You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am trying to compile Nginx with http3 support using this project. When I build and test it, I find that http3 does not work and the Nginx log will output error (Attached below).
After testing, it seems that this problem is introduced by a8ed4e4, because using the previous 38e4d1e the http3 is working.
# mkdir logs
# ./objs/nginx -c /home/debian/nginx.conf
# curl -V
curl 8.8.0 (x86_64-pc-linux-gnu) libcurl/8.8.0 OpenSSL/3.3.0 zlib/1.3.1 brotli/1.1.0 zstd/1.5.6 c-ares/1.28.1 libidn2/2.3.7 libpsl/0.21.5 libssh2/1.11.0 nghttp2/1.62.1 nghttp3/1.3.0
Release-Date: 2024-05-22
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns mqtt pop3 pop3s rtsp scp sftp smb smbs smtp smtps telnet tftp ws wss
Features: alt-svc AsynchDNS brotli HSTS HTTP2 HTTP3 HTTPS-proxy IDN IPv6 Largefile libz NTLM PSL SSL threadsafe TLS-SRP TrackMemory UnixSockets zstd
# curl --http3-only https://my.domain -vvvv --resolve 'my.domain:443:10.0.1.2'
* Added my.domain:443:10.0.1.2 to DNS cache
* Hostname my.domain was found in DNS cache
* Trying 10.0.1.2:443...
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* QUIC connection has been shut down
* QUIC connect to 10.0.1.2 port 443 failed: Couldn't connect to server
* Failed to connect to my.domain port 443 after 30001 ms: Couldn't connect to server
* Closing connection
curl: (7) QUIC connection has been shut down
Nginx logs:
# cat logs/error.log
2024/07/17 16:50:29 [alert] 77743#0: worker process 77744 exited on signal 11
2024/07/17 16:50:30 [alert] 77743#0: worker process 77746 exited on signal 11
2024/07/17 16:50:32 [alert] 77743#0: worker process 77747 exited on signal 11
2024/07/17 16:50:36 [alert] 77743#0: worker process 77748 exited on signal 11
2024/07/17 16:50:44 [alert] 77743#0: worker process 77749 exited on signal 11
2024/07/17 16:50:59 [alert] 77743#0: worker process 77750 exited on signal 11
# cat logs/access.log
<no any logs>
Then I tried to switch to a specific commit and rebuild using the following command:
### kill nginx use htop
cd ..
rm -rf nginx-1.16.1/ quiche/
tar -zxf nginx-1.16.1.tar.gz
git clone https://github.com/cloudflare/quiche
cd quiche/
git checkout <commit hash>
git submodule update --init --recursive
cd ..
cd nginx-1.16.1
patch -p01 < ../quiche/nginx/nginx-1.16.patch
./configure \
--prefix=$PWD \
--build="quiche-$(git --git-dir=../quiche/.git rev-parse --short HEAD)" \
--with-http_ssl_module \
--with-http_v2_module \
--with-http_v3_module \
--with-openssl=../quiche/quiche/deps/boringssl \
--with-quiche=../quiche
make
Then use the same nginx configuration file and test command. a8ed4e4:
# mkdir logs
# ./objs/nginx -c /home/debian/nginx.conf
# curl --http3-only https://my.domain -vvvv --resolve 'my.domain:443:10.0.1.2'
* Added my.domain:443:10.0.1.2 to DNS cache
* Hostname my.domain was found in DNS cache
* Trying 10.0.1.2:443...
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* QUIC connection has been shut down
* QUIC connect to 10.0.1.2 port 443 failed: Couldn't connect to server
* Failed to connect to my.domain port 443 after 30001 ms: Couldn't connect to server
* Closing connection
curl: (7) QUIC connection has been shut down
# mkdir logs
# ./objs/nginx -c /home/debian/nginx.conf
### Note: I am using a trusted certificate, and if I build with version 0.16.0 there will be no certificate errors.
# curl --http3-only https://my.domain -vvvv --resolve 'my.domain:443:10.0.1.2'
* Added my.domain:443:10.0.1.2 to DNS cache
* Hostname my.domain was found in DNS cache
* Trying 10.0.1.2:443...
* SSL certificate problem: unable to get local issuer certificate
* QUIC connect to 10.0.1.2 port 443 failed: SSL peer certificate or SSH remote key was not OK
* Failed to connect to my.domain port 443 after 0 ms: SSL peer certificate or SSH remote key was not OK
* Closing connection
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
# curl --http3-only https://my.domain -vvvv --resolve 'my.domain:443:10.0.1.2' -k
* Added my.domain:443:10.0.1.2 to DNS cache
* Hostname my.domain was found in DNS cache
* Trying 10.0.1.2:443...
<some certificate info>
* Connected to my.domain (10.0.1.2) port 443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://my.domain/
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: my.domain]
* [HTTP/3] [0] [:path: /]
* [HTTP/3] [0] [user-agent: curl/8.8.0]
* [HTTP/3] [0] [accept: */*]
> GET / HTTP/3
> Host: my.domain
> User-Agent: curl/8.8.0
> Accept: */*
>
* Request completely sent off
< HTTP/3 200
< server: nginx/1.16.1
< date: Thu, 18 Jul 2024 00:18:42 GMT
< content-type: text/html
< content-length: 4
< last-modified: Wed, 17 Jul 2024 22:10:41 GMT
< etag: "66984161-4"
< alt-svc: h3=":443"; ma=86400
< accept-ranges: bytes
<
123
* Connection #0 to host my.domain left intact
# cat logs/access.log
10.0.1.2 - - [17/Jul/2024:17:15:08 -0700] "GET / HTTP/3" 200 4 "-" "curl/8.8.0"
10.0.1.2 - - [17/Jul/2024:17:18:42 -0700] "GET / HTTP/3" 200 4 "-" "curl/8.8.0"
# cat logs/error.log
<no any logs>
The text was updated successfully, but these errors were encountered:
I am trying to compile Nginx with http3 support using this project. When I build and test it, I find that http3 does not work and the Nginx log will output error (Attached below).
After testing, it seems that this problem is introduced by a8ed4e4, because using the previous 38e4d1e the http3 is working.
Or did I do something wrong with the build?
System version:
Debian 12 x86-64
Nginx version:
1.16.1
curl version:
https://github.com/stunnel/static-curl/releases/tag/8.8.0
quiche vesrion:
2bc513a
a8ed4e4
38e4d1e
Build command:
Nginx config:
Test command:
Nginx logs:
Then I tried to switch to a specific commit and rebuild using the following command:
Then use the same nginx configuration file and test command.
a8ed4e4:
38e4d1e:
The text was updated successfully, but these errors were encountered: