search

ononoki1 / nginx-http3

Automatic latest NGINX mainline build with additional features for Debian bullseye.
https://blog.ononoki.org/enable-http3-for-nginx/
MIT License
44 stars 32 forks source link

HTTP/3 switch to HTTP/2 after refresh #30

Closed iwebroot closed 2 years ago

iwebroot commented 2 years ago

Hello and thank you for this tutorial.

After installation and configure nginx, HTTP/3 work fine. But after refresh, HTTP/3 switch to HTTP/2.

/et/nginx/nginx.conf

user www-data;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
    multi_accept       on;
    worker_connections  65535;
}

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    error_log /var/log/nginx/error.log warn;
    client_header_buffer_size 8k;
    large_client_header_buffers 8 64k;

    aio threads;
    aio_write on;

    brotli on;
    brotli_comp_level 11;
    brotli_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application>

    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types application/atom+xml application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-opentype application/x-font-truetype application/x-font-ttf application/x>

    more_clear_headers server;

    quic_gso on;
    quic_retry on;

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    server_tokens off;

    ssl_protocols TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DH>
    ssl_early_data on;
    ssl_ecdh_curve X25519:P-256:P-384;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:10m;
    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_session_tickets on;

    resolver 1.1.1.1 1.0.0.1 [2606:4700:4700::1111] [2606:4700:4700::1001] 8.8.8.8 8.8.4.4 [2001:4860:4860::8888] [2001:4860:4860::8844] 208.67.222.222 208.67.220.220 [2620:119:35::35] [2620:119:53::53] valid=60s;
    resolver_timeout 2s;

    include /etc/nginx/conf.d/*.conf;
}

/etc/nginx/conf.d/default.conf

server {
    listen 80;
    server_name server.exemple.com;
    location / {
        return 301 https://server.exemple.com$request_uri;
    }
}

server {
    listen              443 ssl http2;
    listen              443 http3;
    listen              [::]:443 ssl http2;
    listen              [::]:443 http3;

    server_name server.exemple.com;

    root /usr/share/nginx/html;

    add_header Alt-Svc 'h3=":443"; ma=3600' always;

    ssl_certificate /etc/letsencrypt/live/server.exemple.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/server.exemple.com/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/server.exemple.com/chain.pem;
    ssl_stapling_file /etc/letsencrypt/live/server.exemple.com/ocsp.resp;

    access_log /var/log/nginx/server.exemple.com-access.log main;
    error_log /var/log/nginx/server.exemple.com-error.log warn;
}

Others informations :

Best regards

ononoki1 commented 2 years ago

Same issue with an other site + Cloudflare (HTTP/3 Quic activate) on the same server

If the same issue also occurs on sites with Cloudflare, it should be your client's problem.

iwebroot commented 2 years ago

Thank you for the feedback.

I try to reproduce all installation with add_header Alt-Svc 'h3=":443"; ma=3600, h3-24":443"; ma=3600, h3-23=":443"; ma=3600, h3-29=":443"; ma=3600' always; on other server. The result :

I admit that I'm lost on the source of the problem. Do you have an explanation ?

ononoki1 commented 2 years ago

Can you reproduce that on my site (https://ononoki.org)?

iwebroot commented 2 years ago

Can you reproduce that on my site (https://ononoki.org)? If not, I'm sure the issue comes from your client.

I reproduce the same step on https://ononoki.org and the result is the same. If the problem comes from the client, can you give me the version of your client so that I can test? Thanks.

ononoki1 commented 2 years ago

I'm using Firefox Developer Edition 103.0b9 and Chromium 103.0.5060.68 on Windows 10 x64, and I do not encounter the issue.

iwebroot commented 2 years ago

I'm using Firefox Developer Edition 103.0b9 and Chromium 103.0.5060.68 on Windows 10 x64, and I do not encounter the issue.

Thank you for this information and after try, I confirm, the issue comes from the client.

krchavdarov commented 2 years ago

Thank you for the feedback.

I try to reproduce all installation with add_header Alt-Svc 'h3=":443"; ma=3600, h3-24":443"; ma=3600, h3-23=":443"; ma=3600, h3-29=":443"; ma=3600' always; on other server. The result :

  • 1st load, the protocol HTTP/3 work fine
  • 2nd refresh with CTRL + F5, the protocol switch to HTTP/2
  • 2nd refresh, normal refresh with CTRL + R, the protocol switch randomly HTTP/2 and HTTP/3 or Only CSS and JS use HTTP/3
  • 3rd refresh, normal refresh with CTRL + R, the protocol HTTP/3 work fine

I admit that I'm lost on the source of the problem. Do you have an explanation ?

i resolve same problem with this:

listen 443 http3 reuseport; listen 443 ssl;

also add to location: add_header Alt-Svc 'h3=":443"; ma=3600';