以下是Apache配置HTTP/3的完整步骤和关键配置说明(无需重新编译的通用方案):
1. 前置条件
1. Apache 2.4.41+(需支持HTTP/2)
2. OpenSSL 1.1.1+(推荐使用quictls分支)
3. 已加载mod_ssl和mod_http2
2. 关键配置
修改Apache主配置文件(如/etc/apache2/sites-enabled/default-ssl.conf):
# 全局基础配置
ServerName example.com
Listen 443
Listen 443 udp # HTTP/3需要UDP监听
# 加载必要模块
LoadModule ssl_module modules/mod_ssl.so
LoadModule http2_module modules/mod_http2.so
LoadModule http3_module modules/mod_http3.so
# SSL全局设置
SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
SSLHonorCipherOrder on
SSLCompression off
# 虚拟主机配置
<VirtualHost *:443>
# 基础设置
DocumentRoot "/var/www/html"
ServerName example.com
ServerAlias www.example.com
# HTTP/3核心配置
EnableHTTP3 on
HTTP3Port 443
Protocols h2 h3 http/1.1 # 协议优先级
# 证书配置
SSLEngine on
SSLCertificateFile "/etc/ssl/certs/example.crt"
SSLCertificateKeyFile "/etc/ssl/private/example.key"
SSLCertificateChainFile "/etc/ssl/certs/ca-bundle.crt"
# 性能调优
H2ModernTLSOnly on
HTTP3MaxConcurrentStreams 100
HTTP3InitialMaxData 1048576
HTTP3InitialMaxStreamData 262144
# 安全头
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
# 日志记录
ErrorLog "/var/log/apache2/error.log"
CustomLog "/var/log/apache2/access.log" combined
</VirtualHost>
3. 验证与调试
1. 检查模块加载:
apachectl -M | grep http3
2. 测试HTTP/3连接:
curl --http3 -v https://yourdomain.com
3. 浏览器验证:
- Chrome访问:chrome://net-internals/#http3
- 在线工具:https://http3check.net/
注意事项
防火墙:需开放UDP 443端口
兼容性:客户端需支持QUIC(Chrome/Firefox最新版)
性能:建议启用0-RTT加速(需配置SSLProtocol参数)
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
