packages icon indicating copy to clipboard operation
packages copied to clipboard
verified publisher icon openwrt

[WIP] Support nginx with QUIC

Open martinschneider opened this issue 4 years ago • 8 comments

Signed-off-by: Martin Schneider [email protected]

Maintainer: me Compile tested: Netgear R7800, Netgear R8000 (both OpenWrt 19.07 and 21.02). Run tested: See the set-up described in this PR.

This uses the nginx-quic branch and boringssl instead of OpenSSL.

The nginx team is working on merging their experimental branch back into the nginx mainline branch. The roadmap is described here.

martinschneider avatar Jul 06 '21 08:07 martinschneider

It's better to wait for an official nginx stable release with QUIC support as it is experimental and that's not what package repository users expect.

CodeFetch avatar Jul 31 '21 14:07 CodeFetch

It's better to wait for an official nginx stable release with QUIC support as it is experimental and that's not what package repository users expect.

I tend to agree. Now, there is also a roadmap for this: https://www.nginx.com/blog/our-roadmap-quic-http-3-support-nginx. However, this will still depend on BoringSSL or https://github.com/quictls/openssl so we could probably prepare for it by driving https://github.com/openwrt/packages/pull/15822.

martinschneider avatar Aug 04 '21 16:08 martinschneider

It's better to wait for an official nginx stable release with QUIC support as it is experimental and that's not what package repository users expect.

I tend to agree. Now, there is also a roadmap for this: https://www.nginx.com/blog/our-roadmap-quic-http-3-support-nginx. However, this will still depend on BoringSSL or https://github.com/quictls/openssl so we could probably prepare for it by driving #15822.

Since it got merged in nginx 1.25.0 it would be possible to build nginx with boringssl on stable packages now. I think this change would be very desirable because OpenSSLs roadmaps says it will take them still years until they fully support http/3.

TheB1gG avatar Jun 12 '23 16:06 TheB1gG

@CodeFetch What do you think? I could spend some time to try with 1.25.0 and update the PR.

martinschneider avatar Jun 14 '23 07:06 martinschneider

not sure if @CodeFetch is still active, so tagging @Ansuel because is one of the nginx maintainers so i guess can give advise here how to proceed

TheB1gG avatar Jun 14 '23 16:06 TheB1gG

Can you link patch needed for boringssl support?

I would create a variant for it instead of replacing openssl. (I assume dynamic module should work with both variant?)

Ansuel avatar Jun 14 '23 16:06 Ansuel

@Ansuel, BoringSSL support was merged in #15822

martinschneider avatar Oct 24 '23 23:10 martinschneider

@martinschneider what is the state of this? afaik nginx now have support for httpv3

Ansuel avatar Apr 18 '24 11:04 Ansuel

I'm not currently using this setup. I will look into it with the latest version of nginx when I find some time.

martinschneider avatar Apr 30 '24 05:04 martinschneider