http/3 SSL_ERROR_RX_RECORD_TOO_LONG

[Nekilc]

I can access it normally through the ip address, but access through the
domain name will result in SSL_ERROR_RX_RECORD_TOO_LONG

demo: https://hi-fun.me   https://119.3.191.228

config:


# HTTPS server

server {
    listen 80;
    server_name hi-fun.me;
    return 301 https://$server_name$request_uri;
}


server {
  listen 443 http3 quic reuseport;
  listen 443 ssl http2;
  server_name localhost;
  quic_retry on;
  ssl_protocols TLSv1.2 TLSv1.3;

  http3_max_table_capacity 50;
  http3_max_blocked_streams 30;
  http3_max_concurrent_pushes 30;
  http3_push 10;
  http3_push_preload on;

  ssl_certificate /home/app/hi-fun.me.cert;
  ssl_certificate_key /home/app/hi-fun.me.key;
  ssl_ciphers
AESGCM:ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM:+SSLv3:;
  ssl_session_cache shared:SSL:1m;
  ssl_session_timeout 5m;
  ssl_early_data on;
  ssl_prefer_server_ciphers on;
  add_header Alt-Svc 'h3=":443"; ma=86400';
  # Debug 0-RTT.
  add_header X-Early-Data $tls1_3_early_data;
  add_header QUIC-Status $quic;
  add_header x-frame-options "deny";
  add_header Strict-Transport-Security "max-age=31536000" always;

  location / {
      root   /home/app;
      index  index.html index.htm;
      try_files $uri $uri/ @router;
  }

  location @router {
      rewrite ^.*$ /index.html last; # 接到截取的uri 并按一定规则重写uri和vue路由
  }
}

map $ssl_early_data $tls1_3_early_data {
  "~." $ssl_early_data;
  default "";
}

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292225,292225#msg-292225