#安装编译工具
dnf install git gcc make g++ cmake perl libunwind-devel golang pcre-devel
#设置golang国内代理
go env -w GOPROXY=https://goproxy.cn,direct
#下载boringssl源码
git clone https://gitee.com/hejuncheng1/boringssl.git
#建立编译目录
mkdir boringssl/build
#切换目录
cd boringssl/build
#编译
cmake ..
make
#安装工具
dnf install hg
#下载源码
hg clone -b https://hg.nginx.org/nginx-quic
(hg clone -b quic https://hg.nginx.org/nginx-quic)
(git clone https://gitee.com/qinyinan/nginx-quuic.git)
#拉取流媒体模块
git clone https://gitee.com/winshining/nginx-http-flv-module.git
#拉取代码 这个模块很有用
git clone https://github.com/Water-Melon/ngx_http_autoquic_module.git
cd nginx-quic
#配置
./auto/configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' --with-http_v3_module --with-stream_quic_module --add-module=../nginx-http-flv-module --add-module=../ngx_http_autoquic_module
#编译
make
#安装
make install
#检查
nginx -V
nginx version: nginx/1.21.7
built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' --with-http_v3_module --with-stream_quic_module --add-module=../nginx-http-flv-module
#配置nginx.conf,添加如下参数:
listen 443 http3 reuseport;
listen 443 ssl http2;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
add_header Alt-Svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
#检查配置
nginx -t (nginx -T)
#检查端口监听 tcp udp
ss -anlp | grep :443
---------------------------------------------------------
自签名证书的几个步骤(这里不推荐,只是作为记录)
#创建服务器私钥
openssl genrsa -des3 -out server.key 1024
#创建证书签名请求
openssl req -new -key server.key -out server.csr
#清除密码
openssl rsa -in server.key -out server.key
#证书前面生成crt
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
------------------------------------------------------------------
配置文件示例:
server {
listen 443 http3 reuseport;
listen 443 ssl http2;
server_name localhost;
ssl_certificate certs/server.crt;
ssl_certificate_key certs/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ecdh_curve X25519:P-256:P-384;
ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:TLS13-AES-128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:EECDH+CHACHA20:EECDH+AES128;
proxy_set_header Early-Data $ssl_early_data;
quic_retry on;
ssl_early_data on;
quic_gso on;
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header Alt-Svc 'quic=":443"; ma=86400, h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3-30=":443"; ma=86400, h3-31=":443"; ma=86400, h3-32=":443"; ma=86400';
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.htm index.html;
http2_push_preload on;
http3_push_preload on;
}
}
#在http全局加上
autoquic on;
autoquic_fallback on;
autoquic_header QUIC-Status $quic;
autoquic_fallback_period 30;
#附上官方示例:
http {
autoquic on;
autoquic_fallback on;
autoquic_header Alt-Svc '$http3=":443"; quic=":443"; h3=":443"; ma=86400';
autoquic_header QUIC-Status $quic;
autoquic_fallback_period 30;
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';
#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 443 ssl; # TCP listener for HTTP/1.1
listen 443 http3 reuseport; # UDP listener for QUIC+HTTP/3
server_name example.com;
ssl_protocols TLSv1.3; # QUIC requires TLS 1.3
ssl_early_data on;
quic_retry on;
ssl_certificate certs/example.com.crt;
ssl_certificate_key certs/example.com.key;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
}
谷歌浏览器开启quic支持:chrome://flags/——quic——enabled
配置流媒体服务器示例:
server {
listen 19350;
location /live {
flv_live on;
chunked_transfer_encoding on;
add_header 'Access-Control-Allow-Origin' '*';
add_header 'Access-Control-Allow-Credentials' 'true';
}
location /hls {
types {
application/vnd.apple.mpegurl m3u8;
video/mp2t ts;
}
root html;
add_header 'Cache-Control' 'no-cache';
}
location /dash {
root /usr/local/nginx/html/dash;
add_header 'Cache-Control' 'no-cache';
}
location /stat {
rtmp_stat all;
rtmp_stat_stylesheet stat.xsl;
}
location /stat.xsl {
root /usr/local/nginx/nginx-http-flv-module;
}
location /control {
rtmp_control all; #configuration of control module of rtmp
}
}
#rtmp模块配置
rtmp_auto_push on;
rtmp_auto_push_reconnect 1s;
rtmp_socket_dir /tmp;
rtmp{
out_queue 4096;
out_cork 8;
max_streams 128;
timeout 15s;
drop_idle_publisher 15s;
log_interval 5s;
log_size 1m;
server{
listen 1935;
application myapp{
live on;
gop_cache on;
record off;
}
application hls{
live on;
hls on;
hls_path /usr/local/nginx/html/hls;
}
application dash{
live on;
dash on;
dash_path /usr/local/nginx/html/dash;
}
}
}
#推流地址
rtmp://${ip}:1935/myapp/${stream_name}
#拉流地址
http://${ip}:19350/live?port=1935&app=${appName}&stream=${streamName}
http://ip:19350/hls/live.m3u8
#ffmpeg推流示例:
ffmpeg -re -i test.wmv -f flv rtmp://127.0.0.1:1935/live/123
ffmpeg -y -rtbufsize 100M -f dshow -i video="EasyCamera" -vcodec libx264 -preset:v ultrafast -tune:v zerolatency -f flv rtmp://192.168.1.100:1935/myapp/live
ffmpeg -y -rtbufsize 100M -f dshow -i video="EasyCamera" -vcodec libx264 -preset:v ultrafast -tune:v zerolatency -f flv rtmp://192.168.1.100:1935/hls/live
----------------------------------------------------
网页播放流媒体视频,根据自己的地址修改
<!DOCTYPE html>
<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>flv.js网页播放流媒体视频</title>
<style>
.mainContainer {
display: block;
width: 1024px;
margin-left: auto;
margin-right: auto;
}
.urlInput {
display: block;
width: 100%;
margin-left: auto;
margin-right: auto;
margin-top: 8px;
margin-bottom: 8px;
}
.centeredVideo {
display: block;
width: 100%;
height: 576px;
margin-left: auto;
margin-right: auto;
margin-bottom: auto;
}
.controls {
display: block;
width: 100%;
text-align: left;
margin-left: auto;
margin-right: auto;
}
</style>
</head>
<body>
<div class="mainContainer">
<video id="videoElement" class="centeredVideo" controls autoplay width="1024" height="576">Your browser is too old which doesn't support HTML5 video.</video>
</div>
<br>
<div class="controls">
<!--<button onclick="flv_load()">加载</button>-->
<button onclick="flv_start()">开始</button>
<button onclick="flv_pause()">暂停</button>
<button onclick="flv_destroy()">停止</button>
<input style="width:100px" type="text" name="seekpoint" />
<button onclick="flv_seekto()">跳转</button>
</div>
<script src="flv.min.js"></script>
<script>
var player = document.getElementById('videoElement');
if (flvjs.isSupported()) {
var flvPlayer = flvjs.createPlayer({
type: 'flv',
url: 'http://192.168.1.100:19351/live?port=1935&app=myapp&stream=live'
});
flvPlayer.attachMediaElement(videoElement);
flvPlayer.load(); //加载
}
function flv_start() {
player.play();
}
function flv_pause() {
player.pause();
}
function flv_destroy() {
player.pause();
player.unload();
player.detachMediaElement();
player.destroy();
player = null;
}
function flv_seekto() {
player.currentTime = parseFloat(document.getElementsByName('seekpoint')[0].value);
}
</script>
</body>
</html>
---------------------------------------------
flv.min.js 见我的资源
-----------------------------------------------
hls播放器
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
<title>HLS Player</title>
</head>
<body>
<video height="720" width="1280" controls>
<source src="http://ip:19351/hls/live.m3u8" type="application/vnd.apple.mpegurl" />
<p class="warning">Your browser does not support HTML5 video.</p>
</video>
</body>
</html>
参考资料:
HTTP3/QUIC 性能测试与配套组件_码哥比特的博客-CSDN博客_quic 测试
https://github.com/sonysuqin/SrsQuic
https://github.com/sonysuqin/SrsQuic
https://github.com/evansun922/nginx-quic
https://github.com/evansun922/nginx-quic
server {
listen 80;
listen 443 ssl http2;
listen 443 http3 reuseport;
server_name www.codemiracle.com;
ssl_certificate /root/harbor/ssl/codemiracle.com_bundle.crt;
ssl_certificate_key /root/harbor/ssl/codemiracle.com.key;
ssl_session_timeout 5m;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
# ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
ssl_protocols TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_early_data on;
ssl_ecdh_curve X25519:P-256:P-384;
#ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-SHA256;
ssl_ciphers TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+ECDSA+AES128:EECDH+aRSA+AES128:RSA+AES128:EECDH+ECDSA+AES256:EECDH+aRSA+AES256:RSA+AES256:EECDH+ECDSA+3DES:EECDH+aRSA+3DES:RSA+3DES:!MD5:!3DES:!ADH:!RC4:!DH:!DHE;
proxy_set_header Early-Data $ssl_early_data;
add_header Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"';
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy no-referrer;
add_header X-Permitted-Cross-Domain-Policies all;
add_header X-Download-Options value;
add_header 'Clear-Site-Data' 'cache, cookies, executionContexts';
add_header Cross-Origin-Embedder-Policy 'require-corp';
add_header Cross-Origin-Opener-Policy 'same-origin';
add_header Cross-Origin-Resource-Policy 'cross-origin';
add_header 'Access-Control-Allow-Origin' *;
add_header Cache-Control no-cache;
add_header Content-Security-Policy "default-src 'self' www.codemiracle.com 'unsafe-inline' 'unsafe-eval' blob: data: ;";
#access_log /var/log/nginx/host.access.log main;
location / {
#proxy_pass http://127.0.0.1:8100;
#client_max_body_size 10000000m;
#proxy_connect_timeout 90;
#proxy_read_timeout 90;
#proxy_buffer_size 4k;
#proxy_buffers 6 32k;
#proxy_busy_buffers_size 64k;
#proxy_temp_file_write_size 64k;
root /usr/share/nginx/html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
#location ~ \.php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
# include fastcgi_params;
#}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# 编译参数
./auto/configure --prefix=/etc/nginx \
--sbin-path=/usr/sbin/nginx \
--modules-path=/usr/lib/nginx/modules \
--conf-path=/etc/nginx/nginx.conf \
--error-log-path=/var/log/nginx/error.log \
--http-log-path=/var/log/nginx/access.log \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/run/nginx.lock \
--http-client-body-temp-path=/var/cache/nginx/client_temp \
--http-proxy-temp-path=/var/cache/nginx/proxy_temp \
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp \
--http-scgi-temp-path=/var/cache/nginx/scgi_temp \
--user=nginx --group=nginx \
--with-compat \
--with-file-aio \
--with-threads \
--with-http_addition_module \
--with-http_auth_request_module \
--with-http_dav_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_realip_module \
--with-http_slice_module \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_sub_module \
--with-http_v2_module --with-stream \
--with-stream_realip_module
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-cc-opt=-I../boringssl/include \
--with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' \
--with-http_v3_module \
--with-stream_quic_module \
--add-module=../nginx-http-flv-module
nginx-quic-flv-1-23-2-Linux文档类资源-CSDN下载