HTTP3-test icon indicating copy to clipboard operation
HTTP3-test copied to clipboard

Published 20 hours ago verified publisher icon bagder

http3 testing

Open 9967819 opened this issue 1 year ago • 2 comments

Hi,

I'm playing around with http3 on my web server and firefox seems to report a working http3 implementation using Alt-Svc and nginx. Furthermore im using kernel tls/sni and openssl 3.0.12. The nginx software version is latest (1.25.3).

Your comment about my current setup are appreciated. I would like to further improve and recompile nginx without openssl using instructions for compiling curl as a next step.

Cheers, smart

9967819 avatar Jan 20 '24 12:01 9967819

Here is the compilation options used to compile nginx from source:

$ sudo nginx -V
nginx version: nginx/1.25.3
built by gcc 13.2.0 (Debian 13.2.0-7) 
built with OpenSSL 3.0.12 24 Oct 2023
TLS SNI support enabled
configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf --http-log-path=/run/var/log/nginx/access.log -- error-log-path=/run/var/log/nginx/error_log --lock-path=/run/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/run/var/lib/nginx/body --http-fastcgi-temp-path=/run/var/lib/nginx/fastcgi --http-proxy-temp-path=/run/var/lib/nginx/proxy --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_sub_module --with-mail_ssl_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-http_image_filter_module=dynamic --with-stream=dynamic --with-debug --with-http_v3_module --with-openssl-opt=enable-ktls --with-openssl=/home/smart/work/openssl-3.0.12 --with-file-aio --with-libatomic --without-http_grpc_module --without-quic_bpf_module --modules-path=/usr/local/lib/nginx/modules`

The nginx (server block) :

listen	 8.8.8.8:443 ssl reuseport backlog=511 fastopen=256; 
listen	 8.8.8.8:8443 quic reuseport; #experimental: QUIC/UDP/IPv4

# enable HTTP3 support
http3 on;
http2 on;
http3_hq on; # enable HTTP 0.9 compatibility 
quic_retry on;

Finally for upgrading a specific location to http3 :

location /wordpress { 
  ...
  add_header Alt-Svc 'h3="servername:8443"; ma=86400;';
  ...
}

I hope this helps, smart

ghost avatar Jan 21 '24 10:01 ghost

Hi

quick update...

the setup is working with Firefox just fine but not with Chromium on Linux (x86_64).

I am using OpenSSL 3.0.12 (kTLS) but would be interested to migrate to BoringSSL and Kyber maybe.

my nginx config options :

listen   1.2.3.4:443  ssl  reuseport backlog=511;
listen   1.2.3.4:8443 quic reuseport; #experimental: QUIC/UDP/IPv4
listen   1.2.3.4:8443 ssl  reuseport backlog=511;
http3 on;
http2 on; 
quic_retry on;
quic_gso on;

Thanks for your input.

smart

ghost avatar Feb 18 '24 21:02 ghost