<div dir="ltr"><div>Hello all,<br><br>I played around with nginx-quic branch, following the blog post here <a href="https://www.nginx.com/blog/our-roadmap-quic-http-3-support-nginx/">https://www.nginx.com/blog/our-roadmap-quic-http-3-support-nginx/</a><br><br>I have trouble to get my browser to use http3 with the server. I checked with CURL http3 enabled - there it works when providing the http3 option, it does not when using --alt-svc option.<br>I assume it's a configuration issue, or an issue with self-signed certificates, ...<br><br></div><br><div>What did I do:<br>1. Build Docker (copy from blogpost) and generate self signed certs.<br><div><br></div><div>```</div>COPY ./nginx/csr.conf /root/csr.conf<br>COPY ./nginx/cert.pass /etc/keys/cert.pass<br><br># generate self signed certificate<br>RUN openssl genrsa -aes128 -passout "pass:supersecure" -out ca.key 4096<br>RUN openssl req -new -config csr.conf -key ca.key -out ca.csr -passin "pass:supersecure"<br>RUN openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt -passin "pass:supersecure"<br><br># copy them to /etc/ssl/<br>RUN cp ca.crt /etc/ssl/certs/<br>RUN cp ca.key /etc/ssl/private/<br>RUN cp ca.csr /etc/ssl/private/<br><br># setup ssl config<br>COPY ./nginx/ssl.conf /etc/nginx/conf.d/ssl.conf<br><br>EXPOSE 80 443<br><div>```</div><div><br></div>2. Run the Docker with<br>docker run -it --rm -p 443:443/udp -p 443:443/tcp nginx_quic<br><br>Testing:<br><br>Using HTTP3 enabled curl ends up in:<br>``` curl -k -vvv --alt-svc altsvc.cache <a href="https://localhost:443">https://localhost:443</a><br>* Trying 127.0.0.1:443...<br>* TCP_NODELAY set<br>* Connected to localhost (127.0.0.1) port 443 (#0)<br>* ALPN, offering h2<br>* ALPN, offering http/1.1<br>* successfully set certificate verify locations:<br>* CAfile: /etc/ssl/certs/ca-certificates.crt<br> CApath: /etc/ssl/certs<br>* TLSv1.3 (OUT), TLS handshake, Client hello (1):<br>* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443<br>* Closing connection 0<br>curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to localhost:443<br>```</div><div><br></div><div><br></div><div>using http3 option on curl works as expected:<br></div><div>
```
</div><div>./curl -v --http3 <a href="https://localhost:443/">https://localhost:443/</a><br>* Trying 127.0.0.1:443...<br>* Connect socket 5 over QUIC to <a href="http://127.0.0.1:443">127.0.0.1:443</a><br>* Connected to localhost () port 443 (#0)<br>* Using HTTP/3 Stream ID: 0 (easy handle 0x55c46567b290)<br>> GET / HTTP/3<br>> Host: localhost<br>> user-agent: curl/7.79.0-DEV<br>> accept: */*<br>><br>* ngh3_stream_recv returns 0 bytes and EAGAIN<br>< HTTP/3 200<br>< server: nginx/1.21.3<br>< date: Tue, 14 Sep 2021 22:21:26 GMT<br>< content-type: text/html<br>< content-length: 615<br>< last-modified: Tue, 07 Sep 2021 15:21:03 GMT<br>< etag: "6137835f-267"<br>< alt-svc: h3=":443"; ma=2592000<br>< quic-status: quic<br>< x-quic: quic<br>< accept-ranges: bytes<br>````<br><br>
<div>Any Idea how to solve this?</div><div><br></div><div>Best</div><div><br></div><div>J.<br></div>
</div></div>