跳轉到內容
View in the app

A better way to browse. Learn more.
PHP論壇人

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

6.開啟 HTTP/3 QUIC

Jack
HTTP/3 QUIC

精選回覆

發表於

-----------------------------------
開啟 HTTP/3 QUIC
-----------------------------------

預設網站目錄

/var/www/域名.com

 

修改 域名.com.conf

vi /etc/nginx/sites-available/域名.com.conf

 

給IPS論壇用 (會與vBulletin論壇的偽靜態衝突)

 

前面的步驟有寫了幾行,現在都刪掉,更換為 

server {
    listen 443 ssl;
    listen [::]:443 ssl;
    listen 443 quic reuseport;
    listen [::]:443 quic reuseport;
    http2 on;
    # server_name 域名.com www.域名.com;
    server_name 域名.com;

    root /var/www/域名.com;

               index index.html index.htm index.php default.html default.htm default.php;


            try_files $uri $uri/ =404; 

          # Allow only GET,POST to visit website 
             if ($request_method !~* GET|POST) {
             return 403;
        }

    ssl_certificate /etc/nginx/ssl/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/域名.com.key;
    ssl_trusted_certificate /etc/nginx/ssl/ca.cer;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;
                ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_stapling on;
    ssl_stapling_verify on;

                include rewrite/ips.conf;

    resolver 1.1.1.1 8.8.8.8 valid=300s;
    resolver_timeout 10s;

    add_header Alt-Svc 'h3=":443"; ma=86400';
                add_header QUIC-Status $http3;
                add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
                add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:";
                add_header X-Frame-Options "SAMEORIGIN";


                location ~ \.php$ {
                        include snippets/fastcgi-php.conf;
                        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
                       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                       include   fastcgi_params;
                }
                 brotli on;
                 brotli_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream;

                gzip on;
               gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }
}


ESC儲存並離開
:wq

 


在 /root/.acme.sh/域名.com_ecc 目錄底下,將那幾個SSL憑證下載回去,並保存好

使用SFTP,將那幾個SSL憑證,再上傳到 /etc/nginx/ssl/ 目錄下

 

 

在此也修改一下 偽靜態

8.偽靜態 rewrite

 

 

重新加载Nginx
nginx -t

nginx -s reload

 

這時,瀏覽器可進入你的網站

https://域名.com/

在瀏覽器,按 F12,可得知網站是否運行 HTTP/3 QUIC

注意:可能需要清除瀏覽器的cache!

 

或者,有檢查網站可以用來測試是否運行 HTTP/3 QUIC

HTTP/3 Check
https://http3check.net


HTTP/3 QUIC 在线测试
https://http3.wcode.net

 

 

http3-1.png

 

 

http3-2.png

本文章最後於,由Jack編輯

  • 樓主

vBulletin論壇使用

修改 域名.com.conf

vi /etc/nginx/sites-available/域名.com.conf 

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    listen 443 quic reuseport;
    listen [::]:443 quic reuseport;
    http2 on;

    server_name 域名.com;

    root /var/www/域名.com;
    index index.html index.htm index.php default.html default.htm default.php;

    ssl_certificate /etc/nginx/ssl/fullchain.cer;
    ssl_certificate_key /etc/nginx/ssl/域名.com.key;
    ssl_trusted_certificate /etc/nginx/ssl/ca.cer;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;
    ssl_session_tickets off;

    ssl_protocols TLSv1.3;
    ssl_prefer_server_ciphers off;
                ssl_ciphers "TLS13-AES-256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-128-CCM-8-SHA256:TLS13-AES-128-CCM-SHA256:EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
    ssl_stapling on;
    ssl_stapling_verify on;

                include rewrite/vbb.conf;

    resolver 1.1.1.1 8.8.8.8 valid=300s;
    resolver_timeout 10s;

    add_header Alt-Svc 'h3=":443"; ma=86400';
                add_header QUIC-Status $http3;
                add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
                add_header Content-Security-Policy-Report-Only "default-src https:; script-src https: 'unsafe-eval' 'unsafe-inline'; style-src https: 'unsafe-inline'; img-src https: data:; font-src https: data:";
                add_header X-Frame-Options "SAMEORIGIN";


                location ~ \.php$ {
                        include snippets/fastcgi-php.conf;
                        fastcgi_pass unix:/var/run/php/php8.3-fpm.sock;
                       fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                       include   fastcgi_params;
                }
                 brotli on;
                 brotli_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream;

                gzip on;
               gzip_types text/css text/x-component application/x-javascript application/javascript text/javascript text/x-js text/richtext image/svg+xml text/plain text/xsd text/xsl text/xml image/x-icon application/octet-stream;


        location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$
        {
            expires      30d;
        }

        location ~ .*\.(js|css)?$
        {
            expires      12h;
        }

        location ~ /.well-known {
            allow all;
        }

        location ~ /\.
        {
            deny all;
        }
}

 

ESC儲存並離開
:wq

 


----------------------------------------------------------------------
在 /root/.acme.sh/域名.com_ecc 目錄底下,將那幾個SSL憑證下載回去,並保存好

使用SFTP,將那幾個SSL憑證,再上傳到 /etc/nginx/ssl/ 目錄下
----------------------------------------------------------------------

 

 

vBulletin論壇 偽靜態 rewrite

在此也修改一下 偽靜態

 


重新加载Nginx

nginx -t

nginx -s reload

 

建立帳號或登入後發表意見

前往主題列表

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.