Merge pull request #119813 from mkg20001/http3
This commit is contained in:
commit
9f566fc6bc
|
@ -249,7 +249,15 @@ let
|
|||
+ optionalString (ssl && vhost.http2) "http2 "
|
||||
+ optionalString vhost.default "default_server "
|
||||
+ optionalString (extraParameters != []) (concatStringsSep " " extraParameters)
|
||||
+ ";";
|
||||
+ ";"
|
||||
+ (if ssl && vhost.http3 then ''
|
||||
# UDP listener for **QUIC+HTTP/3
|
||||
listen ${addr}:${toString port} http3 reuseport;
|
||||
# Advertise that HTTP/3 is available
|
||||
add_header Alt-Svc 'h3=":443"';
|
||||
# Sent when QUIC was used
|
||||
add_header QUIC-Status $quic;
|
||||
'' else "");
|
||||
|
||||
redirectListen = filter (x: !x.ssl) defaultListen;
|
||||
|
||||
|
|
|
@ -151,6 +151,19 @@ with lib;
|
|||
'';
|
||||
};
|
||||
|
||||
http3 = mkOption {
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to enable HTTP 3.
|
||||
This requires using <literal>pkgs.nginxQuic</literal> package
|
||||
which can be achived by setting <literal>services.nginx.package = pkgs.nginxQuic;</literal>.
|
||||
Note that HTTP 3 support is experimental and
|
||||
*not* yet recommended for production.
|
||||
Read more at https://quic.nginx.org/
|
||||
'';
|
||||
};
|
||||
|
||||
root = mkOption {
|
||||
type = types.nullOr types.path;
|
||||
default = null;
|
||||
|
|
|
@ -1,22 +1,39 @@
|
|||
{ lib, stdenv, fetchgit, cmake, perl, go }:
|
||||
{ lib
|
||||
, stdenv
|
||||
, fetchgit
|
||||
, cmake
|
||||
, ninja
|
||||
, perl
|
||||
, buildGoModule
|
||||
}:
|
||||
|
||||
# reference: https://boringssl.googlesource.com/boringssl/+/2661/BUILDING.md
|
||||
stdenv.mkDerivation {
|
||||
buildGoModule {
|
||||
pname = "boringssl";
|
||||
version = "2019-12-04";
|
||||
version = "2021-04-18";
|
||||
|
||||
src = fetchgit {
|
||||
url = "https://boringssl.googlesource.com/boringssl";
|
||||
rev = "243b5cc9e33979ae2afa79eaa4e4c8d59db161d4";
|
||||
sha256 = "1ak27dln0zqy2vj4llqsb99g03sk0sg25wlp09b58cymrh3gccvl";
|
||||
rev = "468cde90ca58421d63f4dfeaebcf8bb3fccb4127";
|
||||
sha256 = "0gaqcbvp6r5fq265mckmg0i0rjab0bhxkxcvfxp3ar5dm7q88w39";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [ cmake perl go ];
|
||||
nativeBuildInputs = [ cmake ninja perl ];
|
||||
|
||||
makeFlags = [ "GOCACHE=$(TMPDIR)/go-cache" ];
|
||||
vendorSha256 = "sha256-pQpattmS9VmO3ZIQUFn66az8GSmB4IvYhTTCFn6SUmo=";
|
||||
|
||||
# hack to get both go and cmake configure phase
|
||||
# (if we use postConfigure then cmake will loop runHook postConfigure)
|
||||
preBuild = ''
|
||||
cmakeConfigurePhase
|
||||
'';
|
||||
|
||||
buildPhase = ''
|
||||
ninjaBuildPhase
|
||||
'';
|
||||
|
||||
# CMAKE_OSX_ARCHITECTURES is set to x86_64 by Nix, but it confuses boringssl on aarch64-linux.
|
||||
cmakeFlags = lib.optionals (stdenv.isLinux) [ "-DCMAKE_OSX_ARCHITECTURES=" ];
|
||||
cmakeFlags = [ "-GNinja" ] ++ lib.optionals (stdenv.isLinux) [ "-DCMAKE_OSX_ARCHITECTURES=" ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $bin/bin $out/include $out/lib
|
||||
|
|
|
@ -0,0 +1,21 @@
|
|||
{ callPackage, fetchhg, boringssl, ... } @ args:
|
||||
|
||||
callPackage ./generic.nix args {
|
||||
src = fetchhg {
|
||||
url = "https://hg.nginx.org/nginx-quic";
|
||||
rev = "47a43b011dec"; # branch=quic
|
||||
sha256 = "1d4d1v4zbnf5qlfl79pi7sficn1h7zm6kk7llm24yyhlsvssz10x";
|
||||
};
|
||||
|
||||
preConfigure = ''
|
||||
ln -s auto/configure configure
|
||||
'';
|
||||
|
||||
configureFlags = [
|
||||
"--with-http_v3_module"
|
||||
"--with-http_quic_module"
|
||||
"--with-stream_quic_module"
|
||||
];
|
||||
|
||||
version = "quic";
|
||||
}
|
|
@ -18678,6 +18678,15 @@ in
|
|||
|
||||
nginx = nginxStable;
|
||||
|
||||
nginxQuic = callPackage ../servers/http/nginx/quic.nix {
|
||||
withPerl = false;
|
||||
# We don't use `with` statement here on purpose!
|
||||
# See https://github.com/NixOS/nixpkgs/pull/10474/files#r42369334
|
||||
modules = [ nginxModules.rtmp nginxModules.dav nginxModules.moreheaders ];
|
||||
# Use latest boringssl to allow http3 support
|
||||
openssl = boringssl;
|
||||
};
|
||||
|
||||
nginxStable = callPackage ../servers/http/nginx/stable.nix {
|
||||
withPerl = false;
|
||||
# We don't use `with` statement here on purpose!
|
||||
|
|
Loading…
Reference in New Issue