Nginx QUIC configuration file

HARISH KUMAR Ivaturi harishkumarivaturi at gmail.com
Sun Oct 11 23:15:54 UTC 2020 

Hi Manuel

Thank you for the solution. I think it is a configuration file related with
Google Chrome Canary browser.
Does the same config file work if I want to get a response in the terminal
using curl command.
command used:

curl -k -v --http3 "https://127.0.0.1:443"

And the reason why i need a proper config file is , later i want to make
OpenStack rely with nginx (with HTTP/3) web server so there could be an
interaction between them. I hope you understand.

I sincerely thank you for your reply, but if it works for this Cloud then
it would be helpful.

BR
Harish Kumar

On Mon, Oct 12, 2020 at 1:07 AM Manuel <manuel.baesler at gmail.com> wrote:

> Hi,
>
> please recompile nginx with the latest version of boring and nginx.
> Probably also with minus minus prefix set to /etc/nginx
> 2nd step would be to find out which exact nginx binary the cmd 'service
> nginx restart' is executing. Alternative would be to execute the compiled
> binary directly.
>
> I tried it out today and so far nginx and Google Chrome Canary with
> enabled quic h3-29 draft are talking http3 via quic.
>
> This is the config:
>
> events {}
>
>     http {
>
>         log_format quic '$remote_addr - $remote_user [$time_local] '
>
>
>
>                         '"$request" $status $body_bytes_sent '
>
>
>
>                         '"$http_referer" "$http_user_agent" "$quic"
> "$http3"';
>
>
>
>         access_log logs/access.log quic;
>
>         error_log logs/error.log debug;
>
>
>
>         server {
>
>                 root /var/www/html;
>
>
>
>                 server_name xyz ;
>
>
>
>             # for better compatibility it's recommended
>
>
>
>             # to use the same port for quic and https
>
>             listen 443 http3 reuseport;
>
>             listen 443 ssl;
>
>             ssl_protocols  TLSv1.3;
>
>
>
>     ssl_certificate ...
>
>     ssl_certificate_key ...
>
>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
>
>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>
>
>
>             location / {
>
>                 # required for browsers to direct them into quic port
>
>
>
>                 add_header X-http3-status "http3 is $http3";
>
>                 add_header X-quic-status "quic is $quic";
>
>                 add_header Alt-Svc '$http3=":443"; ma=86400';
>
>                 # add_header Alt-Svc 'quic=":443"';
>
>             }
>
>         }
>
>     }
>
>
>
> Am 10.10.2020 um 15:23 schrieb HARISH KUMAR Ivaturi <
> harishkumarivaturi at gmail.com>:
>
> Hi Manuel
>
> I am not sure if you remember but with your help i have installed Nginx
> with HTTP/3 by installing boringssl.
> After all the process done you have suggested me to do
> sudo cp objs/nginx /usr/local/bin/
>
> So now.
>
>
> $ nginx -V
> nginx version: nginx/1.19.1
> built by gcc 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04)
> built with OpenSSL 1.1.0 (compatible; BoringSSL) (running with BoringSSL)
> TLS SNI support enabled
> configure arguments: --with-debug --with-http_v3_module
> --with-cc-opt=-I../boringssl/include
> --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
>
> On Sat, Oct 10, 2020 at 5:18 PM Manuel <manuel.baesler at gmail.com> wrote:
>
>> Hi,
>>
>> can you verify that the nginx binary that is using the http3 config is
>> the nginx that can do http3?
>> For this you have to locate the systemd file that starts the nginx server
>> and then look into the file to which path the executable point. Then run
>> minus minus version on the binary.
>>
>> Am 10.10.2020 um 15:04 schrieb HARISH KUMAR Ivaturi <
>> harishkumarivaturi at gmail.com>:
>>
>> Hi
>>
>> I have installed nginx with http/3 with mercurial.
>> I just need a proper default.conf which is located in /etc/nginx/conf.d
>> and in default.conf
>>
>> BR
>> Harish Kumar
>>
>> On Sat, Oct 10, 2020 at 5:00 PM Maxim Konovalov <maxim at nginx.com> wrote:
>>
>>> On 10.10.2020 17:56, HARISH KUMAR Ivaturi wrote:
>>> > Hi
>>> >
>>> > Sorry, this is my final default.conf
>>> >
>>> > server {
>>> >     listen 443 ssl;              # TCP listener for HTTP/1.1
>>> >     listen 443 http3 reuseport;  # UDP listener for QUIC+HTTP/3
>>> >     server_name  localhost;
>>> >     ssl_protocols       TLSv1.3; # QUIC requires TLS 1.3
>>> >     ssl_certificate     cert.crt;
>>> >     ssl_certificate_key cert.key;
>>> >
>>> >     add_header Alt-Svc 'quic=":443"'; # Advertise that QUIC is
>>> available
>>> >     add_header QUIC-Status $quic;     # Sent when QUIC was used
>>> > }
>>> >
>>> > after this i run
>>> > curl -k --http3 -v "https://127.0.0.1:443"
>>> >
>>> > And in another terminal i have my
>>> >  sudo tail -f /var/log/nginx/error.log
>>> >
>>> > 2020/10/10 14:45:24 [emerg] 25485#25485: invalid parameter "http3" in
>>> > /etc/nginx/conf.d/default.conf:3
>>> >
>>> > Help me with this issue.
>>> >
>>> You probably complied nginx from the vanilla repo while you should take
>>> it from this one:
>>>
>>> https://hg.nginx.org/nginx-quic/file/quic
>>>
>>> See https://quic.nginx.org/ for more information.
>>>
>>> --
>>> Maxim Konovalov
>>>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201012/5debdac6/attachment-0001.htm>

More information about the nginx-devel mailing list