I think your Alt Svc header should be pointing to port 443, not 8443

On Mon, 21 Dec 2020 at 14:41, Surinder Sund <goodlord@gmail.com> wrote:

> forgot to add that this affects only http3 requests [I've tested from more
> than one machine and multiple clients, including cURL and FF]
>
> http2 request work fine with no change in configuration.
>
> On Mon, Dec 21, 2020 at 7:16 PM Surinder Sund <goodlord@gmail.com> wrote:
>
>> I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu 20.04.
>>
>> But I'm getting this error:
>>
>> **1 SSL_do_handshake() failed (SSL: error:10000118:SSL
>> routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)*
>>
>> Looks like some issue with the way Boringssl is set up, or being used by
>> Nginx?
>>
>>
>> HOW I BUILT BORINGSSL
>>
>> cd boringssl; mkdir build ; cd build ; cmake -GNinja ..
>> ninja
>>
>> NGINX DETAILS
>>
>> *~/nginx-quic# nginx -V*
>>
>> nginx version: nginx/1.19.6
>> built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04)
>> built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
>> TLS SNI support enabled
>> configure arguments: --with-debug --with-http_v3_module
>> --with-cc-opt=-I../boringssl/include
>> --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'
>> --with-http_quic_module --with-stream_quic_module
>> --with-http_image_filter_module --with-http_sub_module --with-stream
>> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx
>> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
>> --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log
>> --pid-path=/var/run/nginx.pid
>>
>>
>> HOW I BUILT NGINX QUIC:
>>
>> cd ~/nginx-quic ;
>> ./auto/configure --with-debug --with-http_v3_module \
>> --with-cc-opt="-I../boringssl/include" \
>> --with-ld-opt="-L../boringssl/build/ssl \
>> -L../boringssl/build/crypto" \
>> --with-http_quic_module --with-stream_quic_module
>> --with-http_image_filter_module --with-http_sub_module --with-stream
>> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx
>> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules
>> --conf-path=/etc/nginx/nginx.conf
>> --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid
>>
>>
>> MY NGINX BUILD CONFIGURATION SUMMARY:
>>
>> Configuration summary
>> + using system PCRE library
>> + using system OpenSSL library
>> + using system zlib library
>>
>> nginx path prefix: "/etc/nginx"
>> nginx binary file: "/usr/sbin/nginx"
>> nginx modules path: "/usr/lib/nginx/modules"
>> nginx configuration prefix: "/etc/nginx"
>> nginx configuration file: "/etc/nginx/nginx.conf"
>> nginx pid file: "/var/run/nginx.pid"
>> nginx error log file: "/var/log/nginx/error.log"
>> nginx http access log file: "/etc/nginx/logs/access.log"
>> nginx http client request body temporary files: "client_body_temp"
>> nginx http proxy temporary files: "proxy_temp"
>> nginx http fastcgi temporary files: "fastcgi_temp"
>> nginx http uwsgi temporary files: "uwsgi_temp"
>> nginx http scgi temporary files: "scgi_temp"
>>
>>
>>
>>
>> MY SITE CONFIGURATION
>>
>>
>> listen 80;
>> listen [::]:80;
>> listen 443 ssl http2 fastopen=150;
>> listen [::]:443 ipv6only=on ssl fastopen=150;
>> include snippets/ssl-params.conf;
>> server_name blah.blah;
>> root /var/wordpress;
>> index index.html index.htm index.php;
>> access_log /var/log/nginx/xx.log;
>> error_log /var/log/nginx/xx-error_log;
>> ssl_early_data on;
>> listen 443 http3 reuseport;
>> listen [::]:443 http3 reuseport;
>> add_header Alt-Svc '$http3=":8443"; ma=86400';
>>
>>
>> *in nginx.conf I've added this:*
>>
>> ssl_protocols TLSv1.3; #disabled 1.1 & 1.2
>>
>>
>> UDP is open on port 441, I've double checked this from the outside. So
>> it's not a port issue.
>>
>> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel