[英]How Do You Enable HTTP/3 on IIS?
The new HTTP/3 protocol is supposed to be faster and more secure than HTTP/2.新的 HTTP/3 协议应该比 HTTP/2 更快、更安全。 How do I enable it on Windows Server running IIS websites?
如何在运行 IIS 网站的 Windows 服务器上启用它?
As of this writing, HTTP/3 is only supported on Windows Server 2022. If you are on any previous version, I'm afraid you are out of luck.在撰写本文时,HTTP/3 仅在 Windows Server 2022 上受支持。如果您使用的是任何以前的版本,恐怕您就不走运了。
Assuming you are on Windows Server 2022, here is how you enable it.假设您使用的是 Windows Server 2022,下面是启用它的方法。
Step 1: Update the Windows Registry第 1 步:更新 Windows 注册表
Copy and paste the following text into a new.reg file.将以下文本复制并粘贴到 new.reg 文件中。 You can call it something like "enable-http-3.reg"
您可以将其称为“enable-http-3.reg”
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.3\Server]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters]
"EnableHttp3"=dword:00000001
"EnableAltSvc"=dword:00000001
Once saved, execute it on your Windows Server 2022 by double-clicking it, or by using reg.exe.
保存后,通过双击或使用 reg.exe 在 Windows Server 2022 上执行它。
Step 2: Enable TLS Cipher第 2 步:启用 TLS 密码
Note: Based on feedback from other users, this step may be optional .注意:根据其他用户的反馈,此步骤可能是可选的。 However, I needed to enable it on my installation.
但是,我需要在我的安装中启用它。
Open PowerShell as Administrator to enable the TLS_CHACHA20_POLY1305_SHA256
cipher suite.以管理员身份打开 PowerShell 以启用
TLS_CHACHA20_POLY1305_SHA256
密码套件。 Execute the following command in PowerShell: Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0
在PowerShell中执行如下命令:
Enable-TlsCipherSuite -Name TLS_CHACHA20_POLY1305_SHA256 -Position 0
Step 3: Allow UDP Connections on Port 443第 3 步:允许端口 443 上的 UDP 连接
HTTP/3 uses QUIC protocol which uses incoming UDP connections on port 443 . HTTP/3 使用 QUIC 协议,该协议使用端口 443 上的传入 UDP 连接。 You'll need to allow connections if you're using a firewall.
如果您使用防火墙,则需要允许连接。 Here is how the rule might look in Windows Firewall:
以下是该规则在 Windows 防火墙中的外观:
Step 4: Add HTTP/3 Response Headers to IIS第 4 步:将 HTTP/3 响应标头添加到 IIS
HTTP/3 requires some special response headers within IIS. Select either the website, or the machine within IIS and select "HTTP Response Headers." HTTP/3 需要 IIS 中的一些特殊响应标头。Select 网站或 IIS 和 select“HTTP 响应标头”中的机器。
Create a new response header with the name alt-svc
and the value h3=":443"; ma=86400; persist=1
使用名称
alt-svc
和值h3=":443"; ma=86400; persist=1
h3=":443"; ma=86400; persist=1
h3=":443"; ma=86400; persist=1
. h3=":443"; ma=86400; persist=1
。
That's it.而已。 Now test to make sure HTTP/3 is working in your browser.
现在测试以确保 HTTP/3 在您的浏览器中正常工作。 Many modern browsers li support HTTP/3 so you shouldn't need any configuration changes, However, one thing to note is that HTTP/3 only works on HTTPS connections , so if you're loading a website using HTTP, it will not work.
许多现代浏览器都支持 HTTP/3,因此您不需要任何配置更改,但是,需要注意的一件事是 HTTP/3仅适用于 HTTPS 连接,因此如果您使用 HTTP 加载网站,它将不起作用. Make sure to configure websites in IIS to use HTTPS protocol.
确保将 IIS 中的网站配置为使用 HTTPS 协议。
You will know when HTTP/3 is working via the browser's dev tools.您将通过浏览器的开发工具知道 HTTP/3 何时工作。 Open developer tools, click on the.network tab and note the
protocol
column.打开开发人员工具,单击 .network 选项卡并注意
protocol
列。 Chrome 108.0.5359.94 screenshot: Chrome 108.0.5359.94 截图:
Firefox 107.0.1 screenshot: Firefox 107.0.1 截图:
Troubleshooting Tips故障排除技巧
More resources and references:更多资源和参考资料:
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.