Nginx QUIC configuration file

Manuel manuel.baesler at gmail.com
Sun Oct 11 23:07:19 UTC 2020 

Hi,

please recompile nginx with the latest version of boring and nginx. Probably also with minus minus prefix set to /etc/nginx
2nd step would be to find out which exact nginx binary the cmd 'service nginx restart' is executing. Alternative would be to execute the compiled binary directly.

I tried it out today and so far nginx and Google Chrome Canary with enabled quic h3-29 draft are talking http3 via quic.

This is the config:

events {}
    http {
        log_format quic '$remote_addr - $remote_user [$time_local] '
 
                        '"$request" $status $body_bytes_sent '
 
                        '"$http_referer" "$http_user_agent" "$quic" "$http3"';
 
        access_log logs/access.log quic;
        error_log logs/error.log debug;
 
        server {
                root /var/www/html;
 
                server_name xyz ;
 
            # for better compatibility it's recommended
 
            # to use the same port for quic and https
            listen 443 http3 reuseport;
            listen 443 ssl;
            ssl_protocols  TLSv1.3;
 
    ssl_certificate ...
    ssl_certificate_key ...
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
 
            location / {
                # required for browsers to direct them into quic port
 
                add_header X-http3-status "http3 is $http3";
                add_header X-quic-status "quic is $quic";
                add_header Alt-Svc '$http3=":443"; ma=86400';
                # add_header Alt-Svc 'quic=":443"';
            }
        }
    }


> Am 10.10.2020 um 15:23 schrieb HARISH KUMAR Ivaturi <harishkumarivaturi at gmail.com>:
> 
> Hi Manuel 
> 
> I am not sure if you remember but with your help i have installed Nginx with HTTP/3 by installing boringssl.
> After all the process done you have suggested me to do 
> sudo cp objs/nginx /usr/local/bin/
> 
> So now.
> 
> 
> $ nginx -V
> nginx version: nginx/1.19.1
> built by gcc 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04) 
> built with OpenSSL 1.1.0 (compatible; BoringSSL) (running with BoringSSL)
> TLS SNI support enabled
> configure arguments: --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
> 
>> On Sat, Oct 10, 2020 at 5:18 PM Manuel <manuel.baesler at gmail.com> wrote:
>> Hi,
>> 
>> can you verify that the nginx binary that is using the http3 config is the nginx that can do http3?
>> For this you have to locate the systemd file that starts the nginx server and then look into the file to which path the executable point. Then run minus minus version on the binary.
>> 
>>> Am 10.10.2020 um 15:04 schrieb HARISH KUMAR Ivaturi <harishkumarivaturi at gmail.com>:
>>> 
>>> Hi 
>>> 
>>> I have installed nginx with http/3 with mercurial. 
>>> I just need a proper default.conf which is located in /etc/nginx/conf.d and in default.conf
>>> 
>>> BR
>>> Harish Kumar
>>> 
>>>> On Sat, Oct 10, 2020 at 5:00 PM Maxim Konovalov <maxim at nginx.com> wrote:
>>>> On 10.10.2020 17:56, HARISH KUMAR Ivaturi wrote:
>>>> > Hi
>>>> > 
>>>> > Sorry, this is my final default.conf
>>>> > 
>>>> > server {
>>>> >     listen 443 ssl;              # TCP listener for HTTP/1.1
>>>> >     listen 443 http3 reuseport;  # UDP listener for QUIC+HTTP/3
>>>> >     server_name  localhost;
>>>> >     ssl_protocols       TLSv1.3; # QUIC requires TLS 1.3
>>>> >     ssl_certificate     cert.crt;
>>>> >     ssl_certificate_key cert.key;
>>>> > 
>>>> >     add_header Alt-Svc 'quic=":443"'; # Advertise that QUIC is available
>>>> >     add_header QUIC-Status $quic;     # Sent when QUIC was used
>>>> > }
>>>> > 
>>>> > after this i run 
>>>> > curl -k --http3 -v "https://127.0.0.1:443"
>>>> > 
>>>> > And in another terminal i have my 
>>>> >  sudo tail -f /var/log/nginx/error.log
>>>> > 
>>>> > 2020/10/10 14:45:24 [emerg] 25485#25485: invalid parameter "http3" in
>>>> > /etc/nginx/conf.d/default.conf:3
>>>> > 
>>>> > Help me with this issue.
>>>> > 
>>>> You probably complied nginx from the vanilla repo while you should take
>>>> it from this one:
>>>> 
>>>> https://hg.nginx.org/nginx-quic/file/quic
>>>> 
>>>> See https://quic.nginx.org/ for more information.
>>>> 
>>>> -- 
>>>> Maxim Konovalov
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201011/85bb3929/attachment.htm>

More information about the nginx-devel mailing list