Closed wokalek closed 4 months ago
I'm using the same nginx container on production and the http3 tester passes for my domain.
The tester fails for your domain:
wokalek.ru
HTTP/3 Check could not get the server's advertised QUIC versions due to the error given below.
Server does not advertise any alternative services.
HTTP/1.1 200 OK
Server: nginx
Date: Mon, 18 Sep 2023 11:31:30 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
x-powered-by: Nuxt
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache
Content-Encoding: gzip
It seems that the add_header alt-svc 'h3=":8889"; ma=86400';
directive is not applied ...
While, my domain mentioned above emits the following HTTP response request:
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
If the header is missing, you might have stumbled across an unintuitive nginx behavior with the add_header directive:
These directives are inherited from the previous configuration level if and only if there are no add_header directives defined on the current level.
See: NGINX Documentation
Meaning this will ignore all headers, except the ones in the location block, since it's the last one with an add_header directive:
server {
add_header alt-svc 'h3=":8889"; ma=86400';
[...]
location / {
[...]
add_header Cache-Control "public";
}
}
But these will work:
server {
add_header alt-svc 'h3=":8889"; ma=86400';
add_header Cache-Control "public";
location / {
[...]
}
}
server {
[...]
location / {
add_header alt-svc 'h3=":8889"; ma=86400';
add_header Cache-Control "public";
}
}
Took me some time to figure out why my headers were ignored.
Thanks for the help, maybe this really was the problem. I don’t even remember anymore.
Hey. Using this with docker:
nginx prod config
```nginx worker_processes auto; events {} http { server_tokens off; map $sent_http_content_type $expires { "text/html" epoch; "text/html;charset=utf-8" epoch; default off; } expires $expires; gzip on; gzip_proxied any; gzip_comp_level 6; gzip_min_length 256; include gzip_types.conf; brotli on; brotli_static on; brotli_comp_level 6; brotli_min_length 256; include brotli_types.conf; server { listen 80; listen [::]:80; location / { return 301 https://$host$request_uri; } } server { server_name wokalek.com; http2 on; listen 443 quic; listen [::]:443 quic; listen 443 ssl; listen [::]:443 ssl; quic_gso on; quic_retry on; ssl_early_data on; ssl_protocols TLSv1.3; ssl_certificate /certbot/cert/wokalek.ru/fullchain1.pem; ssl_certificate_key /certbot/cert/wokalek.ru/privkey1.pem; add_header alt-svc 'h3=":8889"; ma=86400'; add_header QUIC-Status $http3; return 301 https://wokalek.ru$request_uri; } server { server_name statistic.wokalek.com; http2 on; listen 443 quic; listen [::]:443 quic; listen 443 ssl; listen [::]:443 ssl; quic_gso on; quic_retry on; ssl_early_data on; ssl_protocols TLSv1.3; ssl_certificate /certbot/cert/wokalek.ru/fullchain1.pem; ssl_certificate_key /certbot/cert/wokalek.ru/privkey1.pem; add_header alt-svc 'h3=":8889"; ma=86400'; add_header QUIC-Status $http3; return 301 https://statistic.wokalek.ru$request_uri; } server { server_name statistic.wokalek.ru; http2 on; listen 443 quic; listen [::]:443 quic; listen 443 ssl; listen [::]:443 ssl; quic_gso on; quic_retry on; ssl_early_data on; ssl_protocols TLSv1.3; ssl_certificate /certbot/cert/wokalek.ru/fullchain1.pem; ssl_certificate_key /certbot/cert/wokalek.ru/privkey1.pem; add_header alt-svc 'h3=":8889"; ma=86400'; add_header QUIC-Status $http3; location /.well-known/acme-challenge { root /certbot/www; } location / { proxy_set_header Early-Data $ssl_early_data; proxy_pass http://umami:3000; } } server { server_name wokalek.ru; http2 on; listen 443 quic; listen [::]:443 quic; listen 443 ssl; listen [::]:443 ssl; quic_gso on; quic_retry on; ssl_early_data on; ssl_protocols TLSv1.3; ssl_certificate /certbot/cert/wokalek.ru/fullchain1.pem; ssl_certificate_key /certbot/cert/wokalek.ru/privkey1.pem; add_header alt-svc 'h3=":8889"; ma=86400'; add_header QUIC-Status $http3; location /.well-known/acme-challenge { root /certbot/www; } location ~ ^/static { root /usr/share/nginx/html; try_files $uri =404; } location / { proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Early-Data $ssl_early_data; proxy_pass http://nuxt:3000; } } } ```And check is failing:
You can check this out https://wokalek.ru ...