Join Log in
Score:1
Raimond avatar Server

http3 removes domain from all links

mq flag
Raimond

So couple days ago I installed NGINX 1.23.3 QUIC with Brotli, TLS 1.3, OpenSSL 1.1.1s with HTTP/2 and HTTP/3... so server with fastcgi and php-fpm... when I load site for first time it works with http2 and everything is fine. After reload page, or I visit on site some article or category there is no more domain.com in links... for example https: //example.com/somecat/subcat... with http3 is https ://somecat/subcat... a lot of hours I was trying to find problem but nothing, even cant imagine where to look.

Only what I figured out is that if i put proxy_pass http: //example.com; after location / { it fixes problem only for main page but not all around site (categories...etc.). Maybe somebody had this kind of problem... Any advise would be great!!!

Host config looks like:

server {
    listen      IP:443 http3;
    listen      IP:443 ssl http2;
    server_name www.example.com;
    return 301 $scheme://example.com$request_uri;
    ssl_certificate      /home/admin/conf/web/ssl.example.com.pem;
    ssl_certificate_key  /home/admin/conf/web/ssl.example.com.key;
    }

server {
    listen      IP:443 http3 reuseport;
    listen      IP:443 ssl http2;
    server_name example.com;
    root        /home/admin/web/example.com/public_html;
    index       index.php index.html index.htm;
    #access_log  /var/log/nginx/domains/example.com.log combined;
    #access_log  /var/log/nginx/domains/example.com.bytes bytes;
    access_log  off;
    error_log   /var/log/nginx/domains/example.com.error.log error;


    ssl_protocols TLSv1.2 TLSv1.3;
    quic_retry on;
    ssl_early_data on;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE:!COMPLEMENTOFDEFAULT;
    #ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;
    ssl_ecdh_curve X25519:prime256v1:secp384r1;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_prefer_server_ciphers off;
    ssl_session_tickets off;
    ssl_buffer_size 8k;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8 8.8.4.4 valid=300s;
    resolver_timeout 5s;
    ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.crt;


    ssl_certificate      /home/admin/conf/web/ssl.example.com.pem;
    ssl_certificate_key  /home/admin/conf/web/ssl.example.com.key;
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
    http2_push_preload on;

    add_header Alt-Svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';
    add_header QUIC-Status $http3;

    include /etc/nginx/badbots.conf;

    location / {


        rewrite "^/pm(/(.*))?/?$" /index.php?do=pm last;
        rewrite "^/friends/([^/]*)(/?)+$" /index.php?do=friends&user=$1 last;
        rewrite "^/friends/([^/]*)/page/([0-9]+)(/?)+$" /index.php?do=friends&user=$1&cstart=$2 last;
        rewrite "^/friends/([^/]*)/common(/?)+$" /index.php?do=friends&subaction=common&user=$1 last;
        rewrite "^/friends/([^/]*)/common/page/([0-9]+)(/?)+$" /index.php?do=friends&subaction=common&user=$1&cstart=$2 last;
        rewrite "^/friends/([^/]*)/requests(/?)+$" /index.php?do=friends&subaction=requests&user=$1 last;
        rewrite "^/friends/([^/]*)/requests/page/([0-9]+)(/?)+$" /index.php?do=friends&subaction=requests&user=$1&cstart=$2 last;
        rewrite "^/friends/([^/]*)/suggestions(/?)+$" /index.php?do=friends&subaction=suggestions&user=$1 last;
        rewrite "^/page/([0-9]+)(/?)$" /index.php?cstart=$1 last;
        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),([0-9]+),(.*).html$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&cstart=$5&news_name=$6&seourl=$6 last;
        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/page,([0-9]+),(.*).html$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last;
        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/print:page,([0-9]+),(.*).html$" /index.php?mod=print&subaction=showfull&year=$1&month=$2&day=$3&news_page=$4&news_name=$5&seourl=$5 last;
        rewrite "^/([0-9]{4})/([0-9]{2})/([0-9]{2})/(.*).html$" /index.php?subaction=showfull&year=$1&month=$2&day=$3&news_name=$4&seourl=$4 last;
        rewrite "^/([^.]+)/page,([0-9]+),([0-9]+),([0-9]+)-(.*).html$" /index.php?newsid=$4&news_page=$2&cstart=$3&seourl=$5&seocat=$1 last;
        rewrite "^/([^.]+)/page,([0-9]+),([0-9]+)-(.*).html$" /index.php?newsid=$3&news_page=$2&seourl=$4&seocat=$1 last;
        rewrite "^/([^.]+)/print:page,([0-9]+),([0-9]+)-(.*).html$" /index.php?mod=print&news_page=$2&newsid=$3&seourl=$4&seocat=$1 last;
        rewrite "^/([^.]+)/([0-9]+)-(.*).html$" /index.php?newsid=$2&seourl=$3&seocat=$1 last;


        location ~* ^.+\.(jpeg|jpg|png|gif|bmp|ico|svg|css|js|woff|woff2|webp)$ {
            expires     max;
        }

        location ~ [^/]\.php(/|$) {
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            if (!-f $document_root$fastcgi_script_name) {
                return  404;
            }

            fastcgi_pass    unix:/var/run/php-example.com.sock;
            fastcgi_index   index.php;
            include         /etc/nginx/fastcgi_params;
        }
    }

    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;

    location /error/ {
        alias   /home/admin/web/example.com/document_errors/;
    }

    location ~* "/\.(htaccess|htpasswd)$" {
        deny    all;
        return  404;
    }

    location /vstats/ {
        alias   /home/admin/web/example.com/stats/;
        include /home/admin/conf/web/example.com.auth*;
    }

    include     /etc/nginx/conf.d/phpmyadmin.inc*;
    include     /etc/nginx/conf.d/phppgadmin.inc*;
    include     /etc/nginx/conf.d/webmail.inc*;

    include     /home/admin/conf/web/snginx.example.com.conf*;

    location ~ "/uploads/.*\.php$|/templates/.*\.php$|/language/.*\.php$|/images/.*\.php$"
    {
        return 403;
    }
    location ~* (uploads|uploads/fotos|templates|language)/.+\.php {
        deny all;
    }
    location ~* /templates/.+\.tpl {
        deny all;
    }
    location ~* (engine/cache|engine/data) {
        deny all;
    }
    location ~ /\.ht {
        deny all;
    }
}

Nginx config:

# Server globals
user                    nginx;
worker_processes        auto;
worker_rlimit_nofile    65535;
error_log               /var/log/nginx/error.log crit;
pid                     /var/run/nginx.pid;


# Worker config
events {
        worker_connections  1024;
        use                 epoll;
        multi_accept        on;
}


http {
    # Main settings
    sendfile                        on;
    #tcp_nopush                      on;
    #tcp_nodelay                     on;
    client_header_timeout           1m;
    client_body_timeout             1m;
    client_header_buffer_size       2k;
    client_body_buffer_size         256k;
    client_max_body_size            256m;
    large_client_header_buffers     4   8k;
    send_timeout                    30;
    keepalive_timeout               60 60;
    reset_timedout_connection       on;
    server_tokens                   off;
    server_name_in_redirect         off;
    types_hash_max_size             2048;
    variables_hash_max_size         1024;
    variables_hash_bucket_size      128;


    # Log format
    log_format  main    '$remote_addr - $remote_user [$time_local] $request '
                        '"$status" $body_bytes_sent "$http_referer" '
                        '"$http_user_agent" "$http_x_forwarded_for"';
    log_format  bytes   '$body_bytes_sent';
    #access_log          /var/log/nginx/access.log main;
    access_log off;


    # Mime settings
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;


    # Compression
    gzip                on;
    gzip_vary       on;
    gzip_comp_level     6;
    gzip_min_length     512;
    gzip_buffers        8 64k;
    gzip_proxied        any;
    gzip_disable        "MSIE [1-6]\.";
    gzip_types          text/plain text/css text/javascript text/js text/xml application/json application/javascript application/x-javascript application/xml application/xml+rss application/x-font-ttf image/svg+xml font/opentype text/x-component text/x-cross-domain-policy;


    # Proxy settings
    proxy_redirect      off;
    proxy_set_header    Host            $host;
    proxy_set_header    X-Real-IP       $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass_header   Set-Cookie;
    proxy_connect_timeout   90;
    proxy_send_timeout  90;
    proxy_read_timeout  90;
    proxy_buffers       32 4k;


    # SSL PCI Compliance
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_session_cache shared:SSL:10m;
    ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-128-GCM-SHA256:TLS13-AES-256-GCM-SHA384:ECDHE:!COMPLEMENTOFDEFAULT;


    # Error pages
    error_page          403          /error/403.html;
    error_page          404          /error/404.html;
    error_page          502 503 504  /error/50x.html;


    # Cache settings
    proxy_cache_path /var/cache/nginx levels=2 keys_zone=cache:10m inactive=60m max_size=1024m;
    proxy_cache_key "$host$request_uri $cookie_user";
    proxy_temp_path  /var/cache/nginx/temp;
    proxy_ignore_headers Expires Cache-Control;
    proxy_cache_use_stale error timeout invalid_header http_502;
    proxy_cache_valid any 1d;


    # FastCgi Cache
    fastcgi_buffers 8 256k;
    fastcgi_buffer_size 256k;
    fastcgi_send_timeout 300;
    fastcgi_read_timeout 300;
    fastcgi_cache_path /tmp/nginx_cache levels=1:2 keys_zone=fastcgicache:10m max_size=1024m inactive=1h;


    # File cache settings
    open_file_cache          max=10000 inactive=30s;
    open_file_cache_valid    60s;
    open_file_cache_min_uses 2;
    open_file_cache_errors   off;


    # Wildcard include
    include             /etc/nginx/conf.d/*.conf;

  
}
351
2 + 1
us flag
Tero Kilkanen
As far as I know, there is no stable release of nginx with QUIC support available. Therefore the question is off-topic here. You might get some help from nginx developer mailing list: https://mailman.nginx.org/mailman3/lists/nginx-devel.nginx.org/
1
Reply
Score:0
Raimond avatar Server
mq flag
Raimond

Problem solved.

Saved the file with the content ... noticed that HTTP_HOST disappears when loading http3, respectively, added it to the host fastcgi_param HTTP_HOST example.com; And everything works as it should! Happy as an elephant)))

p.s. How much correct is this line when loading http3 'HTTP_CACHE_CONTROL' => 'max-age=0', ???

+ 1
n0099 avatar
ve flag
n0099
https://forum.nginx.org/read.php?21,296365,296397#msg-296397
0
Reply
Score:0
n0099 avatar Server
ve flag
n0099

There's a known backward compatibility break in nginx-quic: https://github.com/nginx-quic/nginx-quic/issues/3

For me I'm using

fastcgi_param HTTP_HOST $host;

to allow php server get the valid host from :authority pseudo-header, and replace all usages of $http_host with $host in nginx config files: https://github.com/vstoykovbg/nginx.conf-examples/pull/2

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.