Nginx QUIC configuration file

Manuel manuel.baesler at gmail.com
Mon Oct 12 06:03:32 UTC 2020 

Hi,

the config file is from the nginx quic repository and from the blog post. It should work for every client that implements at least the 29 draft.

Best,
Manuel


> Am 11.10.2020 um 23:15 schrieb HARISH KUMAR Ivaturi <harishkumarivaturi at gmail.com>:
> 
> Hi Manuel 
> 
> Thank you for the solution. I think it is a configuration file related with Google Chrome Canary browser.
> Does the same config file work if I want to get a response in the terminal using curl command.
> command used:
> 
> curl -k -v --http3 "https://127.0.0.1:443"
> 
> And the reason why i need a proper config file is , later i want to make OpenStack rely with nginx (with HTTP/3) web server so there could be an interaction between them. I hope you understand.
> 
> I sincerely thank you for your reply, but if it works for this Cloud then it would be helpful.
> 
> BR
> Harish Kumar
> 
>> On Mon, Oct 12, 2020 at 1:07 AM Manuel <manuel.baesler at gmail.com> wrote:
>> Hi,
>> 
>> please recompile nginx with the latest version of boring and nginx. Probably also with minus minus prefix set to /etc/nginx
>> 2nd step would be to find out which exact nginx binary the cmd 'service nginx restart' is executing. Alternative would be to execute the compiled binary directly.
>> 
>> I tried it out today and so far nginx and Google Chrome Canary with enabled quic h3-29 draft are talking http3 via quic.
>> 
>> This is the config:
>> 
>> events {}
>>     http {
>>         log_format quic '$remote_addr - $remote_user [$time_local] '
>>  
>>                         '"$request" $status $body_bytes_sent '
>>  
>>                         '"$http_referer" "$http_user_agent" "$quic" "$http3"';
>>  
>>         access_log logs/access.log quic;
>>         error_log logs/error.log debug;
>>  
>>         server {
>>                 root /var/www/html;
>>  
>>                 server_name xyz ;
>>  
>>             # for better compatibility it's recommended
>>  
>>             # to use the same port for quic and https
>>             listen 443 http3 reuseport;
>>             listen 443 ssl;
>>             ssl_protocols  TLSv1.3;
>>  
>>     ssl_certificate ...
>>     ssl_certificate_key ...
>>     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
>>     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
>>  
>>             location / {
>>                 # required for browsers to direct them into quic port
>>  
>>                 add_header X-http3-status "http3 is $http3";
>>                 add_header X-quic-status "quic is $quic";
>>                 add_header Alt-Svc '$http3=":443"; ma=86400';
>>                 # add_header Alt-Svc 'quic=":443"';
>>             }
>>         }
>>     }
>> 
>> 
>>> Am 10.10.2020 um 15:23 schrieb HARISH KUMAR Ivaturi <harishkumarivaturi at gmail.com>:
>>> 
>>> Hi Manuel 
>>> 
>>> I am not sure if you remember but with your help i have installed Nginx with HTTP/3 by installing boringssl.
>>> After all the process done you have suggested me to do 
>>> sudo cp objs/nginx /usr/local/bin/
>>> 
>>> So now.
>>> 
>>> 
>>> $ nginx -V
>>> nginx version: nginx/1.19.1
>>> built by gcc 7.5.0 (Ubuntu 7.5.0-3ubuntu1~18.04) 
>>> built with OpenSSL 1.1.0 (compatible; BoringSSL) (running with BoringSSL)
>>> TLS SNI support enabled
>>> configure arguments: --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
>>> 
>>>> On Sat, Oct 10, 2020 at 5:18 PM Manuel <manuel.baesler at gmail.com> wrote:
>>>> Hi,
>>>> 
>>>> can you verify that the nginx binary that is using the http3 config is the nginx that can do http3?
>>>> For this you have to locate the systemd file that starts the nginx server and then look into the file to which path the executable point. Then run minus minus version on the binary.
>>>> 
>>>>> Am 10.10.2020 um 15:04 schrieb HARISH KUMAR Ivaturi <harishkumarivaturi at gmail.com>:
>>>>> 
>>>>> Hi 
>>>>> 
>>>>> I have installed nginx with http/3 with mercurial. 
>>>>> I just need a proper default.conf which is located in /etc/nginx/conf.d and in default.conf
>>>>> 
>>>>> BR
>>>>> Harish Kumar
>>>>> 
>>>>>> On Sat, Oct 10, 2020 at 5:00 PM Maxim Konovalov <maxim at nginx.com> wrote:
>>>>>> On 10.10.2020 17:56, HARISH KUMAR Ivaturi wrote:
>>>>>> > Hi
>>>>>> > 
>>>>>> > Sorry, this is my final default.conf
>>>>>> > 
>>>>>> > server {
>>>>>> >     listen 443 ssl;              # TCP listener for HTTP/1.1
>>>>>> >     listen 443 http3 reuseport;  # UDP listener for QUIC+HTTP/3
>>>>>> >     server_name  localhost;
>>>>>> >     ssl_protocols       TLSv1.3; # QUIC requires TLS 1.3
>>>>>> >     ssl_certificate     cert.crt;
>>>>>> >     ssl_certificate_key cert.key;
>>>>>> > 
>>>>>> >     add_header Alt-Svc 'quic=":443"'; # Advertise that QUIC is available
>>>>>> >     add_header QUIC-Status $quic;     # Sent when QUIC was used
>>>>>> > }
>>>>>> > 
>>>>>> > after this i run 
>>>>>> > curl -k --http3 -v "https://127.0.0.1:443"
>>>>>> > 
>>>>>> > And in another terminal i have my 
>>>>>> >  sudo tail -f /var/log/nginx/error.log
>>>>>> > 
>>>>>> > 2020/10/10 14:45:24 [emerg] 25485#25485: invalid parameter "http3" in
>>>>>> > /etc/nginx/conf.d/default.conf:3
>>>>>> > 
>>>>>> > Help me with this issue.
>>>>>> > 
>>>>>> You probably complied nginx from the vanilla repo while you should take
>>>>>> it from this one:
>>>>>> 
>>>>>> https://hg.nginx.org/nginx-quic/file/quic
>>>>>> 
>>>>>> See https://quic.nginx.org/ for more information.
>>>>>> 
>>>>>> -- 
>>>>>> Maxim Konovalov
>>>>> _______________________________________________
>>>>> nginx-devel mailing list
>>>>> nginx-devel at nginx.org
>>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>>> _______________________________________________
>>>> nginx-devel mailing list
>>>> nginx-devel at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20201012/b4fa7cf5/attachment-0001.htm>

More information about the nginx-devel mailing list