nginx quic didn't work

[liang-hiwin]

root@cloud:~# nginx -V nginx version: nginx/1.17.9 built by gcc 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) built with OpenSSL 1.1.0 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.19.0/debian/debuild-base/nginx-1.19.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' --add-module=../ngx_brotli --with-http_v3_module --with-openssl=/root/build/quiche/deps/boringssl --with-quiche=/root/build/quiche

server {
        server_name domain.xxx;
        root /var/www/html/dns;
        access_log /var/log/nginx/dns.access.log;

         location /dns-query {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_redirect off;
                proxy_set_header        X-Forwarded-Proto $scheme;
                proxy_read_timeout 86400;
                proxy_pass http://dns-backend/dns-query ;
        }
		
		location / {
		 return 404;
		 }
		
		
    # Enable QUIC and HTTP/3.
    listen 443 quic reuseport;
    
    # Enable HTTP/2 (optional).
    listen 443 ssl http2; # managed by Certbot
    
    # Request buffering in not currently supported for HTTP/3.
    # proxy_request_buffering off;
    
    # Add Alt-Svc header to negotiate HTTP/3.
    add_header alt-svc 'h3-23=":443"; ma=86400';

[LPardue]

Does this problem still exist? We'd need more information in order to troubleshoot, such as a minimal reproduction, and client and server logs.

[zhiyan114]

@LPardue I also had a similar issue (Assuming that the OP has the exact same issue with me) (Using NGINX 1.18/Ubuntu 20.04 btw) where Nginx will return an error stating that quic (unknown "quic" variable) or http3 is invalid or not found (even though I already patched it and compiled it with http3 module and quic/openssl)

[JorgeCarousel]

Hey guys, I'm having the same issue, I downloaded and compile nginx-quic and it's giving me the same message, this is mine:

nginx version: nginx/1.23.1 built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1) built with OpenSSL 3.0.5+quic 5 Jul 2022 TLS SNI support enabled configure arguments: --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/iclude --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' --with-openssl=../openssl

My nginx.conf has the line like this:

listen 443 http3 reuseport;

Not quic, but http3

openssl came from https://github.com/quictls/openssl

[JorgeCarousel]

I don't get it, it wasnt that line, but this one:

add_header QUIC-Status $quic

But even when I deleted it and I started nginx again, the browsers are showing Protocol http/1.1

[junhochoi]

Hey guys, I'm having the same issue, I downloaded and compile nginx-quic and it's giving me the same message, this is mine:

nginx version: nginx/1.23.1 built by gcc 11.2.0 (Ubuntu 11.2.0-19ubuntu1) built with OpenSSL 3.0.5+quic 5 Jul 2022 TLS SNI support enabled configure arguments: --with-debug --with-http_v3_module --with-cc-opt=-I../boringssl/iclude --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' --with-openssl=../openssl

My nginx.conf has the line like this:

listen 443 http3 reuseport;

Not quic, but http3

openssl came from https://github.com/quictls/openssl

It seems like you are using https://hg.nginx.org/nginx-quic, not a quiche nginx patch?

[Ryenum]

Hello, I encountered some problems when configuring the quic service of NGINX. My configuration is the same as that of the official website, but I still cannot use the quic protocol when accessing the server. The h2 protocol is still used. Here is my compilation information: root@learn:/usr/local/nginx/sbin# ./nginx -V nginx version: nginx/1.16.1 (quiche-83d9168a) built by gcc 11.4.0 (Ubuntu 11.4.0-1ubuntu1~22.04) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx --build=quiche-83d9168a --with-http_v3_module --with-http_v2_module --with-quiche=/quiche --with-http_ssl_module --with-openssl=/quiche/quiche/deps/boringssl --add-module=/connect

[rhymeswithmogul]

@Ryenum Try using "h3" in your Alt-Svc header instead of "h3-23". HTTP/3 has been standardized.

That being said, NGINX 1.25.0 and newer contain HTTP/3 and QUIC support natively, so this module should no longer be necessary.