[nginx-quic]

Lucas Cuminato lcuminato at gmail.com
Mon Jun 14 17:18:15 UTC 2021


I'm using a single bidirectional stream, so my backend is just a simple TCP
server that understands the data that is sent to it.
I already tried setting the ALPN in the stream module and it actually
worked. I was just not sure if that was the right thing to do.
But what you proposed is best, I might try adding a custom directive that
can control what to set the ALPN to.
Thanks for the help.

R,
Lucas.

On Mon, Jun 14, 2021 at 12:00 PM Vladimir Homutov <vl at nginx.com> wrote:

> 14.06.2021 19:43, Lucas Cuminato пишет:
> > Hi, Vladimir, thanks for replying.
> >
> > I'm not using any protocol over QUIC, just using QUIC to send/receive
> > raw data to/from my application and the server, and having nginx proxy
> > it to a TCP server.
> > I do have a proxy_pass configured in my setup. I just omitted for
> > simplicity.
> >
> > R,
> > Lucas.
>
> Ok, so you have custom backend that knows what to do with QUIC streams?
> And you backend is TCP-based? Sounds quite interesting. Or does it deal
> with single stream only?
>
> Anyway, right now it fails at ALPN stage. Probably, in future, we may
> introduce some configuration directive to control it. It is not yet
> absolutely clear how the stream module should deal with quic.
>
> Yoy may want to try to copy the code wich sets ALPN callback from
> http_quic module and provides some meaningful value for protocol.
>
> >
> >
> > On Mon, Jun 14, 2021 at 11:35 AM Vladimir Homutov <vl at nginx.com
> > <mailto:vl at nginx.com>> wrote:
> >
> >     14.06.2021 18:08, Lucas Cuminato пишет:
> >      > Hello,
> >      >
> >      > Not sure If this is a bug in nginx-quic or if I'm not configuring
> >      > it correctly but when trying to use nginx-quic with the following
> >     settings.
> >      >
> >      > stream {
> >      >      server {
> >      >          listen 5555 quic reuseport;
> >      >          ssl_session_cache off;
> >      >          ssl_client_certificate ca.pem
> >      >          ssl_verify_client on;
> >      >          ssl_session_tickets off;
> >      >          ssl_certificate         cert.pem
> >      >          ssl_certificate_key    key.pem;
> >      >          ssl_protocols       TLSv1.3;
> >      >      }
> >      > }
> >      >
> >      > and using a standalone application that uses ngtcp2 to try to
> >     connect to
> >      > nginx-quic, I get a TLS alert saying that "No application
> protocol".
> >      > I've tracked this down and it seems like nginx-quic is not
> >     setting any
> >      > ALPN for the SSL context when using QUIC as a stream (in
> >      > ngx_stream_ssl_module.c).
> >      > It does it set it when using QUIC as HTTP
> >     (in ngx_http_ssl_module.c).
> >      > Now, I believe ALPN is mandatory for QUIC according to the
> >      > QUIC-TRANSPORT draft, so this might be a bug.
> >      > By copying the code done in ngx_http_ssl_module.c for setting the
> >     ALPN
> >      > and using it in ngx_stream_ssl_module.c, I was able to make my
> >      > standalone app connect and transfer data, but not sure
> >      > if this is the right fix.
> >      >
> >      > R,
> >      > Lucas.
> >      >
> >     Hello,
> >     this is expected with stream module.
> >     ALPN is required, but is not clear what protocol (http3? other
> protocol
> >     over quic?) is going to be used.
> >     Can you please elaborate your use case? What are you going to
> achieve?
> >     Also, the suggested configuration is not going to work, since you
> don't
> >     have any content handling module (i.e. proxy_pass or return).
> >
> >
>
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210614/a9d5369a/attachment-0001.htm>


More information about the nginx-devel mailing list