search

macbre / docker-nginx-http3

Stable and up-to-date root-less nginx with quic + http/3, google brotli compression, njs, GeoIP2, and Grade A+ SSL config
https://hub.docker.com/r/macbre/nginx-http3
172 stars 54 forks source link

http3 not working with Firefox #124

Closed victor-sm closed 11 months ago

victor-sm commented 11 months ago

I'm having trouble to get Firefox to connect to nginx over http3.

I'm using Windows10 (22H2) with Firefox (118) and Chrome (118), as well as macOS (11.7) with Firefox (115) and Chrome (118) for testing. All browser pass the QUIC HTTP3 Test while also showing HTTP3 (Firefox) or h3 (Chrome) under protocol using dev tools. They also connect correctly to @macbre's suggap.com.

However, I can't get Firefox to connect to my server. I'm using the nginx.conf and https.conf as given. Only changes are port numbers, servername and the path to the certificate. I tried different alt-svc headers to no avail:

add_header alt-svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';

add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';

add_header alt-svc 'h3=":443"; ma=5, h3-27=":443"; ma=5, h3-28=":443"; ma=5,h3-29=":443"; ma=5,h3-Q050=":443"; ma=5,h3-Q046=":443"; ma=5,h3-Q043=":443"; ma=5,quic=":443"; ma=5; v="46,43"';

add_header alt-svc 'h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-T051=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="46,43"';

add_header alt-svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"';

OS Browser Connection
Windows Firefox 118 HTTP2
Windows Chrome 118 h3
macOS Firefox 115 HTTP2
macOS Chrome 118 h3
Test Result
Domsignal HTTP3 Test HTTP/3 enabled.
ymuski/curl-http3 HTTP/3

add_header alt-svc 'h3=":443"; ma=86400';

This is the same header https://quic.nginx.org/ uses, so I would have expected it to work. However it fails the Domsignal test. The browser results are the same as above.

Test Result
Domsignal HTTP3 Test Couldn't connect over HTTP/3
ymuski/curl-http3 HTTP/3

I have no idea where to even start troubleshooting, so any help is appreciated.

macbre commented 11 months ago

I believe browsers are still using some heuristics to decide whether to use http3 for a given site... But I'd also like to know how it all works 🙂

victor-sm commented 11 months ago

Thanks for the hint about heuristics. Firefox has a setting called network.http.http3.alt-svc-mapping-for-testing in about:config. I added my server by setting the value to myhost.tld;h3=":443";h3-29=":443".

After a restart, Firefox now connects over HTTP/3. Interestingly enough, if I then restart nginx, Firefox only connects using HTTP/2 again until I restart Firefox.

It seems Firefox either has a bug or some very weird behavior when it comes to HTTP/3 connections. Either way, apparently it has nothing to do with nginx or this image.