Open Karthikdasari0423 opened 1 year ago
Hello, I encountered some problems when configuring the quic service of NGINX. My configuration is the same as that of the official website, but I still cannot use the quic protocol when accessing the server. The h2 protocol is still used. Here is my compilation information:
nginx version: nginx/1.16.1 (quiche-83d9168a) built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --build=quiche-83d9168a --with-http_v3_module --with-http_v2_module --with-quiche=/quiche --with-http_ssl_module --with-openssl=/quiche/quiche/deps/boringssl --add-module=/connect
i build nginx with below args
root@ubuntu:~# /src/nginx-quiche/objs/nginx -V
nginx version: nginx/1.16.1 (quiche-cf2a087)
built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --prefix=/src/nginx-quiche --build=quiche-cf2a087 --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-openssl=../quiche/deps/boringssl --with-quiche=../quiche
root@ubuntu:~#
Can you share the nginx conf file and command you are using to connect to nginx?
This is my configuration information:
server {
listen 443 quic reuseport;
server_name test.cn;
# Enable HTTP/2 (optional).
listen 443 ssl http2;
ssl_certificate /usr/local/nginx/conf/cert/test.pem;
ssl_certificate_key /usr/local/nginx/conf/cert/test.key;
# Enable all TLS versions (TLSv1.3 is required for QUIC).
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
# Add Alt-Svc header to negotiate HTTP/3.
add_header alt-svc 'h3=":443"; ma=86400';
}
Can you help me see what the problem is?
can you add below header also
add_header X-protocol $server_protocol always;
and can you send netstat -alpn | grep nginx
output
Here are the details:
root@learn:/quiche# netstat -alpn |grep nginx
tcp 0 0 0.0.0.0:80 0.0.0.0: LISTEN 20157/nginx: master
tcp 0 0 0.0.0.0:8080 0.0.0.0: LISTEN 20157/nginx: master
udp 0 0 0.0.0.0:443 0.0.0.0:* 20157/nginx: master
unix 3 [ ] 流 已连接 928126 20157/nginx: master
unix 3 [ ] 流 已连接 928127 20157/nginx: master
can you try below config it works for me
# to use the same port for quic and https
listen 5443 quic reuseport;
listen [::]:5443 quic reuseport;
listen 5443 ssl;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
ssl_protocols TLSv1.3;
ssl_ciphers ALL:COMPLEMENTOFALL;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets on;
ssl_session_timeout 5m;
#to enable 0-rtt
ssl_early_data off;
#to change to /var/www/html/
root /var/www/html/;
location / {
# required for browsers to direct them into quic port
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
#add_header Alt-Svc 'h3=":5443"; ma=86400';
# signal whether we are using QUIC+HTTP/3
add_header X-protocol $server_protocol always;
}
After using this configuration, he compiled without problems, but the access times error "404".Is there something I'm missing?
can you send me client output
Here are details:
"192.168.227.1 - - [04/Dec/2023:20:12:08 +0800] "GET / HTTP/1.1" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" 192.168.227.1 - - [04/Dec/2023:20:14:18 +0800] "GET / HTTP/2.0" 404 555 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36""
seems to me this is nginx error log file output
I don't quite understand what you mean. Here is the message I get back when I pass the "crul" command, hopefully I understood it correctly:
C:\Users\dell>curl -v https://ryetong.cn
GET / HTTP/1.1 Host: ryetong.cn User-Agent: curl/8.0.1 Accept: /
C:\Users\dell>curl -v https://test.cn
GET / HTTP/1.1 Host: ryetong.cn User-Agent: curl/8.0.1 Accept: /
i think you didn't even tried with http3
try as curl --http3-only -v -k https://ryetong.cn:5443/
and does your curl support quic? curl -V output ?
Sorry, my "curl" does not support http3:
curl: option --http3-only: the installed libcurl version doesn't support this curl: try 'curl --help' for more information
try to install curl with h3 support
@Karthikdasari0423 Have you solved this coredump problem? How to solve it?
@pplabs-fute yes,just install with https://github.com/bagder/quiche.git instaed of original one
@Karthikdasari0423 ok,thanks;
@pplabs-fute yes,just install with https://github.com/bagder/quiche.git instaed of original one
Hey, I've had this issue too for a long time and it seems that using this fork to build nginx fixes the issue - so thanks haha. Do you have any idea why this fork works but the official repo doesn't? And how did you find out this fork works?
@bagder Seems to me you have deleted https://github.com/bagder/quiche.git Could you pls add back if you archived or made it private? Many people are using your repo as it is stable in building nginx with quiche support
Sorry, my fork is gone.
okay, got it. Thanks @bagder
I've been looking into this issue and was able to solve it by changing this piece of code: https://github.com/cloudflare/quiche/blob/1780aeceb686c212afdd2732b8a568cf5193f035/nginx/nginx-1.16.patch#L1050-L1054
The segfault comes from the quic_blocked_events
queue which is uninitialised. But the fix is not to initialise it per se.
The real problem seems to me that consulting the write event of the listening connection is not appropriate to determine whether the connection socket is ready to write.
Changing the if condition to if (!c->write->ready)
makes the code run and the QUIC connection go on.
@bagder could you kindly confirm this is the fix you undertook? Thanks :)
@bagder could you kindly confirm this is the fix you undertook? Thanks :)
I did not (on purpose) fix this. I suspect maybe my fork was just out of date.
@mpiraux Does your below fork works for building nginx with quiche support? https://github.com/mpiraux/quiche and i have a backup of @bagder fork and as @bagder said it is out of date.
root@ubuntu:~/quiche# git log
commit cf2a08757c942d13f15a5a22aa7ea9ef50309cbe (HEAD -> master, origin/master, origin/HEAD)
Author: Junho Choi <junho@cloudflare.com>
Date: Thu May 27 15:56:09 2021 -0700
cubic: fix cwnd growth during congestion avoidance
cwnd_inc is used for storing cwnd increments during congestion
avoidance. When cwnd_inc >= MSS we increase cwnd by 1 MSS.
Currently we clear cwnd_inc when cwnd is updated but this will
lead to slightly slower growth because the residual part is gone.
commit 059b3d9c333ba61b2dc01f5e14ef95badca4fa03
Author: Junho Choi <1229714+junhochoi@users.noreply.github.com>
Date: Fri May 28 01:50:36 2021 -0700
don't try to send HANDSHAKE_DONE on the client
`HANDSHAKE_DONE` can only be sent by a server, so don't try to send a packet from the client if the frame hasn't been sent yet.
I've been looking into this issue and was able to solve it by changing this piece of code:
The segfault comes from the
quic_blocked_events
queue which is uninitialised. But the fix is not to initialise it per se.The real problem seems to me that consulting the write event of the listening connection is not appropriate to determine whether the connection socket is ready to write.
Changing the if condition to
if (!c->write->ready)
makes the code run and the QUIC connection go on.@bagder could you kindly confirm this is the fix you undertook? Thanks :)
and this code is not even present in @bagder fork
Hi ,
I tried to build nginx with quiche as explained below and tried to run curl with http3 but noticing below cores [https://github.com/cloudflare/quiche/tree/master/nginx]
curl command and version
below is the nginx bt
nginx error log file
am i missing anything here?