Join Log in
Score:0
Sanch3s avatar Server

Nginx 1.25.2 HTTP/3 works over CURL, but doesn't work in any browser

us flag
Sanch3s

I am trying to configure nginx 1.25.2 with HTTP/3 support on Ubuntu 22.04. I build it using BoringSSL library. But when I try to connect to my server using browser, I don't get anything.("Unable to connect" in Firefox and "This site can't be reached" in Chrome for example).

Here is nginx -V output:

built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) 
TLS SNI support enabled configure arguments: 
--prefix=/etc/nginx --with-http_ssl_module --with-http_v2_module --with-debug 
--with-http_v3_module --with-cc-opt=-I../boringssl/include 
--with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto'

Here is my server part in nginx.conf:

 server {
        #listen 443 ssl 
        #http2 on;
        listen 443 quic reuseport;
        server_name  example_myserver;
        ssl_certificate cert.pem;
        ssl_certificate_key key.pem;
        ssl_protocols TLSv1.3;
        location / {
            add_header Alt-Svc 'h3=":443"; ma=86400';
            root   html;
            index  index.html index.htm;
        }

Using above config I can get HTTP/3 response using http3 curl:

HTTP/3 200 
server: nginx/1.25.2
date: Wed, 23 Aug 2023 08:12:55 GMT
content-type: text/html
content-length: 615
last-modified: Tue, 22 Aug 2023 14:25:41 GMT
etag: "64e4c565-267"
alt-svc: h3=":443"; ma=86400
accept-ranges: bytes

and using https://github.com/cloudflare/quiche http3client tool I get this:

<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>

But when I reach the same server via browser, nothing there("Unable to connect" in Firefox and "This site can't be reached" in Chrome). UFW is turned off completely. By the way, http1 and http2 works without any problem. Maybe someone had similar problem and could help me or maybe I missed something? I will be grateful for any useful info.

98
0 + 6
ws flag
symcbean
"nothing there" is not a good description of what actually happenned.
0
Reply
Sanch3s avatar
us flag
Sanch3s
"Unable to connect" in Firefox(as I wrote at the start) and "This site can't be reached" in Chrome
0
Reply
ws flag
symcbean
These will connect using HTTP/1.1 over TCP before trying HTTP/3 whereas I believe the successful clients both attempt Quic only. You need to uncomment `#listen 443 ssl`
0
Reply
Sanch3s avatar
us flag
Sanch3s
If I uncomment `#listen 443 ssl` It connects only over HTTP/1.1
0
Reply
ws flag
symcbean
Yes the FIRST request from a browser is always made using HTTP/1.1 - open your webdeveloper tools and see what happens after that.
0
Reply
Sanch3s avatar
us flag
Sanch3s
I refresh it multiple times, nothing changes. The cache is disabled btw
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.