[nginx-quic] HTTP/3(QUIC): I can't test HTTP/3 with nginx-quic repo

Roman Arutyunyan arut at nginx.com
Tue Feb 2 22:40:52 UTC 2021


Hi Andrey,

Here’s the error:

2021/02/02 21:17:21 [debug] 18359#0: *4 quic frame rx init CONNECTION_CLOSE_APP err:10 28:TLS handshake failure (ENCRYPTION_HANDSHAKE) 46: certificate unknown ft:6

Looks like your server certificate is not trusted by the browser.

> On 3 Feb 2021, at 00:26, Andrey Khramov <andrey at apporto.com> wrote:
> 
> Hello, Roman
> 
> Sorry.
> I got the error log related to "quic" when connecting in the Chrome browser.
> I attached the log file.
> Please check it.
> 
> Thank you. Regards.
> 
> On Tue, Feb 2, 2021 at 9:01 PM Andrey Khramov <andrey at apporto.com <mailto:andrey at apporto.com>> wrote:
> Hello, Roman
> 
> Thanks for your reply.
> I checked HTTP/3 (QUIC) in the Firefox browser.
> But I didn't check it in the Chrome browser.
> The version of the Chrome is 88.0.4324.104 (64bit).
> I run the Chrome browser with the following command:
> chrome --enable-quic --quic-version=h3-29 --origin-to-force-quic-on=apporto.com:7443 <http://apporto.com:7443/>
> 
> Also, I enabled "Experimental QUIC protocol" flag in chrome://flags.
> I can't get any log related to "quic" in error.log.
> 
> I hope your suggestion and advice.
> Thanks. Regards
> 
> On Tue, Feb 2, 2021 at 4:18 PM Roman Arutyunyan <arut at nginx.com <mailto:arut at nginx.com>> wrote:
> Hi Andrey,
> 
>> On 2 Feb 2021, at 18:52, Andrey Khramov <andrey at apporto.com <mailto:andrey at apporto.com>> wrote:
>> 
>> Hello,Roman
>> 
>> Thanks for your reply.
>> 
>> I already enabled HTTP/3 (QUIC) in those the browsers (Firefox 85, Chrome 88) accroding to ttps://quic.nginx.org/readme.html <http://quic.nginx.org/readme.html>..
>> The https://quic.nginx.org <https://quic.nginx.org/> website detects HTTP/3 (QUIC) support in the browsers.
> 
> Try cleaning browser cache.
> 
> Also check if there are lines with the word ‘quic’ in the debug log when you open the page.
> 
>> Thanks. Regards
>> 
>> 
>> On Tue, Feb 2, 2021 at 2:47 PM Roman Arutyunyan <arut at nginx.com <mailto:arut at nginx.com>> wrote:
>> Hi Andrey,
>> 
>>> On 2 Feb 2021, at 17:30, Andrey Khramov <andrey at apporto.com <mailto:andrey at apporto.com>> wrote:
>>> 
>>> Hello, there
>>> 
>>> I tried to test the HTTP/3 (QUIC) with nginx-quic in several days.
>>> But I couldn't test HTTP/3 (QUIC).
>>> 
>>> I built the quic branch of nginx-quic repo according to README of that repo.
>>> The configuration options follows as below:
>>> $ ./auto/configure --prefix=/etc/nginx \
>>>                  --sbin-path=/usr/sbin/nginx \
>>>                  --conf-path=/etc/nginx/nginx.conf \
>>>                  --pid-path=/var/run/nginx.pid \
>>>                  --error-log-path=/var/log/nginx/error.log \
>>>                  --http-log-path=/var/log/nginx/access.log \
>>>                  --with-debug \
>>>                  --with-http_v2_module --with-http_ssl_module \
>>>                  --with-http_v3_module --with-http_quic_module \
>>>                  --with-stream_quic_module \
>>>                  --with-cc-opt="-I../boringssl/include" \
>>>                  --with-ld-opt="-L../boringssl/build/ssl \
>>>                  -L../boringssl/build/crypto"
>>> $ make
>>> 
>>> To install the nginx-quic, I installed the nginx 1.19.6 package on Ubuntu 18.04 and replaced the nginx binary with the nginx-quic:
>>> $ sudo cp objs/nginx /usr/sbin/
>>> 
>>> I configured that the nginx-quic works as load-balancer of HTTPS:
>>> HTTPS -> nginx-quic (7443 port) -> Apache2 (80 port) -> Apache Tomcat (8080 port)
>>> 
>>> The configuration file (nginx.conf) follows as below:
>>> 
>>> user  nginx;
>>> worker_processes  auto;
>>> 
>>> events {
>>>     worker_connections  1024;
>>> }
>>> 
>>> http {
>>>     log_format quic '$remote_addr - $remote_user [$time_local] '
>>>                     '"$request" $status $body_bytes_sent '
>>>                     '"$http_referer" "$http_user_agent" "$quic" "$http3"';
>>> 
>>>     access_log /var/log/nginx/access.log quic;
>>>     error_log  /var/log/nginx/error.log debug;
>>> 
>>>     server {
>>> 
>>>         listen 7443 http3 reuseport; # Enable HTTP/3.
>>>         listen 7443 ssl; # Enable HTTP/1.1 (optional).
>>> 
>>>         ssl_certificate      /home/ubuntu/andrey/http3/example-fullchain.pem;
>>>         ssl_certificate_key  /etc/ssl/private/example.key;
>>>         ssl_protocols        TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
>>> 
>>>         location / {
>>>             add_header alt-svc '$http3=":7443"; ma=86400'; # Advertise that QUIC is available
>>>             add_header QUIC-Status $quic; # Sent when QUIC was used
>>> 
>>>             proxy_pass http://backend1 <http://backend1/>;
>>>         }
>>>     }
>>> 
>>>     server {
>>>         listen 8443 ssl http2;
>>> 
>>>         ssl_certificate      /home/ubuntu/andrey/http3/example-fullchain.pem;
>>>         ssl_certificate_key  /etc/ssl/private/example.key;
>>>         ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
>>> 
>>>         location / {
>>>             proxy_pass http://backend2 <http://backend2/>;
>>>         }
>>>     }
>>> 
>>>     upstream backend1 {
>>>         ip_hash;
>>>         server localhost max_fails=3 fail_timeout=30s;
>>>     }
>>> 
>>>     upstream backend2 {
>>>         ip_hash;
>>>         server localhost max_fails=3 fail_timeout=30s;
>>>     }
>>> }
>>> 
>>> I opened UDP 7443 port on the cloud server (AWS).
>>> 
>>> I tested HTTP/3 (QUIC) with the client tools (neqo-client, curl-http3) and the browsers (Firefox 85 and Chrome 88) according to https://quic.nginx.org/readme.html <https://quic.nginx.org/readme.html>.
>>> I got the right result with the client tools, but I didn't get the right result with the browsers.
>>> 
>>> When connecting 7443 port with the browsers, I get the HTTP/1.1 now.
>>> When connecting 8443 port with the browsers, I get the HTTP/2 now.
>> 
>> The first request goes over HTTP/1, but then it’s supposed to switch to HTTP/3 if everything is right.
>> 
>> Does https://quic.nginx.org/ <https://quic.nginx.org/> detect QUIC support in your browsers?
>> If yes, please follow the ‘QUIC TEST’ link at the top and run the test.
>> 
>> Also, make sure QUIC/HTTP/3 is enabled in the browser.
>> In Firefox open the about:config <> page make sure http.http3.enabled parameter is ’true’.
>> 
>>> I hope any suggestions and help.
>>> Thanks.
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at nginx.org <mailto:nginx-devel at nginx.org>
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel <http://mailman.nginx.org/mailman/listinfo/nginx-devel>
>>>> Roman Arutyunyan
>> arut at nginx.com <mailto:arut at nginx.com>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org <mailto:nginx-devel at nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel <http://mailman.nginx.org/mailman/listinfo/nginx-devel>_______________________________________________
>> nginx-devel mailing list
>> nginx-devel at nginx.org <mailto:nginx-devel at nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel <http://mailman.nginx.org/mailman/listinfo/nginx-devel>
>> Roman Arutyunyan
> arut at nginx.com <mailto:arut at nginx.com>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org <mailto:nginx-devel at nginx.org>
> http://mailman.nginx.org/mailman/listinfo/nginx-devel <http://mailman.nginx.org/mailman/listinfo/nginx-devel><error-chrome.log>_______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

—
Roman Arutyunyan
arut at nginx.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210203/8a64e8e9/attachment.htm>


More information about the nginx-devel mailing list