Issue with getting to HTTP/3 or QUIC on first connect

Eric Germann ekgermann at semperen.com
Thu Mar 9 14:22:52 UTC 2023 

For the archives:

- I pulled down latest version of nginx-quic and built it.  The error seems to be resolved.  First page on the site now shows http/3
- As for https://http3check.net <https://http3check.net/>, the reason it failed was I had the root page protected behind basic auth.  Since it doesn’t send auth info, it 401’d and caused the page to throw an error.  I’m going to write to them and ask them to toss up a clearer answer, whether it’s a negotiation error or a http error.

Thanks for the assist.  The debug log is where I found the 401

Eric


> On Mar 9, 2023, at 04:41, Roman Arutyunyan <arut at nginx.com> wrote:
> 
> Hi Eric,
> 
>> On 9 Mar 2023, at 10:56, Eric Germann via nginx <nginx at nginx.org <mailto:nginx at nginx.org>> wrote:
>> 
>> I’m having an issue where I (think I) have enabled HTTP3 correctly on my nginx server.  When I connect to the server the first time, it indicates HTTP/2 in the logs.  If I hit refresh it indicates HTTP/3 from then on.
> 
> Normally you connect to the server using regular https first (http/2 is probably an option as well).
> Only after that the client analyses Alt-Svc response header and tries http/3.
> 
>> So something is wrong with the configuration of the server to offer headers to negotiate it.  I’ve even added HTTPS DNS records to indicate the preferred connection schemes.
>> Bonus points if you can help me get QUIC working too.
>> 
>> The result of http3check.net <http://http3check.net/> is "HTTP/3 Check could not get the server's advertised QUIC versions due to the error given below.
>> Bad status code from server.
> Can you please check nginx error.log for errors? If no errors, can you please enable debugging and send the error.log to me.
> 
>> Thanks in advance for any pointers
>> 
>> Eric
>> 
>> Source code was pulled 2023-02-27
>> 
>> 
>> Build information is:
>> 
>> nginx version: nginx/1.23.4
>> built by gcc 7.3.1 20180712 (Red Hat 7.3.1-15) (GCC)
>> built with OpenSSL 3.0.8+quic 7 Feb 2023
>> TLS SNI support enabled
>> configure arguments: --with-threads --with-cc-opt='-static -static-libgcc' --with-ld-opt=-static --with-debug --with-compat --with-file-aio --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-http_realip_module --with-http_secure_link_module --with-http_random_index_module --with-http_geoip_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-stream_quic_module --with-http_sub_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-cc-opt=-I/usr/local/include --with-ld-opt=-L/usr/local/lib --with-openssl=../quictls --with-openssl-opt=enable-tls1_3 --add-module=/source/ngx_brotli
>> 

<SNIP>



</SNIP>
> 
> ----
> Roman Arutyunyan
> arut at nginx.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230309/12df15f0/attachment-0001.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20230309/12df15f0/attachment-0001.bin>

More information about the nginx mailing list