QUIC connection could not be established

findmyname nginx-forum at forum.nginx.org
Sat Nov 20 16:42:49 UTC 2021 

Hello all,

I'm trying to run nginx with quic support on Ubuntu 20.04.
I followed official README https://quic.nginx.org/readme.html.
However when I run http3 check https://www.http3check.net/ it returns error:
QUIC connection could not be established.

I build boringssl and nginx:

```
#!/bin/sh
set -eux

compile_boringssl() {
        git clone --depth=1 https://github.com/google/boringssl.git

        cd boringssl && \
          mkdir build && \
          cd build && \
          cmake -GNinja .. && \
          ninja
}

compile_nginx() {
        # --with-http_v3_module enable QUIC and HTTP/3
        # --with-http_quic_module enable QUIC for older HTTP versions
        # --with-stream_quic_module enable QUIC in Stream
        hg clone -b quic https://hg.nginx.org/nginx-quic && \
                cd nginx-quic && \
                ./auto/configure \
                        --with-debug \
                        --with-http_v3_module \
                        --prefix=/etc/nginx \
                        --sbin-path=/usr/sbin/nginx \
                        --modules-path=/usr/lib/nginx/modules \
                        --conf-path=/etc/nginx/nginx.conf \
                        --error-log-path=/var/log/nginx/error.log \
                        --http-log-path=/var/log/nginx/access.log \
                        --pid-path=/run/nginx.pid \
                        --lock-path=/run/nginx.lock \
                       
--http-client-body-temp-path=/var/cache/nginx/client_temp \
                        --http-proxy-temp-path=/var/cache/nginx/proxy_temp
\
                       
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp \
                        --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
\
                        --http-scgi-temp-path=/var/cache/nginx/scgi_temp \
                        --user=nginx \
                        --group=nginx \
                        --with-cc-opt="-I../boringssl/include" \
                        --with-ld-opt="-L../boringssl/build/ssl
-L../boringssl/build/crypto"

        make -j$(nproc)
}

compile_boringssl && compile_nginx
```

Build version:

```
# nginx -V
nginx version: nginx/1.21.4
built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) 
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --with-debug --with-http_v3_module --prefix=/etc/nginx
--sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
--conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/run/nginx.pid
--lock-path=/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx
--with-cc-opt=-I../boringssl/include --with-ld-opt='-L../boringssl/build/ssl
-L../boringssl/build/crypto'
```

HTTP site:
```
server {
        listen 80;
        listen [::]:80;

        server_name {{ domain }} www.{{ domain }};
        
        # Logging.
        access_log /var/log/nginx/{{ domain }}-access.log json-log;

        return 301 https://$host$request_uri;
}

server {
        listen 443 ssl http2; # TCP listener for HTTP/2
        listen 443 http3 reuseport; # UDP listener for QUIC+HTTP/3

        # RSA certificate
        ssl_certificate /etc/letsencrypt/live/{{ domain }}/fullchain.pem; #
managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/{{ domain }}/privkey.pem;
# managed by Certbot

        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by
Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

        # Logging.
        access_log /var/log/nginx/{{ domain }}-access.log json-log;

        root /var/www/{{ domain }};
        
        # Add index.php to the list if you are using PHP
        index index.html;
        
        server_name {{ domain }};

        add_header Alt-Svc 'h3=":443"'; # Advertise that HTTP/3 is
available.
        add_header QUIC-Status $quic;   # Sent when QUIC was used.

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
}
```

I replaced binary from package manager with the build one:
```
systemctl stop nginx && cp nginx-quic/objs/nginx /usr/sbin/nginx &&
systemctl start nginx; journalctl -fu nginx
```

There isn't any error however the http3 check is failing.
I also try to connect from firefox w enable http3 support but it connects
with http/1.1.

Is there something wrong with my set-up ?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,292896,292896#msg-292896

More information about the nginx mailing list