<div dir="ltr">Hi Roman,<div><br></div><div>Thanks for your reply.</div><div><br></div><div>I can't know why the SSL certificate isn't trusted by the Chrome browser because there is no problem related to the SSL certificate in the Firefox browser.<br>I moved the SSL certificate from apache2 to nginx:<br>apache2 nginx<br>SSLCertificateFile ssl_certificate<br>SSLCertificateKeyFile ssl_certificate_key<br>SSLCACertificateFile ssl_trusted_certificate<br><br>Could you tell me what I'm missing?<br><br>Thanks. Regards.<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 2, 2021 at 10:41 PM Roman Arutyunyan <<a href="mailto:arut@nginx.com">arut@nginx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div style="overflow-wrap: break-word;">Hi Andrey,<div><br></div><div>Here’s the error:</div><div><br></div><div><div>2021/02/02 21:17:21 [debug] 18359#0: *4 quic frame rx init CONNECTION_CLOSE_APP err:10 28:TLS handshake failure (ENCRYPTION_HANDSHAKE) 46: certificate unknown ft:6</div><div><br></div><div>Looks like your server certificate is not trusted by the browser.</div><div><br><blockquote type="cite"><div>On 3 Feb 2021, at 00:26, Andrey Khramov <<a href="mailto:andrey@apporto.com" target="_blank">andrey@apporto.com</a>> wrote:</div><br><div><div dir="ltr">Hello, Roman<div><br></div><div>Sorry.</div><div>I got the error log related to "quic" when connecting in the Chrome browser.</div><div>I attached the log file.</div><div>Please check it.</div><div><br></div><div>Thank you. Regards.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 2, 2021 at 9:01 PM Andrey Khramov <<a href="mailto:andrey@apporto.com" target="_blank">andrey@apporto.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hello, Roman<div><br></div><div>Thanks for your reply.</div><div>I checked HTTP/3 (QUIC) in the Firefox browser.</div><div>But I didn't check it in the Chrome browser.</div><div>The version of the Chrome is <span style="color:rgb(32,33,36);font-family:monospace;font-size:13px">88.0.4324.104 (64bit).</span></div><div><span style="color:rgb(32,33,36);font-family:monospace;font-size:13px">I run the Chrome browser with the following command:</span></div><div>chrome --enable-quic --quic-version=h3-29 --origin-to-force-quic-on=<a href="http://apporto.com:7443/" target="_blank">apporto.com:7443</a><span style="color:rgb(32,33,36);font-family:monospace;font-size:13px"><br></span></div><div><br></div><div>Also, I enabled "<span style="color:rgb(32,33,36);font-family:Roboto;font-size:13px">Experimental QUIC protocol" flag in <a>chrome://flags</a>.</span></div><div><span style="color:rgb(32,33,36);font-family:Roboto;font-size:13px">I can't get any log related to "quic" in error.log.</span></div><div><span style="color:rgb(32,33,36);font-family:Roboto;font-size:13px"><br></span></div><div><span style="color:rgb(32,33,36);font-family:Roboto;font-size:13px">I hope your suggestion and advice.</span></div><div><span style="color:rgb(32,33,36);font-family:Roboto;font-size:13px">Thanks. Regards</span></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 2, 2021 at 4:18 PM Roman Arutyunyan <<a href="mailto:arut@nginx.com" target="_blank">arut@nginx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Hi Andrey,<br><div><br><blockquote type="cite"><div>On 2 Feb 2021, at 18:52, Andrey Khramov <<a href="mailto:andrey@apporto.com" target="_blank">andrey@apporto.com</a>> wrote:</div><br><div><div dir="ltr">Hello,Roman<div><br></div><div>Thanks for your reply.</div><div><br></div><div>I already enabled HTTP/3 (QUIC) in those the browsers (Firefox 85, Chrome 88) accroding to ttps://<a href="http://quic.nginx.org/readme.html" target="_blank">quic.nginx.org/readme.html</a>..</div><div>The <a href="https://quic.nginx.org/" target="_blank">https://quic.nginx.org</a>
website detects HTTP/3 (QUIC) support in the browsers.</div></div></div></blockquote><div><br></div><div>Try cleaning browser cache.</div><div><br></div><div>Also check if there are lines with the word ‘quic’ in the debug log when you open the page.</div><div><br></div><blockquote type="cite"><div><div dir="ltr"><div>Thanks. Regards</div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, Feb 2, 2021 at 2:47 PM Roman Arutyunyan <<a href="mailto:arut@nginx.com" target="_blank">arut@nginx.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>Hi Andrey,<br><div><br><blockquote type="cite"><div>On 2 Feb 2021, at 17:30, Andrey Khramov <<a href="mailto:andrey@apporto.com" target="_blank">andrey@apporto.com</a>> wrote:</div><br><div><div dir="ltr">Hello, there<br><br>I tried to test the HTTP/3 (QUIC) with nginx-quic in several days.<br>But I couldn't test HTTP/3 (QUIC).<br><br>I built the quic branch of nginx-quic repo according to README of that repo.<br>The configuration options follows as below:<br>$ ./auto/configure --prefix=/etc/nginx \<br> --sbin-path=/usr/sbin/nginx \<br> --conf-path=/etc/nginx/nginx.conf \<br> --pid-path=/var/run/nginx.pid \<br> --error-log-path=/var/log/nginx/error.log \<br> --http-log-path=/var/log/nginx/access.log \<br> --with-debug \<br> --with-http_v2_module --with-http_ssl_module \<br> --with-http_v3_module --with-http_quic_module \<br> --with-stream_quic_module \<br> --with-cc-opt="-I../boringssl/include" \<br> --with-ld-opt="-L../boringssl/build/ssl \<br> -L../boringssl/build/crypto"<br>$ make<br><br>To install the nginx-quic, I installed the nginx 1.19.6 package on Ubuntu 18.04 and replaced the nginx binary with the nginx-quic:<br>$ sudo cp objs/nginx /usr/sbin/<br><br>I configured that the nginx-quic works as load-balancer of HTTPS:<br>HTTPS -> nginx-quic (7443 port) -> Apache2 (80 port) -> Apache Tomcat (8080 port)<br><br>The configuration file (nginx.conf) follows as below:<br><br>user nginx;<br>worker_processes auto;<br><br>events {<br> worker_connections 1024;<br>}<br><br>http {<br> log_format quic '$remote_addr - $remote_user [$time_local] '<br> '"$request" $status $body_bytes_sent '<br> '"$http_referer" "$http_user_agent" "$quic" "$http3"';<br><br> access_log /var/log/nginx/access.log quic;<br> error_log /var/log/nginx/error.log debug;<br><br> server {<br><br> listen 7443 http3 reuseport; # Enable HTTP/3.<br> listen 7443 ssl; # Enable HTTP/1.1 (optional).<br><br> ssl_certificate /home/ubuntu/andrey/http3/example-fullchain.pem;<br> ssl_certificate_key /etc/ssl/private/example.key;<br> ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;<br><br> location / {<br> add_header alt-svc '$http3=":7443"; ma=86400'; # Advertise that QUIC is available<br> add_header QUIC-Status $quic; # Sent when QUIC was used<br><br> proxy_pass <a href="http://backend1/" target="_blank">http://backend1</a>;<br> }<br> }<br><br> server {<br> listen 8443 ssl http2;<br><br> ssl_certificate /home/ubuntu/andrey/http3/example-fullchain.pem;<br> ssl_certificate_key /etc/ssl/private/example.key;<br> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br><br> location / {<br> proxy_pass <a href="http://backend2/" target="_blank">http://backend2</a>;<br> }<br> }<br><br> upstream backend1 {<br> ip_hash;<br> server localhost max_fails=3 fail_timeout=30s;<br> }<br><br> upstream backend2 {<br> ip_hash;<br> server localhost max_fails=3 fail_timeout=30s;<br> }<br>}<br><br>I opened UDP 7443 port on the cloud server (AWS).<br><br>I tested HTTP/3 (QUIC) with the client tools (neqo-client, curl-http3) and the browsers (Firefox 85 and Chrome 88) according to <a href="https://quic.nginx.org/readme.html" target="_blank">https://quic.nginx.org/readme.html</a>.<br>I got the right result with the client tools, but I didn't get the right result with the browsers.<br><br>When connecting 7443 port with the browsers, I get the HTTP/1.1 now.<br>When connecting 8443 port with the browsers, I get the HTTP/2 now.<br></div></div></blockquote><div><br></div><div>The first request goes over HTTP/1, but then it’s supposed to switch to HTTP/3 if everything is right.</div><div><br></div><div>Does <a href="https://quic.nginx.org/" target="_blank">https://quic.nginx.org/</a> detect QUIC support in your browsers?</div><div>If yes, please follow the ‘QUIC TEST’ link at the top and run the test.</div><div><br></div><div>Also, make sure QUIC/HTTP/3 is enabled in the browser.</div><div>In Firefox open the <a>about:config</a> page make sure http.http3.enabled parameter is ’true’.</div><br><blockquote type="cite"><div><div dir="ltr">I hope any suggestions and help.<br>Thanks.<br></div>
_______________________________________________<br>nginx-devel mailing list<br><a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br><a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></div></blockquote></div><br><div>
<div dir="auto" style="letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div dir="auto" style="letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div>—</div><div>Roman Arutyunyan</div><div><a href="mailto:arut@nginx.com" target="_blank">arut@nginx.com</a></div></div></div>
</div>
<br></div>_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></blockquote></div>
_______________________________________________<br>nginx-devel mailing list<br><a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br><a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></div></blockquote></div><br><div>
<div dir="auto" style="letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div dir="auto" style="letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div>—</div><div>Roman Arutyunyan</div><div><a href="mailto:arut@nginx.com" target="_blank">arut@nginx.com</a></div></div></div>
</div>
<br></div>_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></blockquote></div>
</blockquote></div>
<span id="gmail-m_-7540174718687662618cid:f_kkoihhyb0"><error-chrome.log></span>_______________________________________________<br>nginx-devel mailing list<br><a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br><a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></div></blockquote></div><br><div>
<div dir="auto" style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div dir="auto" style="color:rgb(0,0,0);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><div>—</div><div>Roman Arutyunyan</div><div><a href="mailto:arut@nginx.com" target="_blank">arut@nginx.com</a></div></div></div>
</div>
<br></div></div>_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a></blockquote></div>