<div dir="ltr">No no. UDP is open. Anyway, I've given up trying to get it working.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Dec 22, 2020 at 10:34 PM Jonny Barnes <<a href="mailto:jonnybarnes@gmail.com">jonnybarnes@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex"><div dir="auto">Do you have a firewall setup on the server to only allow traffic on 443 if it’s tcp traffic?</div><div dir="auto"><br></div><div dir="auto">Rule needs to be added for udp as well</div><div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 22 Dec 2020 at 13:08, Surinder Sund <<a href="mailto:goodlord@gmail.com" target="_blank">goodlord@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div dir="ltr"><div dir="ltr">Thank You Johny.<div><br></div><div>I fixed that (In fact, I'd fixed it in the trial machine earlier, but when I restored a backup, it came back in).</div><div><br></div><div>Unfortunately, the error still remains.</div><div><br></div><div>Pls see the picture below. I can confirm that the traffic is hitting 443/UDP, but nothing is being returned.</div><div><br></div><div><a href="https://drive.google.com/file/d/1knHKb_jUcjdY71wCz-w1TG4QupxH9CN3/view?usp=sharing" target="_blank">https://drive.google.com/file/d/1knHKb_jUcjdY71wCz-w1TG4QupxH9CN3/view?usp=sharing</a><br></div><div><br></div><div><img src="cid:ii_kj003rqb0" alt="image.png" style="width: 812px; max-width: 100%;"><br></div><div><br></div><div>Looks like no cigar for me yet.</div><div><br></div><div><br></div><div><br></div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Dec 21, 2020 at 10:24 PM Jonny Barnes <<a href="mailto:jonnybarnes@gmail.com" target="_blank">jonnybarnes@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div dir="auto">I think your Alt Svc header should be pointing to port 443, not 8443<br></div><div dir="auto"><br><div class="gmail_quote" dir="auto"><div dir="ltr" class="gmail_attr">On Mon, 21 Dec 2020 at 14:41, Surinder Sund <<a href="mailto:goodlord@gmail.com" target="_blank">goodlord@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div dir="ltr">forgot to add that this affects only http3 requests [I've tested from more than one machine and multiple clients, including cURL and FF]<div><br></div><div>http2 request work fine with no change in configuration.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Dec 21, 2020 at 7:16 PM Surinder Sund <<a href="mailto:goodlord@gmail.com" target="_blank">goodlord@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;padding-left:1ex;border-left-color:rgb(204,204,204)"><div dir="ltr"><div class="gmail_quote"><div dir="ltr"><div dir="ltr"><div><span style="font-family:monospace">I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu 20.04.</span><br></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><br></font></div><div><span style="font-family:monospace">But I'm getting this error:</span><br></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><br></font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><b style="font-family:monospace">*1 SSL_do_handshake() failed (SSL: error:10000118:SSL routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)</b><br></font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><br></font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">Looks like some issue with the way Boringssl is set up, or being used by Nginx?</font></div><div><br></div><div><br></div><div>HOW I BUILT BORINGSSL</div><div><br></div><div>cd boringssl; mkdir build ; cd build ; cmake -GNinja ..<br></div><div><div>ninja</div></div><div><br></div><div>NGINX DETAILS</div><div><b><br></b></div><div><b>~/nginx-quic# nginx -V</b><br></div><div><div><br></div><div>nginx version: nginx/1.19.6<b><br></b></div><div>built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)</div><div>built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)</div><div>TLS SNI support enabled</div><div>configure arguments: --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' --with-http_quic_module --with-stream_quic_module --with-http_image_filter_module --with-http_sub_module --with-stream --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid</div></div><div><br></div><div><br></div><div>HOW I BUILT NGINX QUIC:</div><div><div><br></div><div>cd ~/nginx-quic ;</div><div>./auto/configure --with-debug --with-http_v3_module       \</div><div>                       --with-cc-opt="-I../boringssl/include"   \</div><div>                       --with-ld-opt="-L../boringssl/build/ssl  \</div><div>                                      -L../boringssl/build/crypto"    \</div><div>--with-http_quic_module  --with-stream_quic_module   --with-http_image_filter_module --with-http_sub_module --with-stream --add-module=/usr/local/src/ngx_brotli    --prefix=/etc/nginx  --sbin-path=/usr/sbin/nginx   --modules-path=/usr/lib/nginx/modules   --conf-path=/etc/nginx/nginx.conf  --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid  </div></div><div><br></div><div><br></div><div>MY NGINX BUILD CONFIGURATION SUMMARY:</div><div><br></div><div><div>Configuration summary</div><div>  + using system PCRE library</div><div>  + using system OpenSSL library</div><div>  + using system zlib library</div><div><br></div><div>  nginx path prefix: "/etc/nginx"</div><div>  nginx binary file: "/usr/sbin/nginx"</div><div>  nginx modules path: "/usr/lib/nginx/modules"</div><div>  nginx configuration prefix: "/etc/nginx"</div><div>  nginx configuration file: "/etc/nginx/nginx.conf"</div><div>  nginx pid file: "/var/run/nginx.pid"</div><div>  nginx error log file: "/var/log/nginx/error.log"</div><div>  nginx http access log file: "/etc/nginx/logs/access.log"</div><div>  nginx http client request body temporary files: "client_body_temp"</div><div>  nginx http proxy temporary files: "proxy_temp"</div><div>  nginx http fastcgi temporary files: "fastcgi_temp"</div><div>  nginx http uwsgi temporary files: "uwsgi_temp"</div><div>  nginx http scgi temporary files: "scgi_temp"</div></div><div><br></div><div><br></div><div><br></div><div><br></div><div>MY SITE CONFIGURATION</div><div><br></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><br></font></div><div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            listen 80;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            listen [::]:80;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            listen 443 ssl http2 fastopen=150;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            listen   [::]:443 ipv6only=on ssl  fastopen=150;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            include snippets/ssl-params.conf;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            server_name blah.blah;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            root /var/wordpress;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            index index.html index.htm index.php;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            access_log /var/log/nginx/xx.log;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            error_log /var/log/nginx/xx-error_log;<br></font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            ssl_early_data on;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            listen 443 http3 reuseport;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            listen [::]:443 http3 reuseport;</font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)">            add_header Alt-Svc '$http3=":8443"; ma=86400';</font></div></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><br></font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><br></font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><b style="font-family:monospace">in nginx.conf I've added this:</b></font></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><b style="font-family:monospace"><br></b></font></div><div><span style="font-family:monospace">           ssl_protocols  TLSv1.3; #disabled 1.1 & 1.2</span><br></div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><br></font></div><div><br></div><div>UDP is open on port 441, I've double checked this from the outside. So it's not a port issue.</div><div><font face="monospace" style="font-family:monospace;color:rgb(0,0,0)"><br></font></div><div></div></div></div>
</div></div>
</blockquote></div>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></blockquote></div></div>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></blockquote></div>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></blockquote></div></div>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></blockquote></div>