evansun922 / nginx-quic Goto Github PK

View Code? Open in Web Editor NEW

230.0 230.0 76.0 15.43 MB

nginx support quic

License: BSD 2-Clause "Simplified" License

Python 0.94% C++ 10.05% C 87.58% XSLT 1.12% Shell 0.02% HTML 0.29%

nginx-quic's People

Contributors

Stargazers

Watchers

Forkers

1995zyf lcax200000 cmathser devangle han4235 gundam001 zuobeixing compmfm funnyproject 1008610010 mrsz swinsey liunianjie aguaimama zhaominso jasongwq matirx-tian zzhcs yefy charlesvhe anotherjin dengmh123 inste lihaogu alexliyu7352 zxbin2000 wilsondhchen niesongsong saminigod hank4187yan ashleemikeyoung husttb ytwang0320 coding-ha sihaizhida donnyliuyang medialib-leo zengqiang2013 agent-tao wschacker xvmoon adteven kevinzhu2014 ldong2014 macrolau zjd87 chundonglinlin freemind-lj zhangbao0325 think-me zhanghuanwang merry1314 taohaolong letemps ganyuanzhen anders0913 wwbingo jorenwu84 dyadyajora fklearn elivesgm 406345 lmhit yfming rumjxl smilebinbin proud-sun geniuschishao adas-eye sunnie-star weiyiqianlima fairyqb junkai0531 qcmc17 freashmeat

nginx-quic's Issues

How to let nginx log the ssl key log file by changing nginx.conf file

Hi @evansun922 ,

My goal is capture the pcap file on my linux machine which is using nginx to connect and decrypt those packets using ssl key log file.but i am unable to find how to capture ssl key log file on nginx. Could someone please help me how to capture ssl key log file ?

Thanks,
Kartheek.

请求一份Nginx-quic的客户端demo的源码

您好！我最近在学习Nginx相关的实践项目, 请问您是否方便分享客户端demo，即bequic_client的源代码给我一份呢？

通过SrsQuic无法推流成功

通过SrsQuic编译后的raw_h264_publisher推流到nginx失败，nginx采用的是提供的bin文件，没有自己编译，失败原因是提示协议不支持，协议列表是空的，这是什么原因呢？在CentOS6或7上面都是一样的错误

能否说明一下项目对应的chromium版本？

编译失败，怀疑是chromium的问题

[157/503] CXX obj/net/nginx/quic_ngx_http_interface.o
FAILED: obj/net/nginx/quic_ngx_http_interface.o 
../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/net/nginx/quic_ngx_http_interface.o.d -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_GNU_SOURCE -DCR_CLANG_REVISION=\"n346557-4e0d9925-3\" -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -D_LIBCPP_ABI_UNSTABLE -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCXXABI_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCPP_ENABLE_NODISCARD -DCR_LIBCXX_REVISION=375504 -DCR_SYSROOT_HASH=52cf2961a3cddc0d46e1a2f7d9bf376fc16a61de -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_40 -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_40 -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -I/home/zxilly/Downloads/nginx-1.18.0/src/core -I/home/zxilly/Downloads/nginx-1.18.0/src/event -I/home/zxilly/Downloads/nginx-1.18.0/src/event/modules -I/home/zxilly/Downloads/nginx-1.18.0/src/os/unix -I/www/server/nginx/src/ngx_devel_kit/objs -I/home/zxilly/Downloads/nginx-1.18.0/objs/addon/ndk -I/home/zxilly/Downloads/nginx-1.18.0/pcre-8.43 -I/usr/include/libxml2 -I/home/zxilly/Downloads/nginx-1.18.0/objs -I/home/zxilly/Downloads/nginx-1.18.0/src/http -I/home/zxilly/Downloads/nginx-1.18.0/src/http/modules -I/home/zxilly/Downloads/nginx-1.18.0/src/http/v2 -I/www/server/nginx/src/ngx_devel_kit/src -I/www/server/nginx/src/ngx_devel_kit/src -I/www/server/nginx/src/ngx_devel_kit/objs -I/home/zxilly/Downloads/nginx-1.18.0/objs/addon/ndk -I/root/ngx_brotli/deps/brotli/c/include -I/www/server/nginx/chromium/nginx-quic/quic_http/chromium -I/www/server/nginx/chromium/nginx-quic/quic_tools -I/home/zxilly/Downloads/nginx-1.18.0/src/stream -I/www/server/nginx/include -I../.. -Igen -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/protobuf/src -I../../third_party/boringssl/src/include -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -B../../third_party/binutils/Linux_x64/Release/bin -pthread -fcolor-diagnostics -fmerge-all-constants -fcrash-diagnostics-dir=../../tools/clang/crashreports -Xclang -mllvm -Xclang -instcombine-lower-dbg-declare=0 -fcomplete-member-pointers -m64 -march=x86-64 -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -Xclang -fdebug-compilation-dir -Xclang . -no-canonical-prefixes -Wall -Werror -Wextra -Wimplicit-fallthrough -Wunreachable-code -Wthread-safety -Wextra-semi -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-unneeded-internal-declaration -Wno-undefined-var-template -Wno-ignored-pragma-optimize -Wno-implicit-int-float-conversion -Wno-final-dtor-non-final-class -Wno-builtin-assume-aligned-alignment -Wno-deprecated-copy -Wno-non-c-typedef-for-linkage -O2 -fno-ident -fdata-sections -ffunction-sections -fno-omit-frame-pointer -g0 -ftrivial-auto-var-init=pattern -fvisibility=hidden -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-ipc -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/glib-2.0 -isystem../../build/linux/debian_sid_amd64-sysroot/usr/lib/x86_64-linux-gnu/glib-2.0/include -Wno-shorten-64-to-32 -Wno-header-guard -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/nss -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/nspr -std=c++14 -fno-exceptions -fno-rtti -nostdinc++ -isystem../../buildtools/third_party/libc++/trunk/include -isystem../../buildtools/third_party/libc++abi/trunk/include --sysroot=../../build/linux/debian_sid_amd64-sysroot -fvisibility-inlines-hidden -c /www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc -o obj/net/nginx/quic_ngx_http_interface.o
In file included from /www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc:8:
In file included from ../../buildtools/third_party/libc++/trunk/include/vector:274:
In file included from ../../buildtools/third_party/libc++/trunk/include/__bit_reference:15:
In file included from ../../buildtools/third_party/libc++/trunk/include/algorithm:643:
../../buildtools/third_party/libc++/trunk/include/memory:3043:32: error: allocating an object of abstract class type 'quic::ProofSourceNginx'
    return unique_ptr<_Tp>(new _Tp(_VSTD::forward<_Args>(__args)...));
                               ^
/www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc:116:28: note: in instantiation of function template specialization 'std::__1::make_unique<quic::ProofSourceNginx>' requested here
  auto proof_source = std::make_unique<quic::ProofSourceNginx>();
                           ^
../../net/third_party/quiche/src/quic/core/crypto/proof_source.h:194:26: note: unimplemented pure virtual method 'GetTicketCrypter' in 'ProofSourceNginx'
  virtual TicketCrypter* GetTicketCrypter() = 0;
                         ^
1 error generated.
[170/503] CXX obj/net/simple_quic_tools/quic_http_proxy_backend.o
ninja: build stopped: subcommand failed.

listen quic时，所有server块对应的网页都无法访问

使用本项目master分支和chromuim 83.0.4100.2编译，在不打开quic时工作正常，打开quic后所有网页都无法访问，查看log表明nginx没有接收到任何请求
使用nmap扫描443端口，tcp状态为fliter，udp状态为open|fliter
系统的内核版本是4.14.129，发行版本是CentOS Linux release 7.8.2003 (Core)
在Ubuntu18.04上完成编译

附上编译完成的文件
nginx.zip

quic这边是等body接收完了才响应的?

请求最后提交到nginx层是通过QuicNgxBackend::FetchResponseFromBackend的，而这是在body都接收完成才走的？

nginx_quic编译问题

1 nginx编译configure参数是只有--add-module=/path/to/nginx-quic/quic_rtmp/nginx-rtmp-module吗，这样配置的话，编译报错：
ngx_http_quic_module.c:255:3: error: use of undeclared identifier 'ngx_http_ssl_srv_conf_t'
ngx_http_ssl_srv_conf_t *sscf;
^
ngx_http_quic_module.c:255:36: error: use of undeclared identifier 'sscf'; did you mean 'qscf'?
ngx_http_ssl_srv_conf_t *sscf;
^~~~
qscf
ngx_http_quic_module.c:250:36: note: 'qscf' declared here
ngx_http_quic_srv_conf_t *qscf;
似乎加上 --with-http_ssl_module可以编译通过

2 使用带--with-http_ssl_module编译的nginx,没有看到向client发包的过程，error.log提示进程挂掉，如下：
2020/10/28 21:04:55 [notice] 52964#0: signal 17 (SIGCHLD) received from 52972
2020/10/28 21:04:55 [alert] 52964#0: worker process 52972 exited on signal 11
2020/10/28 21:04:55 [notice] 52964#0: start worker process 52973
定位像是SSL_do_handshake挂掉，请问该如何继续定位呢

3 贴下nginx.conf
worker_processes 1;

error_log logs/error.log debug;
worker_rlimit_core 10000m;
working_directory /usr/local/nginx/logs;

events {
worker_connections 1024;
}

rtmp {
log_format rtmp_log '$remote_addr [$time_local] $command "$app" "$name" "$args" '
'$bytes_received $bytes_sent $session_time '
'"$pageurl" "$tcurl" "$swfurl" "$flashver"';
access_log logs/rtmp.log;
server {
listen 1935 so_keepalive=on;
listen 1935 quic reuseport;

    ssl_certificate     out/leaf_cert.pem;
    ssl_certificate_key out/leaf_cert.key;
    
    max_message 10M;
    publish_time_fix  on;
    chunk_size     4096;
    out_queue      17;

    application show {
        live on;

        idle_streams        off;
        drop_idle_publisher 1800s;
        sync                1s;
        wait_key            on;
        wait_video          off;
        notify_method       get;

        #record keyframes;
        #record_path /tmp;
        #record_max_size 128K;
        #record_interval 30s;
        #record_suffix .this.is.flv;

        #on_publish http://localhost:8080/publish;
        #on_play http://localhost:8080/play;
        #on_record_done http://localhost:8080/record_done;
    }
}

}

http {
server {
listen 8080;

    location /stat {
        rtmp_stat all;
        rtmp_stat_stylesheet stat.xsl;
    }

    location /stat.xsl {
        root /path/to/nginx-rtmp-module/;
    }

    location /control {
        rtmp_control all;
    }

    #location /publish {
    #    return 201;
    #}

    #location /play {
    #    return 202;
    #}

    #location /record_done {
    #    return 203;
    #}

    location /rtmp-publisher {
        root /home/jack/workspace/quic/server/nginx-rtmp-module/test;
    }

    location / {
        root /home/jack/workspace/quic/server/nginx-rtmp-module/test/www;
    }
}

}
crt和key文件都是chromium里的脚本生成的

感谢开源，求指导

可否提供一个Nginx配置文件的完整示例

Hi Evan，

我在使用 chromium-80.0.3963.1 配置文件如下：
使用listen 443 ssl;时可以正常访问，
使用listen 443 quic reuseport sndbuf=1048576 rcvbuf=1048576;时页面无法访问，
请问是不是我配置文件有问题，能否给个完整的nginx配置示例呀？

worker_processes 1;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;

server {
    listen       80;
    server_name  example.com;

    location / {
        root   /mnt/d/wsl/MaxiBiz;
        index  index.html index.htm;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

}

server {
    listen              443 quic reuseport  sndbuf=1048576 rcvbuf=1048576;
    server_name  example.com;

    ssl_certificate      /mnt/d/wsl/example_com.pem;
    ssl_certificate_key  /mnt/d/wsl/example_com.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /mnt/d/wsl/MaxiBiz;
        index  index.html index.htm;
    }
}

}

欲编译 nginx 时报错

执行编译脚本后最后一行报错：
` nginx path prefix: "/www/server/nginx"
nginx binary file: "/www/server/nginx/sbin/nginx"
nginx modules path: "/www/server/nginx/modules"
nginx configuration prefix: "/www/server/nginx/conf"
nginx configuration file: "/www/server/nginx/conf/nginx.conf"
nginx pid file: "/www/server/nginx/logs/nginx.pid"
nginx error log file: "/www/server/nginx/logs/error.log"
nginx http access log file: "/www/server/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"

open "objs/Makefile" failed, string index out of range`
好像是 Python 执行过程中出错了。