首页 > 系统相关> > nginx-quic（裸quic lb）使用（未打通）

nginx-quic（裸quic lb）使用（未打通）

2021-03-19 16:02:07 作者：互联网

1、代码下载

https://hg.nginx.org/nginx-quic
nginx-quic源码
其中只有quic对应的版本支持–with-stream_quic_module，其他均报不认识（包括stable和其他1.19的）

2、编译

./auto/configure --with-debug --with-stream_quic_module  --with-http_ssl_module --with-stream  --with-cc-opt="-I../boringssl-git/include" --with-ld-opt="-L../boringssl-git/build/ssl -L../boringssl-git/build/crypto"

make install

3、配置

stream {
  server {
        listen 8001 quic reuseport;
        proxy_pass quic_upstreams;
		
		ssl_protocols       TLSv1.2 TLSv1.3;
		ssl_certificate ssl/localhost.pem;
        ssl_certificate_key ssl/localhost-key.pem;	
		
		#add_header alt-svc 'h3-29=":443"; ma=86400';
    }
	
	upstream quic_upstreams {
    #quic_lb_mode ;
    server 127.0.0.1:8443;
    #server 127.0.0.1:8444 sid=127.0.0.1:8444;
}
}

4、启动

./objs/nginx -p . -c conf/nginx.conf

停止：
./objs/nginx -s stop–报错，停止失败
使用ps -ef | grep nginx查找到主进程，然后kill

5、log

config加–with-debug
在nginx-quic下新建logs文件夹，否则报错：

nginx: [alert] could not open error log file: open() "./logs/error.log" failed (2: No such file or directory)

6、gdb

obj/Makefile里在-c后加-g，然后重新make install
运行后ps -ef | grep ngi找到nginx: worker process的进程号，如5652
gdb 5652

7、调试

quic客户端报错：

connect fail:  CRYPTO_ERROR (0x178): TLS alert

logs的error.log中查找错误：

2021/03/19 15:12:46 [debug] 5652#0: *3 quic insert server id seqnum:0 id len:20 6eec62f9579d59730aa195fc796b7d6bc589b9e5
2021/03/19 15:12:46 [debug] 5652#0: *3 quic packet rx clearflags:c1
2021/03/19 15:12:46 [debug] 5652#0: *3 quic packet rx number:0 len:2
2021/03/19 15:12:46 [debug] 5652#0: *3 quic stateless reset token 39872f101e2a17f68052d6cccbe4136d
2021/03/19 15:12:46 [debug] 5652#0: *3 quic stateless reset token 39872f101e2a17f68052d6cccbe4136d
2021/03/19 15:12:46 [debug] 5652#0: *3 posix_memalign: 00007FFFDE575EB0:256 @16
2021/03/19 15:12:46 [debug] 5652#0: *3 quic frame rx init PADDING
2021/03/19 15:12:46 [debug] 5652#0: *3 quic frame rx init CRYPTO len:267 off:0
2021/03/19 15:12:46 [debug] 5652#0: *3 quic SSL_quic_read_level:0 SSL_quic_write_level:0
2021/03/19 15:12:46 [debug] 5652#0: *3 quic ngx_quic_send_alert() lvl:0  alert:120
2021/03/19 15:12:46 [debug] 5652#0: *3 posix_memalign: 00007FFFDE5762F0:256 @16
2021/03/19 15:12:46 [debug] 5652#0: *3 post event 00007FFFDE5748F8
2021/03/19 15:12:46 [debug] 5652#0: *3 quic output init packet max:1252 min:0
2021/03/19 15:12:46 [debug] 5652#0: *3 quic frame tx init CONNECTION_CLOSE err:376 TLS alert ft:0
2021/03/19 15:12:46 [debug] 5652#0: *3 quic packet tx init bytes:14 need_ack:0 number:0 encoded nl:1 trunc:0x0
2021/03/19 15:12:46 [debug] 5652#0: *3 sendmsg: 60 of 60
2021/03/19 15:12:46 [debug] 5652#0: *3 quic lost timer unset
2021/03/19 15:12:46 [debug] 5652#0: *3 quic SSL_quic_read_level:0 SSL_quic_write_level:0
2021/03/19 15:12:46 [debug] 5652#0: *3 SSL_do_handshake: -1
2021/03/19 15:12:46 [debug] 5652#0: *3 SSL_get_error: 1
2021/03/19 15:12:46 [error] 5652#0: *3 SSL_do_handshake() failed (SSL: error:10000133:SSL routines:OPENSSL_internal:NO_APPLICATION_PROTOCOL)
2021/03/19 15:12:46 [debug] 5652#0: *3 quic packet init done decr:1 pn:0 perr:0 rc:-1
2021/03/19 15:12:46 [debug] 5652#0: *3 quic ngx_quic_close_connection rc:-1

wireshark截取报文内容无异常：
quic报文
注：如果wireshark解析失败，可能是版本过低，需要升级，我用的是3.4.3.
然后编辑->首选项->Protocols->QUIC 填入端口号

标签：03,12,lb,nginx,quic,debug,15,5652
来源： https://blog.csdn.net/aashuii/article/details/115007923