[nginx-quic] HTTP/3(QUIC): I can't test HTTP/3 with nginx-quic repo

Andrey Khramov andrey at apporto.com
Wed Feb 3 14:49:03 UTC 2021


Hi Roman,

Thanks for your reply.

I can't know why the SSL certificate isn't trusted by the Chrome browser
because there is no problem related to the SSL certificate in the Firefox
browser.
I moved the SSL certificate from apache2 to nginx:
apache2                              nginx
SSLCertificateFile               ssl_certificate
SSLCertificateKeyFile         ssl_certificate_key
SSLCACertificateFile          ssl_trusted_certificate

Could you tell me what I'm missing?

Thanks. Regards.

On Tue, Feb 2, 2021 at 10:41 PM Roman Arutyunyan <arut at nginx.com> wrote:

> Hi Andrey,
>
> Here’s the error:
>
> 2021/02/02 21:17:21 [debug] 18359#0: *4 quic frame rx init
> CONNECTION_CLOSE_APP err:10 28:TLS handshake failure (ENCRYPTION_HANDSHAKE)
> 46: certificate unknown ft:6
>
> Looks like your server certificate is not trusted by the browser.
>
> On 3 Feb 2021, at 00:26, Andrey Khramov <andrey at apporto.com> wrote:
>
> Hello, Roman
>
> Sorry.
> I got the error log related to "quic" when connecting in the Chrome
> browser.
> I attached the log file.
> Please check it.
>
> Thank you. Regards.
>
> On Tue, Feb 2, 2021 at 9:01 PM Andrey Khramov <andrey at apporto.com> wrote:
>
>> Hello, Roman
>>
>> Thanks for your reply.
>> I checked HTTP/3 (QUIC) in the Firefox browser.
>> But I didn't check it in the Chrome browser.
>> The version of the Chrome is 88.0.4324.104 (64bit).
>> I run the Chrome browser with the following command:
>> chrome --enable-quic --quic-version=h3-29 --origin-to-force-quic-on=
>> apporto.com:7443
>>
>> Also, I enabled "Experimental QUIC protocol" flag in chrome://flags.
>> I can't get any log related to "quic" in error.log.
>>
>> I hope your suggestion and advice.
>> Thanks. Regards
>>
>> On Tue, Feb 2, 2021 at 4:18 PM Roman Arutyunyan <arut at nginx.com> wrote:
>>
>>> Hi Andrey,
>>>
>>> On 2 Feb 2021, at 18:52, Andrey Khramov <andrey at apporto.com> wrote:
>>>
>>> Hello,Roman
>>>
>>> Thanks for your reply.
>>>
>>> I already enabled HTTP/3 (QUIC) in those the browsers (Firefox 85,
>>> Chrome 88) accroding to ttps://quic.nginx.org/readme.html..
>>> The https://quic.nginx.org website detects HTTP/3 (QUIC) support in the
>>> browsers.
>>>
>>>
>>> Try cleaning browser cache.
>>>
>>> Also check if there are lines with the word ‘quic’ in the debug log when
>>> you open the page.
>>>
>>> Thanks. Regards
>>>
>>>
>>> On Tue, Feb 2, 2021 at 2:47 PM Roman Arutyunyan <arut at nginx.com> wrote:
>>>
>>>> Hi Andrey,
>>>>
>>>> On 2 Feb 2021, at 17:30, Andrey Khramov <andrey at apporto.com> wrote:
>>>>
>>>> Hello, there
>>>>
>>>> I tried to test the HTTP/3 (QUIC) with nginx-quic in several days.
>>>> But I couldn't test HTTP/3 (QUIC).
>>>>
>>>> I built the quic branch of nginx-quic repo according to README of that
>>>> repo.
>>>> The configuration options follows as below:
>>>> $ ./auto/configure --prefix=/etc/nginx \
>>>>                  --sbin-path=/usr/sbin/nginx \
>>>>                  --conf-path=/etc/nginx/nginx.conf \
>>>>                  --pid-path=/var/run/nginx.pid \
>>>>                  --error-log-path=/var/log/nginx/error.log \
>>>>                  --http-log-path=/var/log/nginx/access.log \
>>>>                  --with-debug \
>>>>                  --with-http_v2_module --with-http_ssl_module \
>>>>                  --with-http_v3_module --with-http_quic_module \
>>>>                  --with-stream_quic_module \
>>>>                  --with-cc-opt="-I../boringssl/include" \
>>>>                  --with-ld-opt="-L../boringssl/build/ssl \
>>>>                  -L../boringssl/build/crypto"
>>>> $ make
>>>>
>>>> To install the nginx-quic, I installed the nginx 1.19.6 package on
>>>> Ubuntu 18.04 and replaced the nginx binary with the nginx-quic:
>>>> $ sudo cp objs/nginx /usr/sbin/
>>>>
>>>> I configured that the nginx-quic works as load-balancer of HTTPS:
>>>> HTTPS -> nginx-quic (7443 port) -> Apache2 (80 port) -> Apache Tomcat
>>>> (8080 port)
>>>>
>>>> The configuration file (nginx.conf) follows as below:
>>>>
>>>> user  nginx;
>>>> worker_processes  auto;
>>>>
>>>> events {
>>>>     worker_connections  1024;
>>>> }
>>>>
>>>> http {
>>>>     log_format quic '$remote_addr - $remote_user [$time_local] '
>>>>                     '"$request" $status $body_bytes_sent '
>>>>                     '"$http_referer" "$http_user_agent" "$quic"
>>>> "$http3"';
>>>>
>>>>     access_log /var/log/nginx/access.log quic;
>>>>     error_log  /var/log/nginx/error.log debug;
>>>>
>>>>     server {
>>>>
>>>>         listen 7443 http3 reuseport; # Enable HTTP/3.
>>>>         listen 7443 ssl; # Enable HTTP/1.1 (optional).
>>>>
>>>>         ssl_certificate
>>>>  /home/ubuntu/andrey/http3/example-fullchain.pem;
>>>>         ssl_certificate_key  /etc/ssl/private/example.key;
>>>>         ssl_protocols        TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
>>>>
>>>>         location / {
>>>>             add_header alt-svc '$http3=":7443"; ma=86400'; # Advertise
>>>> that QUIC is available
>>>>             add_header QUIC-Status $quic; # Sent when QUIC was used
>>>>
>>>>             proxy_pass http://backend1;
>>>>         }
>>>>     }
>>>>
>>>>     server {
>>>>         listen 8443 ssl http2;
>>>>
>>>>         ssl_certificate
>>>>  /home/ubuntu/andrey/http3/example-fullchain.pem;
>>>>         ssl_certificate_key  /etc/ssl/private/example.key;
>>>>         ssl_protocols        TLSv1 TLSv1.1 TLSv1.2;
>>>>
>>>>         location / {
>>>>             proxy_pass http://backend2;
>>>>         }
>>>>     }
>>>>
>>>>     upstream backend1 {
>>>>         ip_hash;
>>>>         server localhost max_fails=3 fail_timeout=30s;
>>>>     }
>>>>
>>>>     upstream backend2 {
>>>>         ip_hash;
>>>>         server localhost max_fails=3 fail_timeout=30s;
>>>>     }
>>>> }
>>>>
>>>> I opened UDP 7443 port on the cloud server (AWS).
>>>>
>>>> I tested HTTP/3 (QUIC) with the client tools (neqo-client, curl-http3)
>>>> and the browsers (Firefox 85 and Chrome 88) according to
>>>> https://quic.nginx.org/readme.html.
>>>> I got the right result with the client tools, but I didn't get the
>>>> right result with the browsers.
>>>>
>>>> When connecting 7443 port with the browsers, I get the HTTP/1.1 now.
>>>> When connecting 8443 port with the browsers, I get the HTTP/2 now.
>>>>
>>>>
>>>> The first request goes over HTTP/1, but then it’s supposed to switch to
>>>> HTTP/3 if everything is right.
>>>>
>>>> Does https://quic.nginx.org/ detect QUIC support in your browsers?
>>>> If yes, please follow the ‘QUIC TEST’ link at the top and run the test.
>>>>
>>>> Also, make sure QUIC/HTTP/3 is enabled in the browser.
>>>> In Firefox open the about:config page make sure http.http3.enabled
>>>> parameter is ’true’.
>>>>
>>>> I hope any suggestions and help.
>>>> Thanks.
>>>> _______________________________________________
>>>> nginx-devel mailing list
>>>> nginx-devel at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>>>
>>>>
>>>>>>>> Roman Arutyunyan
>>>> arut at nginx.com
>>>>
>>>> _______________________________________________
>>>> nginx-devel mailing list
>>>> nginx-devel at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>>
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>>
>>>
>>>>>> Roman Arutyunyan
>>> arut at nginx.com
>>>
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>
>> <error-chrome.log>_______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
>
>> Roman Arutyunyan
> arut at nginx.com
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210203/78fae6be/attachment-0001.htm>


More information about the nginx-devel mailing list