If you are using Aapanel, you must be aware that you cannot choose the latest version of Nginx . Indeed, during installation we can choose to choose compiled and fast. However, this is only for adding modules that are not directly in Nginx or are called external modules.

Before writing this article, I was also confused about how to use the latest version of Nginx with the Quic and http3 protocols. However, finally after many tries and many failures, you can also build nginx with brotli and quictls support http3.

Note: when this article was released, the latest default version in aapanel was v1.24

So, how to do this? easy,. please follow the steps below..

List of contents

Preparation for custom build nginx + brotli + quic

Before starting the installation, you first prepare the materials that will be used. Like ngx_brotli, quicTLS and others.

Build Brotli for Nginx

First, we will build brotli, so that later we just need to add it into the nginx config. First of all, make sure you have git installed , then also make sure you have the latest version of cmake. Here, I suggest using cmake version 3.27.x or later .

We first create a directory to store additional modules.

mkdir /www/server/custom

Next, we can build the ngx_brotli:

git clone --recurse-submodules -j8 https://github.com/google/ngx_brotli
cd ngx_brotli/deps/brotli
mkdir out && cd out
cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DCMAKE_C_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_CXX_FLAGS="-Ofast -m64 -march=native -mtune=native -flto -funroll-loops -ffunction-sections -fdata-sections -Wl,--gc-sections" -DCMAKE_INSTALL_PREFIX=./installed ..
cmake --build . --config Release --target brotlienc
cd ../../../..

If you encounter an error like the following:

/bin/ranlib: libbrotlienc.a(entropy_encode.c.o): plugin needed to handle lto object

You can follow these steps to solve it:

First, you open and edit the following file:

/www/server/custom/ngx_brotli/deps/brotli/out/CMakeFiles/<versi-cmake>/CMakeCCompiler.cmake
# change <versi-cmake> with your cmake version.

Next, change it arto gcc-ar, ranlibto gcc-ranlibaround line 24-26 as follows:

// Before
set(CMAKE_AR "/usr/bin/ar")
set(CMAKE_C_COMPILER_AR "/usr/bin/gcc-ar-11")
set(CMAKE_RANLIB "/usr/bin/ranlib")

// After
set(CMAKE_AR "/usr/bin/gcc-ar")
set(CMAKE_C_COMPILER_AR "/usr/bin/gcc-ar-11")
set(CMAKE_RANLIB "/usr/bin/gcc-ranlib")

After that, you can run the following command to continue the build:

cmake --build . --config Release --target brotlienc
cd ../../../..

There should be no error and the following should be the last line of execution of the command:

[100%] Linking C static library libbrotlienc.a
[100%] Built target brotlienc

If it's like that, then you're done setting up the brotli. Next, we will set up QuicTLS so that nginx can use http3 and quic.

Download QuicTLS for http3+quic

This step is very simple, all you have to do is download and place the file in the custom folder we created earlier. You can follow or enter the following command in the terminal:

cd /www/server/custom

# the latest version when this article released is 3.1.4-quic1
wget -O quictls.zip https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.zip
unzip quictls.zip

# rename the unzipped folder
mv openssl-openssl-3.1.4-quic1 openssl

Once you have finished downloading quictls, the next step is to add the lua-nginx-module used by aapanel.

Download Lua-nginx-module

You can download the manual or use curl/wget as follows:

cd /www/server/custom
wget https://github.com/openresty/lua-nginx-module/archive/refs/tags/v0.10.25.tar.gz
tar -xzvf v0.10.25.tar.gz

# rename extracted folder
mv lua-nginx-module-0.10.25 lua-nginx-module

After that, you can prepare for the next step, changing the installation script.

Changing the Nginx Installation Script from AaPanel

First of all, you can use the appstore from aapanel to get the script, you just click install , select compiled and wait until it downloads nginx.sh . You can just cancel the installation by opening the processes panel and clicking del on the process. For example, just click Del next to installing :

Then you open the /www/server/panel/install folder :

cd /www/server/panel/install

# make sure that nginx.sh exist in the directory.
# open nginx.sh using nano, vi or any text editor or use the panel file manager.
$ nano nginx.sh

Then change it accordingly like this:

Change the install script configuration

Change Nginx version

You can change the version that will be installed as follows:

# find code like this
nginx_124='1.24.0'

# change the version to whatever you want. I am using 1.25.3
nginx_124='1.25.3'

Then on line 186:

# find code like this
wget -O ${Setup_Path}/src.tar.gz ${download_Url}/src/nginx-${nginxVersion}.tar.gz -T20

# change it to be like this
wget -O ${Setup_Path}/src.tar.gz https://nginx.org/download/nginx-${nginxVersion}.tar.gz -T20

Comment the script to download openssl

Next, you can comment all the following lines so as not to download the default openssl. From lines 194 – 213 .

    # if [ -z "${GMSSL}" ]; then
    #     TLSv13_NGINX=$(echo ${nginxVersion} | tr -d '.' | cut -c 1-3)
    #     if [ "${TLSv13_NGINX}" -ge "115" ] && [ "${TLSv13_NGINX}" != "181" ]; then
    #         opensslVer="1.1.1q"
    #     else
    #         opensslVer="1.0.2u"
    #     fi
    #     # if [ "$version" == "1.23" ];then
    #     #     opensslVer="3.0.5"
    #     # fi
    #     wget -O openssl.tar.gz https://github.com/quictls/openssl/archive/refs/tags/openssl-3.1.4-quic1.zip
    #     tar -xvf openssl.tar.gz
    #     mv openssl-${opensslVer} openssl
    #     rm -f openssl.tar.gz
    # else
    #     wget -O GmSSL-master.zip ${download_Url}/src/GmSSL-master.zip
    #     unzip GmSSL-master.zip
    #     mv GmSSL-master openssl
    #     rm -f GmSSL-master.zip
    # fi

Add lua-nginx-module

Next, you can change line 300 as follows:

# before
ENABLE_LUA="--add-module=${Setup_Path}/src/ngx_devel_kit --add-module=${Setup_Path}/src/lua_nginx_module"

# after
ENABLE_LUA="--add-module=${Setup_Path}/src/ngx_devel_kit --add-module=/www/server/custom/lua-nginx-module"

Change the ./configure nginx script

you can find it on line 336. Add –add-module=/www/server/custom/ngx_brotli for brotli, and change –with-openssl=${Setup_Path}/src/openssl to –with-openssl=/www/server/ custom/openssl , also add –with-http_v3_module for http3/quic as follows:

    ./configure --user=www --group=www --prefix=${Setup_Path} ${ENABLE_LUA} --add-module=${Setup_Path}/src/ngx_cache_purge --add-module=/www/server/custom/ngx_brotli ${ENABLE_STICKY} --with-openssl=/www/server/custom/openssl --with-pcre=pcre-${pcre_version} ${ENABLE_HTTP2} --with-http_stub_status_module --with-http_ssl_module --with-http_image_filter_module --with-http_gzip_static_module --with-http_gunzip_module --with-ipv6 --with-http_sub_module --with-http_v3_module --with-http_xslt_module --with-http_flv_module --with-http_addition_module --with-http_realip_module --with-http_mp4_module --add-module=${Setup_Path}/src/ngx_http_substitutions_filter_module-master --with-ld-opt="-Wl,-E" --with-cc-opt="-Wno-error" ${jemallocLD} ${ENABLE_WEBDAV} ${ENABLE_NGX_PAGESPEED} ${ADD_EXTENSION} ${i_make_args}

Then delete and replace lines 379 – 391 from:

    if [ "${version}" == "1.23" ] || [ "${version}" == "1.24" ] || [ "${version}" == "tengine" ];then
        wget -c -O lua-resty-core-0.1.26.zip ${download_Url}/src/lua-resty-core-0.1.26.zip
        unzip lua-resty-core-0.1.26.zip
        cd lua-resty-core-0.1.26
        make install PREFIX=/www/server/nginx
        cd ..
        rm -rf lua-resty-core-0.1.26*

        wget -c -O lua-resty-lrucache-0.13.zip ${download_Url}/src/lua-resty-lrucache-0.13.zip
        unzip lua-resty-lrucache-0.13.zip
        cd lua-resty-lrucache-0.13
        make install PREFIX=/www/server/nginx
        cd ..
        rm -rf lua-resty-core-0.1.26*

    fi

become:

    if [ "${version}" == "1.23" ] || [ "${version}" == "1.24" ] || [ "${version}" == "tengine" ];then
        wget -c -O lua-resty-core-0.1.27.zip https://github.com/openresty/lua-resty-core/archive/refs/tags/v0.1.27.zip
        unzip lua-resty-core-0.1.27.zip
        cd lua-resty-core-0.1.27
        make install PREFIX=/www/server/nginx
        cd ..
        rm -rf lua-resty-core-0.1.27*

        wget -c -O lua-resty-lrucache-0.13.zip ${download_Url}/src/lua-resty-lrucache-0.13.zip
        unzip lua-resty-lrucache-0.13.zip
        cd lua-resty-lrucache-0.13
        make install PREFIX=/www/server/nginx
        cd ..
        rm -rf lua-resty-core-0.1.27*

    fi

After you have finished doing that, then we have also finished changing the script. Next is to run the installation script.

Running the Custom Nginx Install Script in AaPanel

To run this script is very easy, you can type the following command on your terminal in the /www/server/panel/install folder :

# Don't include the $ sign.
$ bash nginx.sh install 1.24

Let the script run, if you have done the steps above correctly. Your installation should be successful. Once finished and nginx is running, you can check in the appstore whether it has been installed or not.

Nginx.conf configuration

To use brotli and quic/http3 you have to add some code to the nginx configuration.

You can use the aapanel GUI or use the command line. Add the following code to use brotli on the HTTP Block:

# Enable Brotli
        brotli            on;
        brotli_static     on;
        brotli_comp_level 6;
        # File types to compress
        brotli_types application/atom+xml application/javascript application/json application/rss+xml
                     application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype
                     application/x-font-ttf application/x-javascript application/xhtml+xml application/xml
                     font/eot font/opentype font/otf font/truetype image/svg+xml image/vnd.microsoft.icon
                     image/x-icon image/x-win-bitmap text/css text/javascript text/plain text/xml;

Next, if you already have a site on your VPS, or are creating a new site, then you must add the following code to your server config file block.

server
{
    listen 80;
# use reuseport directive once on any site.
    listen 443 quic reuseport; 
    listen 443 ssl;
    listen [::]:80;
    listen [::]:443 quic reuseport;
    listen [::]:443 ssl;

    #... ssl config, etc.

    # enable http3/quic
    ssl_early_data on;
    quic_retry on;
    http2 on;
    
    # header to tell the browser http3/quic port
    add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400';

    #...other config
}

Please note that “reuseport” directive is not required on all your site conf, use it only once on any site conf.

Open Port 443

Next, you go to the security tab on the panel. If your panel already has port 443, you can change the port from just TCP to TCP/UDP (UDP for quic) as follows:

After everything is finished, restart your Nginx server via the panel and try testing. For testing, you can use curl (which already supports quic and http3) or use the test service from http3check , or you can use chrome canary for testing.

Here I tried it with litespeed check:

results from http3check:

If you have results like the image above, then you have succeeded in activating quic/http3 and brotli.

Conclusion

Using or installing software that is not officially supported by the panel is risky. Like nginx in AaPanel, here we install version 1.25.3 while the latest version of AaPanel is 1.24.

We can also add or change the installation script according to our wishes, such as adding brotli and quic/http3. Apart from that, we can also add things that are not in the script or won't run when using the original aapanel script.

If you encounter difficulties, or find errors in this article, please comment below and I will help or improve this article.

Thank you for visiting hadezuka.dev

Reference:

  1. https://github.com/google/ngx_brotli
  2. https://github.com/google/ngx_brotli/issues/159
  3. https://github.com/quictls/openssl
  4. https://github.com/openresty/lua-nginx-module
  5. https://github.com/openresty/luajit2

About the Author

Dzul Qurnain

Suka nonton Anime, ngoding dan bagi-bagi tips kalau tahu.. Oh iya, suka baca ( tapi yang menarik menurutku aja)...

View All Articles