We have been using Nginx with HTTP3 for more than 1 year on our production server and handle daily request (including search engine bots) more than 5 Million and daily human page views about 150.000 – 300.000 without any problem.
We have running Nginx with HTTP3 on CentOS 7 and CentOS 9 Stream.
Also Read: Nginx Virtual Host Traffic Status Module to Monitor Nginx
To install Nginx with HTTP 3 from Codeit Repository, first we need to enable Epel repository and enable CRB repository
sudo dnf config-manager --set-enabled crb
sudo install -y epel-release
sudo dnf update --refreshOn RHEL 9:
sudo subscription-manager repos --enable codeready-builder-for-rhel-9-$(arch)-rpms
sudo dnf install \
https://dl.fedoraproject.org/pub/epel/epel-release-latest-9.noarch.rpm
sudo dnf update --refreshAlso Read: How to install and enable REMI repository on CentOS 9 Stream
Then install CodeIt repository using command below:
sudo dnf install -y https://repo.codeit.guru/codeit-repo-release.el9.rpmThen enable module codeit-mainline
sudo dnf module enable -y nginx:codeit-mainline
sudo dnf update --refreshNow install Nginx 1.25.0 using command:
sudo dnf install nginx-module-image-filter nginx-module-xslt nginx-module-perlNow we have Nginx 1.25.0 with HTTP 3 supported
How to enable HTTP3 on Nginx 1.25.0
To enable HTTP 3 on Nginx we need to add configuration on server block
server {
listen 443 quic reuseport;
listen 443 ssl http2;
server_name serverdiary.com;
ssl_session_tickets on;
# Generate 4K Diffie-Hellman params file with
# mkdir /etc/pki/nginx && openssl dhparam -out /etc/pki/nginx/dhparam.pem 4096
# and uncomment the following line:
# ssl_dhparam /etc/pki/nginx/dhparam.pem;
ssl_session_timeout 24h;
ssl_session_cache shared:SSL:30m;
ssl_early_data on;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ecdh_curve X25519:P-256:P-384;
ssl_ciphers EECDH+CHACHA20:EECDH+AES128:EECDH+AES256:RSA+AES128:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5:!DES-CBC3-SHA:!ECDHE-RSA-DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
proxy_set_header Early-Data $ssl_early_data;
add_header Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"';
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
quic_retry on;
ssl_certificate /etc/letsencrypt/live/serverdiary.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/serverdiary.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/serverdiary.com/fullchain.pem;
......
}Check Nginx configuration using command:
nginx -tIf there is no problem found, start Nginx and enable Nginx on boot / start up using command:
systemctl start nginx
systemctl enable nginx
You can check HTTP3 here is working online.
