[nginx-quic]
Lucas Cuminato
lcuminato at gmail.com
Mon Jun 14 17:18:15 UTC 2021
I'm using a single bidirectional stream, so my backend is just a simple TCP
server that understands the data that is sent to it.
I already tried setting the ALPN in the stream module and it actually
worked. I was just not sure if that was the right thing to do.
But what you proposed is best, I might try adding a custom directive that
can control what to set the ALPN to.
Thanks for the help.
R,
Lucas.
On Mon, Jun 14, 2021 at 12:00 PM Vladimir Homutov <vl at nginx.com> wrote:
> 14.06.2021 19:43, Lucas Cuminato пишет:
> > Hi, Vladimir, thanks for replying.
> >
> > I'm not using any protocol over QUIC, just using QUIC to send/receive
> > raw data to/from my application and the server, and having nginx proxy
> > it to a TCP server.
> > I do have a proxy_pass configured in my setup. I just omitted for
> > simplicity.
> >
> > R,
> > Lucas.
>
> Ok, so you have custom backend that knows what to do with QUIC streams?
> And you backend is TCP-based? Sounds quite interesting. Or does it deal
> with single stream only?
>
> Anyway, right now it fails at ALPN stage. Probably, in future, we may
> introduce some configuration directive to control it. It is not yet
> absolutely clear how the stream module should deal with quic.
>
> Yoy may want to try to copy the code wich sets ALPN callback from
> http_quic module and provides some meaningful value for protocol.
>
> >
> >
> > On Mon, Jun 14, 2021 at 11:35 AM Vladimir Homutov <vl at nginx.com
> > <mailto:vl at nginx.com>> wrote:
> >
> > 14.06.2021 18:08, Lucas Cuminato пишет:
> > > Hello,
> > >
> > > Not sure If this is a bug in nginx-quic or if I'm not configuring
> > > it correctly but when trying to use nginx-quic with the following
> > settings.
> > >
> > > stream {
> > > server {
> > > listen 5555 quic reuseport;
> > > ssl_session_cache off;
> > > ssl_client_certificate ca.pem
> > > ssl_verify_client on;
> > > ssl_session_tickets off;
> > > ssl_certificate cert.pem
> > > ssl_certificate_key key.pem;
> > > ssl_protocols TLSv1.3;
> > > }
> > > }
> > >
> > > and using a standalone application that uses ngtcp2 to try to
> > connect to
> > > nginx-quic, I get a TLS alert saying that "No application
> protocol".
> > > I've tracked this down and it seems like nginx-quic is not
> > setting any
> > > ALPN for the SSL context when using QUIC as a stream (in
> > > ngx_stream_ssl_module.c).
> > > It does it set it when using QUIC as HTTP
> > (in ngx_http_ssl_module.c).
> > > Now, I believe ALPN is mandatory for QUIC according to the
> > > QUIC-TRANSPORT draft, so this might be a bug.
> > > By copying the code done in ngx_http_ssl_module.c for setting the
> > ALPN
> > > and using it in ngx_stream_ssl_module.c, I was able to make my
> > > standalone app connect and transfer data, but not sure
> > > if this is the right fix.
> > >
> > > R,
> > > Lucas.
> > >
> > Hello,
> > this is expected with stream module.
> > ALPN is required, but is not clear what protocol (http3? other
> protocol
> > over quic?) is going to be used.
> > Can you please elaborate your use case? What are you going to
> achieve?
> > Also, the suggested configuration is not going to work, since you
> don't
> > have any content handling module (i.e. proxy_pass or return).
> >
> >
>
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210614/a9d5369a/attachment-0001.htm>
More information about the nginx-devel
mailing list