Hi Andrey,

Here’s the error:

2021/02/02 21:17:21 [debug] 18359#0: *4 quic frame rx init CONNECTION_CLOSE_APP err:10 28:TLS handshake failure (ENCRYPTION_HANDSHAKE) 46: certificate unknown ft:6

Looks like your server certificate is not trusted by the browser.

> On 3 Feb 2021, at 00:26, Andrey Khramov <andrey@apporto.com> wrote:
>
> Hello, Roman
>
> Sorry.
> I got the error log related to "quic" when connecting in the Chrome browser.
> I attached the log file.
> Please check it.
>
> Thank you. Regards.
>
> On Tue, Feb 2, 2021 at 9:01 PM Andrey Khramov <andrey@apporto.com <mailto:andrey@apporto.com>> wrote:
> Hello, Roman
>
> Thanks for your reply.
> I checked HTTP/3 (QUIC) in the Firefox browser.
> But I didn't check it in the Chrome browser.
> The version of the Chrome is 88.0.4324.104 (64bit).
> I run the Chrome browser with the following command:
> chrome --enable-quic --quic-version=h3-29 --origin-to-force-quic-on=apporto.com:7443 http://apporto.com:7443/
>
> Also, I enabled "Experimental QUIC protocol" flag in chrome://flags.
> I can't get any log related to "quic" in error.log.
>
> I hope your suggestion and advice.
> Thanks. Regards
>
> On Tue, Feb 2, 2021 at 4:18 PM Roman Arutyunyan <arut@nginx.com <mailto:arut@nginx.com>> wrote:
> Hi Andrey,
>
>> On 2 Feb 2021, at 18:52, Andrey Khramov <andrey@apporto.com <mailto:andrey@apporto.com>> wrote:
>>
>> Hello,Roman
>>
>> Thanks for your reply.
>>
>> I already enabled HTTP/3 (QUIC) in those the browsers (Firefox 85, Chrome 88) accroding to ttps://quic.nginx.org/readme.html http://quic.nginx.org/readme.html..
>> The https://quic.nginx.org https://quic.nginx.org/ website detects HTTP/3 (QUIC) support in the browsers.
>
> Try cleaning browser cache.
>
> Also check if there are lines with the word ‘quic’ in the debug log when you open the page.
>
>> Thanks. Regards
>>
>>
>> On Tue, Feb 2, 2021 at 2:47 PM Roman Arutyunyan <arut@nginx.com <mailto:arut@nginx.com>> wrote:
>> Hi Andrey,
>>
>>> On 2 Feb 2021, at 17:30, Andrey Khramov <andrey@apporto.com <mailto:andrey@apporto.com>> wrote:
>>>
>>> Hello, there
>>>
>>> I tried to test the HTTP/3 (QUIC) with nginx-quic in several days.
>>> But I couldn't test HTTP/3 (QUIC).
>>>
>>> I built the quic branch of nginx-quic repo according to README of that repo.
>>> The configuration options follows as below:
>>> $ ./auto/configure --prefix=/etc/nginx \
>>> --sbin-path=/usr/sbin/nginx \
>>> --conf-path=/etc/nginx/nginx.conf \
>>> --pid-path=/var/run/nginx.pid \
>>> --error-log-path=/var/log/nginx/error.log \
>>> --http-log-path=/var/log/nginx/access.log \
>>> --with-debug \
>>> --with-http_v2_module --with-http_ssl_module \
>>> --with-http_v3_module --with-http_quic_module \
>>> --with-stream_quic_module \
>>> --with-cc-opt="-I../boringssl/include" \
>>> --with-ld-opt="-L../boringssl/build/ssl \
>>> -L../boringssl/build/crypto"
>>> $ make
>>>
>>> To install the nginx-quic, I installed the nginx 1.19.6 package on Ubuntu 18.04 and replaced the nginx binary with the nginx-quic:
>>> $ sudo cp objs/nginx /usr/sbin/
>>>
>>> I configured that the nginx-quic works as load-balancer of HTTPS:
>>> HTTPS -> nginx-quic (7443 port) -> Apache2 (80 port) -> Apache Tomcat (8080 port)
>>>
>>> The configuration file (nginx.conf) follows as below:
>>>
>>> user nginx;
>>> worker_processes auto;
>>>
>>> events {
>>> worker_connections 1024;
>>> }
>>>
>>> http {
>>> log_format quic '$remote_addr - $remote_user [$time_local] '
>>> '"$request" $status $body_bytes_sent '
>>> '"$http_referer" "$http_user_agent" "$quic" "$http3"';
>>>
>>> access_log /var/log/nginx/access.log quic;
>>> error_log /var/log/nginx/error.log debug;
>>>
>>> server {
>>>
>>> listen 7443 http3 reuseport; # Enable HTTP/3.
>>> listen 7443 ssl; # Enable HTTP/1.1 (optional).
>>>
>>> ssl_certificate /home/ubuntu/andrey/http3/example-fullchain.pem;
>>> ssl_certificate_key /etc/ssl/private/example.key;
>>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
>>>
>>> location / {
>>> add_header alt-svc '$http3=":7443"; ma=86400'; # Advertise that QUIC is available
>>> add_header QUIC-Status $quic; # Sent when QUIC was used
>>>
>>> proxy_pass http://backend1 http://backend1/;
>>> }
>>> }
>>>
>>> server {
>>> listen 8443 ssl http2;
>>>
>>> ssl_certificate /home/ubuntu/andrey/http3/example-fullchain.pem;
>>> ssl_certificate_key /etc/ssl/private/example.key;
>>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>>>
>>> location / {
>>> proxy_pass http://backend2 http://backend2/;
>>> }
>>> }
>>>
>>> upstream backend1 {
>>> ip_hash;
>>> server localhost max_fails=3 fail_timeout=30s;
>>> }
>>>
>>> upstream backend2 {
>>> ip_hash;
>>> server localhost max_fails=3 fail_timeout=30s;
>>> }
>>> }
>>>
>>> I opened UDP 7443 port on the cloud server (AWS).
>>>
>>> I tested HTTP/3 (QUIC) with the client tools (neqo-client, curl-http3) and the browsers (Firefox 85 and Chrome 88) according to https://quic.nginx.org/readme.html https://quic.nginx.org/readme.html.
>>> I got the right result with the client tools, but I didn't get the right result with the browsers.
>>>
>>> When connecting 7443 port with the browsers, I get the HTTP/1.1 now.
>>> When connecting 8443 port with the browsers, I get the HTTP/2 now.
>>
>> The first request goes over HTTP/1, but then it’s supposed to switch to HTTP/3 if everything is right.
>>
>> Does https://quic.nginx.org/ https://quic.nginx.org/ detect QUIC support in your browsers?
>> If yes, please follow the ‘QUIC TEST’ link at the top and run the test.
>>
>> Also, make sure QUIC/HTTP/3 is enabled in the browser.
>> In Firefox open the about:config <> page make sure http.http3.enabled parameter is ’true’.
>>
>>> I hope any suggestions and help.
>>> Thanks.
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel@nginx.org <mailto:nginx-devel@nginx.org>
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel http://mailman.nginx.org/mailman/listinfo/nginx-devel
>> —
>> Roman Arutyunyan
>> arut@nginx.com <mailto:arut@nginx.com>
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel@nginx.org <mailto:nginx-devel@nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel http://mailman.nginx.org/mailman/listinfo/nginx-devel_______________________________________________
>> nginx-devel mailing list
>> nginx-devel@nginx.org <mailto:nginx-devel@nginx.org>
>> http://mailman.nginx.org/mailman/listinfo/nginx-devel http://mailman.nginx.org/mailman/listinfo/nginx-devel
> —
> Roman Arutyunyan
> arut@nginx.com <mailto:arut@nginx.com>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org <mailto:nginx-devel@nginx.org>
> http://mailman.nginx.org/mailman/listinfo/nginx-devel http://mailman.nginx.org/mailman/listinfo/nginx-devel<error-chrome.log>_______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

—
Roman Arutyunyan
arut@nginx.com

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel