I think your Alt Svc header should be pointing to port 443, not 8443 On Mon, 21 Dec 2020 at 14:41, Surinder Sund <[email protected]> wrote:
> forgot to add that this affects only http3 requests [I've tested from more > than one machine and multiple clients, including cURL and FF] > > http2 request work fine with no change in configuration. > > On Mon, Dec 21, 2020 at 7:16 PM Surinder Sund <[email protected]> wrote: > >> I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu 20.04. >> >> But I'm getting this error: >> >> **1 SSL_do_handshake() failed (SSL: error:10000118:SSL >> routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)* >> >> Looks like some issue with the way Boringssl is set up, or being used by >> Nginx? >> >> >> HOW I BUILT BORINGSSL >> >> cd boringssl; mkdir build ; cd build ; cmake -GNinja .. >> ninja >> >> NGINX DETAILS >> >> *~/nginx-quic# nginx -V* >> >> nginx version: nginx/1.19.6 >> built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) >> built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) >> TLS SNI support enabled >> configure arguments: --with-debug --with-http_v3_module >> --with-cc-opt=-I../boringssl/include >> --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' >> --with-http_quic_module --with-stream_quic_module >> --with-http_image_filter_module --with-http_sub_module --with-stream >> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx >> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules >> --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log >> --pid-path=/var/run/nginx.pid >> >> >> HOW I BUILT NGINX QUIC: >> >> cd ~/nginx-quic ; >> ./auto/configure --with-debug --with-http_v3_module \ >> --with-cc-opt="-I../boringssl/include" \ >> --with-ld-opt="-L../boringssl/build/ssl \ >> -L../boringssl/build/crypto" \ >> --with-http_quic_module --with-stream_quic_module >> --with-http_image_filter_module --with-http_sub_module --with-stream >> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx >> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules >> --conf-path=/etc/nginx/nginx.conf >> --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid >> >> >> MY NGINX BUILD CONFIGURATION SUMMARY: >> >> Configuration summary >> + using system PCRE library >> + using system OpenSSL library >> + using system zlib library >> >> nginx path prefix: "/etc/nginx" >> nginx binary file: "/usr/sbin/nginx" >> nginx modules path: "/usr/lib/nginx/modules" >> nginx configuration prefix: "/etc/nginx" >> nginx configuration file: "/etc/nginx/nginx.conf" >> nginx pid file: "/var/run/nginx.pid" >> nginx error log file: "/var/log/nginx/error.log" >> nginx http access log file: "/etc/nginx/logs/access.log" >> nginx http client request body temporary files: "client_body_temp" >> nginx http proxy temporary files: "proxy_temp" >> nginx http fastcgi temporary files: "fastcgi_temp" >> nginx http uwsgi temporary files: "uwsgi_temp" >> nginx http scgi temporary files: "scgi_temp" >> >> >> >> >> MY SITE CONFIGURATION >> >> >> listen 80; >> listen [::]:80; >> listen 443 ssl http2 fastopen=150; >> listen [::]:443 ipv6only=on ssl fastopen=150; >> include snippets/ssl-params.conf; >> server_name blah.blah; >> root /var/wordpress; >> index index.html index.htm index.php; >> access_log /var/log/nginx/xx.log; >> error_log /var/log/nginx/xx-error_log; >> ssl_early_data on; >> listen 443 http3 reuseport; >> listen [::]:443 http3 reuseport; >> add_header Alt-Svc '$http3=":8443"; ma=86400'; >> >> >> *in nginx.conf I've added this:* >> >> ssl_protocols TLSv1.3; #disabled 1.1 & 1.2 >> >> >> UDP is open on port 441, I've double checked this from the outside. So >> it's not a port issue. >> >> _______________________________________________ > nginx-devel mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
