evansun922 / nginx-quic Goto Github PK
View Code? Open in Web Editor NEWnginx support quic
License: BSD 2-Clause "Simplified" License
nginx support quic
License: BSD 2-Clause "Simplified" License
Hi @evansun922 ,
My goal is capture the pcap file on my linux machine which is using nginx to connect and decrypt those packets using ssl key log file.but i am unable to find how to capture ssl key log file on nginx. Could someone please help me how to capture ssl key log file ?
Thanks,
Kartheek.
您好! 我最近在学习Nginx相关的实践项目, 请问您是否方便分享客户端demo, 即bequic_client的源代码给我一份呢?
通过SrsQuic编译后的raw_h264_publisher推流到nginx失败,nginx采用的是提供的bin文件,没有自己编译,失败原因是提示协议不支持,协议列表是空的,这是什么原因呢?在CentOS6或7上面都是一样的错误
编译失败,怀疑是chromium的问题
[157/503] CXX obj/net/nginx/quic_ngx_http_interface.o
FAILED: obj/net/nginx/quic_ngx_http_interface.o
../../third_party/llvm-build/Release+Asserts/bin/clang++ -MMD -MF obj/net/nginx/quic_ngx_http_interface.o.d -DUSE_UDEV -DUSE_AURA=1 -DUSE_GLIB=1 -DUSE_NSS_CERTS=1 -DUSE_X11=1 -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_GNU_SOURCE -DCR_CLANG_REVISION=\"n346557-4e0d9925-3\" -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -D_FORTIFY_SOURCE=2 -D_LIBCPP_ABI_UNSTABLE -D_LIBCPP_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCXXABI_DISABLE_VISIBILITY_ANNOTATIONS -D_LIBCPP_ENABLE_NODISCARD -DCR_LIBCXX_REVISION=375504 -DCR_SYSROOT_HASH=52cf2961a3cddc0d46e1a2f7d9bf376fc16a61de -DNDEBUG -DNVALGRIND -DDYNAMIC_ANNOTATIONS_ENABLED=0 -DGLIB_VERSION_MAX_ALLOWED=GLIB_VERSION_2_40 -DGLIB_VERSION_MIN_REQUIRED=GLIB_VERSION_2_40 -DGOOGLE_PROTOBUF_NO_RTTI -DGOOGLE_PROTOBUF_NO_STATIC_INITIALIZER -DHAVE_PTHREAD -I/home/zxilly/Downloads/nginx-1.18.0/src/core -I/home/zxilly/Downloads/nginx-1.18.0/src/event -I/home/zxilly/Downloads/nginx-1.18.0/src/event/modules -I/home/zxilly/Downloads/nginx-1.18.0/src/os/unix -I/www/server/nginx/src/ngx_devel_kit/objs -I/home/zxilly/Downloads/nginx-1.18.0/objs/addon/ndk -I/home/zxilly/Downloads/nginx-1.18.0/pcre-8.43 -I/usr/include/libxml2 -I/home/zxilly/Downloads/nginx-1.18.0/objs -I/home/zxilly/Downloads/nginx-1.18.0/src/http -I/home/zxilly/Downloads/nginx-1.18.0/src/http/modules -I/home/zxilly/Downloads/nginx-1.18.0/src/http/v2 -I/www/server/nginx/src/ngx_devel_kit/src -I/www/server/nginx/src/ngx_devel_kit/src -I/www/server/nginx/src/ngx_devel_kit/objs -I/home/zxilly/Downloads/nginx-1.18.0/objs/addon/ndk -I/root/ngx_brotli/deps/brotli/c/include -I/www/server/nginx/chromium/nginx-quic/quic_http/chromium -I/www/server/nginx/chromium/nginx-quic/quic_tools -I/home/zxilly/Downloads/nginx-1.18.0/src/stream -I/www/server/nginx/include -I../.. -Igen -I../../third_party/protobuf/src -Igen/protoc_out -I../../third_party/protobuf/src -I../../third_party/boringssl/src/include -fno-strict-aliasing --param=ssp-buffer-size=4 -fstack-protector -funwind-tables -fPIC -B../../third_party/binutils/Linux_x64/Release/bin -pthread -fcolor-diagnostics -fmerge-all-constants -fcrash-diagnostics-dir=../../tools/clang/crashreports -Xclang -mllvm -Xclang -instcombine-lower-dbg-declare=0 -fcomplete-member-pointers -m64 -march=x86-64 -Wno-builtin-macro-redefined -D__DATE__= -D__TIME__= -D__TIMESTAMP__= -Xclang -fdebug-compilation-dir -Xclang . -no-canonical-prefixes -Wall -Werror -Wextra -Wimplicit-fallthrough -Wunreachable-code -Wthread-safety -Wextra-semi -Wno-missing-field-initializers -Wno-unused-parameter -Wno-c++11-narrowing -Wno-unneeded-internal-declaration -Wno-undefined-var-template -Wno-ignored-pragma-optimize -Wno-implicit-int-float-conversion -Wno-final-dtor-non-final-class -Wno-builtin-assume-aligned-alignment -Wno-deprecated-copy -Wno-non-c-typedef-for-linkage -O2 -fno-ident -fdata-sections -ffunction-sections -fno-omit-frame-pointer -g0 -ftrivial-auto-var-init=pattern -fvisibility=hidden -Xclang -add-plugin -Xclang find-bad-constructs -Xclang -plugin-arg-find-bad-constructs -Xclang check-ipc -Wheader-hygiene -Wstring-conversion -Wtautological-overlap-compare -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/glib-2.0 -isystem../../build/linux/debian_sid_amd64-sysroot/usr/lib/x86_64-linux-gnu/glib-2.0/include -Wno-shorten-64-to-32 -Wno-header-guard -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/nss -isystem../../build/linux/debian_sid_amd64-sysroot/usr/include/nspr -std=c++14 -fno-exceptions -fno-rtti -nostdinc++ -isystem../../buildtools/third_party/libc++/trunk/include -isystem../../buildtools/third_party/libc++abi/trunk/include --sysroot=../../build/linux/debian_sid_amd64-sysroot -fvisibility-inlines-hidden -c /www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc -o obj/net/nginx/quic_ngx_http_interface.o
In file included from /www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc:8:
In file included from ../../buildtools/third_party/libc++/trunk/include/vector:274:
In file included from ../../buildtools/third_party/libc++/trunk/include/__bit_reference:15:
In file included from ../../buildtools/third_party/libc++/trunk/include/algorithm:643:
../../buildtools/third_party/libc++/trunk/include/memory:3043:32: error: allocating an object of abstract class type 'quic::ProofSourceNginx'
return unique_ptr<_Tp>(new _Tp(_VSTD::forward<_Args>(__args)...));
^
/www/server/nginx/chromium/nginx-quic/quic_http/chromium/quic_ngx_http_interface.cc:116:28: note: in instantiation of function template specialization 'std::__1::make_unique<quic::ProofSourceNginx>' requested here
auto proof_source = std::make_unique<quic::ProofSourceNginx>();
^
../../net/third_party/quiche/src/quic/core/crypto/proof_source.h:194:26: note: unimplemented pure virtual method 'GetTicketCrypter' in 'ProofSourceNginx'
virtual TicketCrypter* GetTicketCrypter() = 0;
^
1 error generated.
[170/503] CXX obj/net/simple_quic_tools/quic_http_proxy_backend.o
ninja: build stopped: subcommand failed.
使用本项目master
分支和chromuim 83.0.4100.2
编译,在不打开quic时工作正常,打开quic后所有网页都无法访问,查看log表明nginx没有接收到任何请求
使用nmap扫描443
端口,tcp
状态为fliter
,udp
状态为open|fliter
系统的内核版本是4.14.129
,发行版本是CentOS Linux release 7.8.2003 (Core)
在Ubuntu18.04上完成编译
附上编译完成的文件
nginx.zip
请求最后提交到nginx层是通过QuicNgxBackend::FetchResponseFromBackend的,而这是在body都接收完成才走的?
1 nginx编译configure参数是只有--add-module=/path/to/nginx-quic/quic_rtmp/nginx-rtmp-module吗,这样配置的话,编译报错:
ngx_http_quic_module.c:255:3: error: use of undeclared identifier 'ngx_http_ssl_srv_conf_t'
ngx_http_ssl_srv_conf_t *sscf;
^
ngx_http_quic_module.c:255:36: error: use of undeclared identifier 'sscf'; did you mean 'qscf'?
ngx_http_ssl_srv_conf_t *sscf;
^~~~
qscf
ngx_http_quic_module.c:250:36: note: 'qscf' declared here
ngx_http_quic_srv_conf_t *qscf;
似乎加上 --with-http_ssl_module可以编译通过
2 使用带--with-http_ssl_module编译的nginx,没有看到向client发包的过程,error.log提示进程挂掉,如下:
2020/10/28 21:04:55 [notice] 52964#0: signal 17 (SIGCHLD) received from 52972
2020/10/28 21:04:55 [alert] 52964#0: worker process 52972 exited on signal 11
2020/10/28 21:04:55 [notice] 52964#0: start worker process 52973
定位像是SSL_do_handshake挂掉,请问该如何继续定位呢
3 贴下nginx.conf
worker_processes 1;
error_log logs/error.log debug;
worker_rlimit_core 10000m;
working_directory /usr/local/nginx/logs;
events {
worker_connections 1024;
}
rtmp {
log_format rtmp_log '$remote_addr [$time_local] $command "$app" "$name" "$args" '
'$bytes_received $bytes_sent $session_time '
'"$pageurl" "$tcurl" "$swfurl" "$flashver"';
access_log logs/rtmp.log;
server {
listen 1935 so_keepalive=on;
listen 1935 quic reuseport;
ssl_certificate out/leaf_cert.pem;
ssl_certificate_key out/leaf_cert.key;
max_message 10M;
publish_time_fix on;
chunk_size 4096;
out_queue 17;
application show {
live on;
idle_streams off;
drop_idle_publisher 1800s;
sync 1s;
wait_key on;
wait_video off;
notify_method get;
#record keyframes;
#record_path /tmp;
#record_max_size 128K;
#record_interval 30s;
#record_suffix .this.is.flv;
#on_publish http://localhost:8080/publish;
#on_play http://localhost:8080/play;
#on_record_done http://localhost:8080/record_done;
}
}
}
http {
server {
listen 8080;
location /stat {
rtmp_stat all;
rtmp_stat_stylesheet stat.xsl;
}
location /stat.xsl {
root /path/to/nginx-rtmp-module/;
}
location /control {
rtmp_control all;
}
#location /publish {
# return 201;
#}
#location /play {
# return 202;
#}
#location /record_done {
# return 203;
#}
location /rtmp-publisher {
root /home/jack/workspace/quic/server/nginx-rtmp-module/test;
}
location / {
root /home/jack/workspace/quic/server/nginx-rtmp-module/test/www;
}
}
}
crt和key文件都是chromium里的脚本生成的
感谢开源,求指导
Hi Evan,
我在使用 chromium-80.0.3963.1 配置文件如下:
使用listen 443 ssl;时可以正常访问,
使用listen 443 quic reuseport sndbuf=1048576 rcvbuf=1048576;时页面无法访问,
请问是不是我配置文件有问题,能否给个完整的nginx配置示例呀?
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name example.com;
location / {
root /mnt/d/wsl/MaxiBiz;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 quic reuseport sndbuf=1048576 rcvbuf=1048576;
server_name example.com;
ssl_certificate /mnt/d/wsl/example_com.pem;
ssl_certificate_key /mnt/d/wsl/example_com.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 5m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
root /mnt/d/wsl/MaxiBiz;
index index.html index.htm;
}
}
}
执行编译脚本后最后一行报错:
` nginx path prefix: "/www/server/nginx"
nginx binary file: "/www/server/nginx/sbin/nginx"
nginx modules path: "/www/server/nginx/modules"
nginx configuration prefix: "/www/server/nginx/conf"
nginx configuration file: "/www/server/nginx/conf/nginx.conf"
nginx pid file: "/www/server/nginx/logs/nginx.pid"
nginx error log file: "/www/server/nginx/logs/error.log"
nginx http access log file: "/www/server/nginx/logs/access.log"
nginx http client request body temporary files: "client_body_temp"
nginx http proxy temporary files: "proxy_temp"
nginx http fastcgi temporary files: "fastcgi_temp"
nginx http uwsgi temporary files: "uwsgi_temp"
nginx http scgi temporary files: "scgi_temp"
open "objs/Makefile" failed, string index out of range`
好像是 Python 执行过程中出错了。
这个会支持mpeg-dash的的一些配置吗?比如dash_variant等
hi,when i set error log_level in nginx.conf like this :
error_log /data/proclog/log/error.log info;
but the quic info do not print to error.log
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.