
	# ssl_dhparam /etc/pki/nginx/dhparam.pem;
	ssl_session_timeout 24h;
	ssl_session_cache shared:SSL:30m;
	ssl_early_data on;
	ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
	ssl_ecdh_curve X25519:P-256:P-384;
	ssl_ciphers EECDH+CHACHA20:EECDH+AES128:EECDH+AES256:RSA+AES128:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA;
	ssl_prefer_server_ciphers on;
	proxy_set_header Early-Data $ssl_early_data;
	add_header Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"';
	add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
	quic_retry on;
	
	ssl_certificate /etc/letsencrypt/live/serverdiary.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/serverdiary.com/privkey.pem;
	ssl_trusted_certificate /etc/letsencrypt/live/serverdiary.com/fullchain.pem;
	
	......
}

Check Nginx configuration using command:

nginx -t

If there is no problem found, start Nginx and enable Nginx on boot / start up using command:

systemctl start nginx
systemctl enable nginx

You can check HTTP3 here is working online.

ServerDiary

ServerDiary

Leave a Reply

Your email address will not be published. Required fields are marked *