├── CONTRIBUTING.md ├── .github ├── FUNDING.yml └── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md ├── LICENSE ├── NGINX-password-protection.md ├── INSTALL_WORDPRESS.md ├── CODE_OF_CONDUCT.md └── README.md /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | You are welcome to contribute. Make sure to raise an issue first. 4 | -------------------------------------------------------------------------------- /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | patreon: fhdaax 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | custom: ['https://www.buymeacoffee.com/fhdaax'] 13 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for this project 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a report to help us improve 4 | title: '' 5 | labels: '' 6 | assignees: '' 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Screenshots** 24 | If applicable, add screenshots to help explain your problem. 25 | 26 | **Desktop (please complete the following information):** 27 | - OS: [e.g. iOS] 28 | - Browser [e.g. chrome, safari] 29 | - Version [e.g. 22] 30 | 31 | **Smartphone (please complete the following information):** 32 | - Device: [e.g. iPhone6] 33 | - OS: [e.g. iOS8.1] 34 | - Browser [e.g. stock browser, safari] 35 | - Version [e.g. 22] 36 | 37 | **Additional context** 38 | Add any other context about the problem here. 39 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2022 Fahad Hossain 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /NGINX-password-protection.md: -------------------------------------------------------------------------------- 1 | # Password-Protected Setup for Nginx 2 | 3 | This guide explains how to password-protect your website deployed using Ubuntu, and Nginx using HTTP basic authentication. 4 | 5 | ## Prerequisites: 6 | - Ubuntu server 7 | - Nginx server 8 | - SSH access with sudo privileges. 9 | 10 | ## Steps: 11 | 12 | ### 1. Install Apache2 Utilities: 13 | 14 | Apache2 Utilities package includes `htpasswd` utility that is used to create and manage password files. 15 | 16 | Command to install it: 17 | 18 | ```shell 19 | sudo apt-get install apache2-utils 20 | ``` 21 | 22 | ### 2. Create Password File: 23 | 24 | Next, create a password file which will store the user credentials. 25 | 26 | Replace `user1` with your chosen username. You'll be prompted to enter and confirm your password for the provided username. 27 | 28 | ```bash 29 | sudo htpasswd -c /etc/nginx/nextpasswd user1 30 | ``` 31 | 32 | ### 3. Configure Nginx: 33 | 34 | Configure Nginx to use the password file for HTTP basic authentication. 35 | 36 | Open your Nginx configuration file. It might be located at `/etc/nginx/sites-available/default` or at `/etc/nginx/sites-available/domain.com`. 37 | 38 | Include these lines inside the server block where your location is configured (/ in case of the main domain): 39 | 40 | ```nginx 41 | location / { 42 | auth_basic "Administrator’s Area"; 43 | auth_basic_user_file /etc/nginx/nextpasswd; 44 | ... 45 | } 46 | ``` 47 | 48 | ### 4. Restart Nginx: 49 | 50 | After configuring, validate and then reload Nginx service: 51 | 52 | ```bash 53 | sudo nginx -t 54 | sudo systemctl restart nginx 55 | ``` 56 | 57 | When you now try to access your website, you would be asked for the username and password. This ensures that your website is now password protected. 58 | -------------------------------------------------------------------------------- /INSTALL_WORDPRESS.md: -------------------------------------------------------------------------------- 1 | Install mySQL 2 | 3 | ``` 4 | sudo apt install mysql-server mysql-client 5 | ``` 6 | 7 | Start database 8 | ``` 9 | sudo systemctl start mysql 10 | ``` 11 | 12 | Enable mysql 13 | ``` 14 | sudo systemctl enable mysql 15 | ``` 16 | 17 | Database setup 18 | ``` 19 | sudo mysql_secure_installation 20 | ``` 21 | 22 | `yes` to all 23 | 24 | Login to DB 25 | ``` 26 | sudo mysql -u root -p 27 | ``` 28 | 29 | Create Database 30 | ``` 31 | create database wordpress 32 | ``` 33 | 34 | create user for the database 35 | ``` 36 | create user "wpadmin"@"localhost" identified by "strongPASSword"; 37 | ``` 38 | 39 | allow access 40 | ``` 41 | grant all privileges on wordpress.* to "wpadmin"@"localhost"; 42 | ``` 43 | 44 | reload & exit 45 | ``` 46 | flush privileges; 47 | exit; 48 | ``` 49 | 50 | ## Install PHP 51 | ``` 52 | sudo apt install -y php7.4 php7.4-gd php7.4-mysql php7.4-zip php7.4-fpm 53 | ``` 54 | 55 | Download wordpress 56 | ``` 57 | wget https://wordpress.org/latest.zip 58 | ``` 59 | 60 | Extract wordpress 61 | ``` 62 | unzip latest.zip 63 | ``` 64 | 65 | > Install **unzip** if you don't have it installed. 66 | > ``` 67 | > sudo apt install -y unzip 68 | > ``` 69 | 70 | make neccessary directories 71 | ``` 72 | sudo mkdir -p /var/www 73 | sudo mkdir -p /var/www/html 74 | ``` 75 | 76 | copy wordpress to `/var/www/html/` 77 | ``` 78 | sudo cp wordpress /var/www/html/ 79 | ``` 80 | 81 | change ownership 82 | ``` 83 | sudo chown -R www-data:www-data /var/www 84 | ``` 85 | 86 | ## Nginx config 87 | 88 | configure the site 89 | ``` 90 | sudo nano sites-available/yoursite.com 91 | ``` 92 | 93 | paste the config 94 | ``` 95 | server { 96 | ## Your website name goes here. 97 | server_name yoursite.com; 98 | ## Your only path reference. 99 | root /var/www/html/wordpress; 100 | ## This should be in your http block and if it is, it's not needed here. 101 | index index.php index.html; 102 | 103 | location = /favicon.ico { 104 | log_not_found off; 105 | access_log off; 106 | } 107 | 108 | location = /robots.txt { 109 | allow all; 110 | log_not_found off; 111 | access_log off; 112 | } 113 | 114 | location / { 115 | # This is cool because no php is touched for static content. 116 | # include the "?$args" part so non-default permalinks doesn't break when using query string 117 | try_files $uri $uri/ /index.php?$args; 118 | } 119 | 120 | location ~ \.php$ { 121 | #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini 122 | include fastcgi_params; 123 | fastcgi_intercept_errors on; 124 | fastcgi_pass unix:/var/run/php/php7.4-fpm.sock; 125 | #The following parameter can be also included in fastcgi_params file 126 | fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; 127 | } 128 | 129 | location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { 130 | expires max; 131 | log_not_found off; 132 | } 133 | } 134 | ``` 135 | 136 | test nginx config 137 | ``` 138 | sudo nginx -t 139 | ``` 140 | 141 | restart nginx 142 | ``` 143 | sudo systemctl restart nginx 144 | ``` 145 | 146 | the site should go live 147 | install ssl 148 | 149 | ``` 150 | sudo certbot --nginx -d yoursite.com 151 | ``` 152 | 153 | > if you don't have **certbot** installed 154 | > ``` 155 | > sudo snap install certbot --classic 156 | > ``` 157 | 158 | restart nginx once for the last 159 | ``` 160 | sudo systemctl restart nginx 161 | ``` 162 | 163 | Now, configure wordpress by visiting your site and enjoy. 164 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our Pledge 4 | 5 | We as members, contributors, and leaders pledge to make participation in our 6 | community a harassment-free experience for everyone, regardless of age, body 7 | size, visible or invisible disability, ethnicity, sex characteristics, gender 8 | identity and expression, level of experience, education, socio-economic status, 9 | nationality, personal appearance, race, religion, or sexual identity 10 | and orientation. 11 | 12 | We pledge to act and interact in ways that contribute to an open, welcoming, 13 | diverse, inclusive, and healthy community. 14 | 15 | ## Our Standards 16 | 17 | Examples of behavior that contributes to a positive environment for our 18 | community include: 19 | 20 | * Demonstrating empathy and kindness toward other people 21 | * Being respectful of differing opinions, viewpoints, and experiences 22 | * Giving and gracefully accepting constructive feedback 23 | * Accepting responsibility and apologizing to those affected by our mistakes, 24 | and learning from the experience 25 | * Focusing on what is best not just for us as individuals, but for the 26 | overall community 27 | 28 | Examples of unacceptable behavior include: 29 | 30 | * The use of sexualized language or imagery, and sexual attention or 31 | advances of any kind 32 | * Trolling, insulting or derogatory comments, and personal or political attacks 33 | * Public or private harassment 34 | * Publishing others' private information, such as a physical or email 35 | address, without their explicit permission 36 | * Other conduct which could reasonably be considered inappropriate in a 37 | professional setting 38 | 39 | ## Enforcement Responsibilities 40 | 41 | Community leaders are responsible for clarifying and enforcing our standards of 42 | acceptable behavior and will take appropriate and fair corrective action in 43 | response to any behavior that they deem inappropriate, threatening, offensive, 44 | or harmful. 45 | 46 | Community leaders have the right and responsibility to remove, edit, or reject 47 | comments, commits, code, wiki edits, issues, and other contributions that are 48 | not aligned to this Code of Conduct, and will communicate reasons for moderation 49 | decisions when appropriate. 50 | 51 | ## Scope 52 | 53 | This Code of Conduct applies within all community spaces, and also applies when 54 | an individual is officially representing the community in public spaces. 55 | Examples of representing our community include using an official e-mail address, 56 | posting via an official social media account, or acting as an appointed 57 | representative at an online or offline event. 58 | 59 | ## Enforcement 60 | 61 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 62 | reported to the community leaders responsible for enforcement at 63 | fahad@avalonx.io. 64 | All complaints will be reviewed and investigated promptly and fairly. 65 | 66 | All community leaders are obligated to respect the privacy and security of the 67 | reporter of any incident. 68 | 69 | ## Enforcement Guidelines 70 | 71 | Community leaders will follow these Community Impact Guidelines in determining 72 | the consequences for any action they deem in violation of this Code of Conduct: 73 | 74 | ### 1. Correction 75 | 76 | **Community Impact**: Use of inappropriate language or other behavior deemed 77 | unprofessional or unwelcome in the community. 78 | 79 | **Consequence**: A private, written warning from community leaders, providing 80 | clarity around the nature of the violation and an explanation of why the 81 | behavior was inappropriate. A public apology may be requested. 82 | 83 | ### 2. Warning 84 | 85 | **Community Impact**: A violation through a single incident or series 86 | of actions. 87 | 88 | **Consequence**: A warning with consequences for continued behavior. No 89 | interaction with the people involved, including unsolicited interaction with 90 | those enforcing the Code of Conduct, for a specified period of time. This 91 | includes avoiding interactions in community spaces as well as external channels 92 | like social media. Violating these terms may lead to a temporary or 93 | permanent ban. 94 | 95 | ### 3. Temporary Ban 96 | 97 | **Community Impact**: A serious violation of community standards, including 98 | sustained inappropriate behavior. 99 | 100 | **Consequence**: A temporary ban from any sort of interaction or public 101 | communication with the community for a specified period of time. No public or 102 | private interaction with the people involved, including unsolicited interaction 103 | with those enforcing the Code of Conduct, is allowed during this period. 104 | Violating these terms may lead to a permanent ban. 105 | 106 | ### 4. Permanent Ban 107 | 108 | **Community Impact**: Demonstrating a pattern of violation of community 109 | standards, including sustained inappropriate behavior, harassment of an 110 | individual, or aggression toward or disparagement of classes of individuals. 111 | 112 | **Consequence**: A permanent ban from any sort of public interaction within 113 | the community. 114 | 115 | ## Attribution 116 | 117 | This Code of Conduct is adapted from the [Contributor Covenant][homepage], 118 | version 2.0, available at 119 | https://www.contributor-covenant.org/version/2/0/code_of_conduct.html. 120 | 121 | Community Impact Guidelines were inspired by [Mozilla's code of conduct 122 | enforcement ladder](https://github.com/mozilla/diversity). 123 | 124 | [homepage]: https://www.contributor-covenant.org 125 | 126 | For answers to common questions about this code of conduct, see the FAQ at 127 | https://www.contributor-covenant.org/faq. Translations are available at 128 | https://www.contributor-covenant.org/translations. 129 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # How to setup Nginx with QUIC/HTTP3 support 2 | 3 | You're about to build and install Nginx server with QUIC/HTTP3 support. I am assuming that you already know what it is and how it works. Also keep in mind that, this build is not suppose to run on a production server. 4 | 5 | ### Either you build one or you can download which is already built and tested for you from the [release](https://github.com/fhdaax/nginxQUIC/releases) of this repository, and follow only the setup guide down below. 6 | 7 | Follow up this step by step. Raise issue if you face any problem. 8 | 9 | #### Note: 4GB of RAM is recommanded for the build. 10 | 11 | ## Environment Setup 12 | 13 | First of all, login to your server and make sure that the system is up to date. 14 | 15 | ```bash 16 | sudo apt update && sudo apt upgrade -y 17 | ``` 18 | 19 | Get the necessary tools for the build. 20 | 21 | ```bash 22 | sudo apt install -y dpkg-dev uuid-dev mercurial golang libunwind-dev unzip cmake 23 | ``` 24 | 25 | ## NGINX Source Code 26 | 27 | Navigate to the folder where you want to build `nginx`, in our case, it is `~/nginx`. 28 | 29 | ```bash 30 | mkdir -p ~/nginx; cd $_ 31 | ``` 32 | 33 | We need to create a key signature so we can download repo from NGINX packages. 34 | 35 | ```bash 36 | wget https://nginx.org/keys/nginx_signing.key 37 | sudo apt-key add nginx_signing.key 38 | ``` 39 | 40 | After that, we have to edit the `/etc/apt/sources.list` and add the NGINX repositories. 41 | ```bash 42 | sudo nano /etc/apt/sources.list 43 | ``` 44 | 45 | Add these two lines at very bottom of the file. 46 | 47 | ```shell 48 | deb https://nginx.org/packages/mainline/ubuntu focal nginx 49 | deb-src https://nginx.org/packages/mainline/ubuntu focal nginx 50 | ``` 51 | Update the version name according to your system version name. In our case, it's `focal`. 52 | - Ubuntu 22.04 LTS: `jammy` 53 | - Ubuntu 20.04 LTS: `focal` 54 | - Ubuntu 18.04 LTS: `bionic` 55 | - Ubuntu 16.04 LTS: `xenial` 56 | 57 | Update your system once again. 58 | 59 | ```bash 60 | sudo apt update 61 | ``` 62 | 63 | Now, build dependencies for NGINX and pull the source code. 64 | 65 | ```bash 66 | sudo apt build-dep nginx -y 67 | sudo apt source nginx 68 | ``` 69 | After that, you should see a folder named nginx with version on the current. 70 | 71 | ## Clone Nginx-QUIC 72 | 73 | We already got the source code of nginx and now we need to get nginx-quic and sync with the source code. 74 | 75 | ```bash 76 | hg clone -b quic https://hg.nginx.org/nginx-quic 77 | ``` 78 | 79 | Get the ownership of the `nginx` directory. 80 | 81 | ```bash 82 | sudo chown -R username:username ~/nginx 83 | ``` 84 | Replace `username` with your username. 85 | 86 | Overwrite all content of the nginx-quic directory to the nginx source code folder. 87 | 88 | ```bash 89 | rsync -r nginx-quic/ nginx-x.x.x 90 | ``` 91 | 92 | ## BoringSSL module 93 | 94 | We will need a BoringSSL library that provides QUIC support. 95 | 96 | cd to the following. 97 | 98 | ```bash 99 | cd nginx-x.x.x/debain/ 100 | ``` 101 | 102 | Clone BoringSSL repo. 103 | 104 | ```bash 105 | git clone https://github.com/google/boringssl 106 | ``` 107 | 108 | Create and `cd` to `boringssl/build` directory. 109 | 110 | ```bash 111 | mkdir -p boringssl/build; cd $_ 112 | ``` 113 | 114 | Compile it to make it ready to use with nginx source code. 115 | 116 | ```bash 117 | cmake ../ 118 | make -j 8 119 | ``` 120 | This may take a few moment. 121 | 122 | ## Additional modules 123 | 124 | We will add the following two additional modules with nginx. 125 | 126 | 👉 [Pagespeed](https://developers.google.com/speed) 127 | 👉 [Brotli](https://www.nginx.com/products/nginx/modules/brotli) 128 | 129 | ### Pagespeed 130 | 131 | Back to the debain directory, make a `modules` directory and cd into it. 132 | 133 | ```bash 134 | cd ../.. 135 | mkdir -p modules; cd $_ 136 | ``` 137 | 138 | Download and extract pagespeed to the appropriate directory. 139 | 140 | ```bash 141 | wget https://github.com/apache/incubator-pagespeed-ngx/archive/v1.13.35.2-stable.zip 142 | unzip v1.13.35.2-stable.zip 143 | mv incubator-pagespeed-ngx-1.13.35.2-stable ngx_pagespeed 144 | ``` 145 | 146 | Add PSOL library for ngx_pagespeed 147 | 148 | ```bash 149 | cd ngx_pagespeed 150 | wget https://dl.google.com/dl/page-speed/psol/1.13.35.2-x64.tar.gz 151 | tar -xzvf 1.13.35.2-x64.tar.gz 152 | ``` 153 | 154 | ### Brotli 155 | 156 | Back to the `debain/modules` directory and clone Brotli repo. 157 | 158 | ```bash 159 | cd .. 160 | git clone --recursive https://github.com/google/ngx_brotli 161 | ``` 162 | 163 | ## Configure the QUIC and the modules 164 | 165 | Get back to the `dabain` directory. Sit back, we need to make a few updates to the `rules` file. 166 | 167 | ```bash 168 | cd .. 169 | nano -l rules 170 | ``` 171 | Follow these steps for the both lines that says `config.env.nginx` and `config.env.nginx_debug`, you might find these at line of 41 and 46 respectively. 172 | 173 | Add the following after `–with-stream_ssl_preread_module` 174 | 175 | ``` 176 | --with-http_v3_module --with-stream_quic_module 177 | ``` 178 | 179 | Then we need to add `-Wno-ignored-qualifiers` at the `CFLAGS=""` to disable compiler from throwing qualifiers error. 180 | 181 | ``` 182 | CFLAGS="-Wno-ignored-qualifiers" 183 | ``` 184 | 185 | Now, let's add BoringSSL. You might already see these options `--with-cc-opt` and `--with-ld-opt`. Overwrite them with the following. 186 | 187 | ``` 188 | --with-cc-opt="-I../boringssl/include $(CFLAGS)" --with-ld-opt="-L../boringssl/build/ssl -L../boringssl/build/crypto $(LDFLAGS)" 189 | ``` 190 | 191 | ### Add modules to the config 192 | 193 | At the `./configure` of *config.env.nginx* and *config.env.nginx_debug*, add the following lines right after `--sbin-path=/usr/sbin/nginx` 194 | 195 | ``` 196 | --add-module="$(CURDIR)/debian/modules/ngx_pagespeed" --add-module="$(CURDIR)/debian/modules/ngx_brotli" 197 | ``` 198 | 199 | Make sure you do the same changes on both line `config.env.nginx` and `config.env.nginx_debug`. 200 | 201 | It's time to compile. 202 | 203 | ## Conpile Nginx QUIC 204 | 205 | Before we compile, we have to add some finishing touch so we distinguish we are using mod build for NGINX. 206 | First, we have to edit the `changelog` file. 207 | 208 | ```bash 209 | nano changelog 210 | ``` 211 | 212 | Then add the following at the very beginning. 213 | 214 | ``` 215 | nginx (x.x.x-1~focal+pagespeed+brotli+http3+quic) focal; urgency=low 216 | 217 | * x.x.x-1 218 | 219 | -- YOUR_NAME Fri, 15 Oct 2021 22:30:00 +0600 220 | ``` 221 | 222 | In above to the value, change the following 223 | - `x.x.x` to the right version of the nginx source code 224 | - `focal` with the right system version name if it's not a `focal` 225 | - your name and email 226 | - time log 227 | 228 | ### Compile time 229 | 230 | Now everything is ready to go. Let's navigate to the source code directory and compile... 231 | 232 | ```bash 233 | cd .. 234 | sudo dpkg-buildpackage -b 235 | ``` 236 | 237 | Once it started compiling, it will asked if you want to include PSOL debug version, just type `yes`. After it completes, it will create the deb file at the parent directory. 238 | 239 | Let's use that `.deb` package to install nginx. 240 | 241 | ```bash 242 | cd .. 243 | sudo dpkg -i nginx_x.x.x-1~focal+pagespeed+brotli_amd64.deb 244 | ``` 245 | 246 | Check nginx version 247 | 248 | ```bash 249 | nginx -v 250 | ``` 251 | 252 | ## Setting up Nginx QUIC 253 | 254 | At this point, our nginx quic is installed. Let's configure the server. We will set things up for the public directory first. 255 | 256 | ```bash 257 | sudo mkdir -p /var/www; cd $_ 258 | sudo mkdir -p html; cd $_ 259 | sudo nano index.html 260 | ``` 261 | 262 | Paste the following. 263 | 264 | ```html 265 | 266 | 267 | 268 | 269 | 270 | 271 | Nginx QUIC 272 | 285 | 286 | 287 |

Nginx QUIC

288 | 289 | 290 | ``` 291 | 292 | Change `/var/www` directory owner to `www-data`. 293 | 294 | ```bash 295 | sudo chown -R www-data:www-data /var/www 296 | ``` 297 | 298 | Let's go configure nginx server 299 | 300 | ```bash 301 | cd /etc/nginx 302 | sudo rm -f nginx.conf conf.d/default.conf 303 | sudo nano nginx.conf 304 | ``` 305 | 306 | Paste the following 307 | 308 | ``` 309 | user www-data; 310 | worker_processes auto; 311 | include /etc/nginx/modules-enabled/*.conf; 312 | 313 | error_log /var/log/nginx/error.log warn; 314 | pid /var/run/nginx.pid; 315 | 316 | 317 | events { 318 | worker_connections 1024; 319 | } 320 | 321 | 322 | http { 323 | include /etc/nginx/mime.types; 324 | default_type application/octet-stream; 325 | server_tokens off; 326 | 327 | add_header Set-Cookie "Path=/; HttpOnly; Secure"; 328 | 329 | ## 330 | # PageSpeed Settings 331 | ## 332 | pagespeed on; 333 | pagespeed FileCachePath /var/ngx_pagespeed_cache; 334 | 335 | ## 336 | # Access/Error Log Settings 337 | ## 338 | log_format quic '$remote_addr - $remote_user [$time_local] ' 339 | '"$request" $status $body_bytes_sent ' 340 | '"$http_referer" "$http_user_agent" "$quic"'; 341 | access_log /var/log/nginx/access.log quic; 342 | error_log /var/log/nginx/error.log; 343 | 344 | ## 345 | # Http Core Module Settings 346 | ## 347 | sendfile on; 348 | tcp_nopush on; 349 | tcp_nodelay on; 350 | keepalive_timeout 65; 351 | types_hash_max_size 2048; 352 | 353 | ## 354 | # Gzip Settings 355 | ## 356 | gzip on; 357 | gzip_comp_level 5; 358 | gzip_min_length 256; 359 | gzip_proxied any; 360 | gzip_vary on; 361 | pagespeed FetchWithGzip off; 362 | pagespeed HttpCacheCompressionLevel 0; 363 | gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/x-font-ttf application/x-web-app-manifest+json application/xml+rss text/javascript image/svg+xml image/x-icon; 364 | 365 | ## 366 | # Brotli Settings 367 | ## 368 | brotli on; 369 | brotli_comp_level 6; 370 | brotli_static on; 371 | brotli_types application/octec-stream text/xml image/svg+xml application/x-font-ttf image/vnd.microsoft.icon application/x-font-opentype application/json font/eot application/vnd.ms-fontobject application/javascript font/otf application/xml application/xhtml+xml text/javascript application/x-javascript text/plain application/x-font-trutype application/xml+rss image/x-icon font/opentype text/css image/x-win-bitmap application/x-web-app-manifest+json; 372 | 373 | ## 374 | # SSL Configuration 375 | ## 376 | quic_retry on; 377 | ssl_early_data on; 378 | ssl_session_timeout 1d; 379 | ssl_session_cache shared:SSL:10m; 380 | ssl_session_tickets off; 381 | #ssl_stapling on; # not supported by boringssl 382 | ssl_stapling_verify on; 383 | #http3_max_field_size 5000; 384 | http3_max_table_capacity 50; 385 | http3_max_blocked_streams 30; 386 | http3_max_concurrent_pushes 30; 387 | http3_push 10; 388 | http3_push_preload on; 389 | ssl_protocols TLSv1.2 TLSv1.3; 390 | ssl_prefer_server_ciphers on; 391 | ssl_ciphers TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256; 392 | 393 | ## 394 | # FastCGI Cache Settings 395 | ## 396 | fastcgi_cache_path /etc/nginx-cache levels=1:2 keys_zone=phpcache:100m inactive=60m; 397 | fastcgi_cache_key "$scheme$request_method$host$request_uri"; 398 | fastcgi_ignore_headers Cache-Control Expires; 399 | 400 | include /etc/nginx/conf.d/*.conf; 401 | include /etc/nginx/sites-enabled/*; 402 | } 403 | ``` 404 | 405 | Let's configure individual site. Starting with linking 406 | 407 | ```bash 408 | sudo mkdir -p /etc/nginx/sites-available 409 | sudo ln -s /etc/nginx/sites-available /etc/nginx/sites-enabled 410 | ``` 411 | 412 | Now, create a site with the following 413 | 414 | ```bash 415 | sudo nano sites-available/yourdomain.com 416 | ``` 417 | And paste the following 418 | ``` 419 | server{ 420 | listen 80; 421 | index index.html; 422 | server_name yourdomain.com; 423 | 424 | root /var/www/html; 425 | } 426 | ``` 427 | 428 | We are good to go. Before restarting nginx, check if the configuration is ok. 429 | 430 | ```bash 431 | sudo nginx -t 432 | ``` 433 | 434 | Restart nginx 435 | 436 | ```bash 437 | sudo systemctl restart nginx 438 | ``` 439 | 440 | If everything is ok, your site should go live. 441 | 442 | ## SSL Certificate 443 | 444 | Let's install `Certbot`. Since our system is `focal`, we can install certbot from *snap* package. 445 | 446 | ```bash 447 | sudo snap install certbot --classic 448 | ``` 449 | 450 | > Run the following if you are using below 20.04 LTS. 451 | > ```bash 452 | > sudo add-apt-repository ppa:certbot/certbot 453 | > sudo apt update 454 | > sudo apt install -y certbot 455 | > ``` 456 | 457 | Issue an SSL certificate for your site. 458 | 459 | ```bash 460 | sudo certbot --nginx -d yourdomain.com 461 | ``` 462 | 463 | Answer the following questions and certbot will issue and configure a certificate for your site. 464 | 465 | Here's comes the fun part setting up HTTP2 and QUIC/HTTP3 466 | 467 | ```bash 468 | sudo nano sites-available/yourdomain.com 469 | ``` 470 | 471 | Replace the content with the following. (Remember the certificate path and change it after the replacement) 472 | 473 | ``` 474 | server{ 475 | listen 443 http3 quic reuseport; 476 | listen 443 ssl http2; 477 | 478 | add_header alt-svc 'h3-29=":443"; ma=3600' always; 479 | 480 | index index.html index.nginx-debian.html; 481 | server_name yourdomain.com; 482 | 483 | root /var/www/html; 484 | 485 | ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; 486 | ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; 487 | include /etc/letsencrypt/options-ssl-nginx.conf; 488 | ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 489 | 490 | } 491 | server{ 492 | listen 80; 493 | server_name yourdomain.com; 494 | if ($host = yourdomain.com) { 495 | return 301 https://$host$request_uri; 496 | } 497 | 498 | return 404; 499 | } 500 | ``` 501 | 502 | Hurrah! we are done. Before restarting nginx, check if the configuration is ok. 503 | 504 | ```bash 505 | sudo nginx -t 506 | ``` 507 | 508 | Restart nginx. 509 | 510 | ```bash 511 | sudo systemctl restart nginx 512 | ``` 513 | 514 | **Enjoy HTTP3** 515 | 516 | 517 | 518 | 519 | # $200 free credit in DigitalOcean 520 | 521 | DigitalOcean is providing you $200 free credit for two months to use their products including VPS droplets starting from $4/m. Signup with my referral image to redeem the offer. 522 | 523 | [![DigitalOcean Referral Badge](https://web-platforms.sfo2.cdn.digitaloceanspaces.com/WWW/Badge%201.svg)](https://www.digitalocean.com/?refcode=9613873efd40&utm_campaign=Referral_Invite&utm_medium=Referral_Program&utm_source=badge) 524 | --------------------------------------------------------------------------------