Mercurial > hg > nginx
annotate README @ 9048:9c427e98d8c1 quic
QUIC: treat qc->error == -1 as a missing error.
Previously, zero was used for this purpose. However, NGX_QUIC_ERR_NO_ERROR is
zero too. As a result, NGX_QUIC_ERR_NO_ERROR was changed to
NGX_QUIC_ERR_INTERNAL_ERROR when closing a QUIC connection.
author | Roman Arutyunyan <arut@nginx.com> |
---|---|
date | Wed, 07 Sep 2022 12:37:15 +0400 |
parents | 79cd6993a3e3 |
children | 3c33d39a51d3 |
rev | line source |
---|---|
8366 | 1 Experimental QUIC support for nginx |
2 ----------------------------------- | |
3 | |
4 1. Introduction | |
5 2. Installing | |
6 3. Configuration | |
7 4. Clients | |
8 5. Troubleshooting | |
8410
c7d1b500bd0a
Updated README with "Contributing" section and draft details.
Vladimir Homutov <vl@nginx.com>
parents:
8402
diff
changeset
|
9 6. Contributing |
c7d1b500bd0a
Updated README with "Contributing" section and draft details.
Vladimir Homutov <vl@nginx.com>
parents:
8402
diff
changeset
|
10 7. Links |
8366 | 11 |
12 1. Introduction | |
13 | |
14 This is an experimental QUIC [1] / HTTP/3 [2] support for nginx. | |
15 | |
16 The code is developed in a separate "quic" branch available | |
17 at https://hg.nginx.org/nginx-quic. Currently it is based | |
9021
8d0753760546
Merged with the default branch.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9019
diff
changeset
|
18 on nginx mainline 1.23.x. We merge new nginx releases into |
8601
dd8e50e11bfc
QUIC: updated README.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8547
diff
changeset
|
19 this branch regularly. |
8366 | 20 |
21 The project code base is under the same BSD license as nginx. | |
22 | |
9028
98e94553ae51
README: updated the current status.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9021
diff
changeset
|
23 The code is currently at a beta level of quality, however |
98e94553ae51
README: updated the current status.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9021
diff
changeset
|
24 there are several production deployments with it. |
8366 | 25 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
26 NGINX Development Team is working on improving HTTP/3 support to |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
27 integrate it into the main NGINX codebase. Thus, expect further |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
28 updates of this code, including features, changes in behaviour, |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
29 bug fixes, and refactoring. NGINX Development team will be |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
30 grateful for any feedback and code submissions. |
8366 | 31 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
32 Please contact NGINX Development Team via nginx-devel mailing list [3]. |
8366 | 33 |
34 What works now: | |
35 | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
36 IETF QUIC version 1 is supported. Internet drafts are no longer supported. |
8366 | 37 |
8601
dd8e50e11bfc
QUIC: updated README.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8547
diff
changeset
|
38 nginx should be able to respond to HTTP/3 requests over QUIC and |
8366 | 39 it should be possible to upload and download big files without errors. |
40 | |
41 + The handshake completes successfully | |
42 + One endpoint can update keys and its peer responds correctly | |
8390 | 43 + 0-RTT data is being received and acted on |
8366 | 44 + Connection is established using TLS Resume Ticket |
8389
2b580ac17a47
README: Retry support, protocol error messages implemented.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8373
diff
changeset
|
45 + A handshake that includes a Retry packet completes successfully |
8366 | 46 + Stream data is being exchanged and ACK'ed |
47 + An H3 transaction succeeded | |
48 + One or both endpoints insert entries into dynamic table and | |
49 subsequently reference them from header blocks | |
8527 | 50 + Version Negotiation packet is sent to client with unknown version |
51 + Lost packets are detected and retransmitted properly | |
8763
4117aa7fa38e
QUIC: connection migration.
Vladimir Homutov <vl@nginx.com>
parents:
8747
diff
changeset
|
52 + Clients may migrate to new address |
8366 | 53 |
54 2. Installing | |
55 | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
56 A library that provides QUIC support is required to build nginx, there |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
57 are several of those available on the market: |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
58 + BoringSSL [4] |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
59 + LibreSSL [5] |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
60 + QuicTLS [6] |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
61 |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
62 Clone the NGINX QUIC repository |
8366 | 63 |
8373
796b5b6c43cd
Mention quic branch in README.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8372
diff
changeset
|
64 $ hg clone -b quic https://hg.nginx.org/nginx-quic |
8366 | 65 $ cd nginx-quic |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
66 |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
67 Use the following command to configure nginx with BoringSSL [4] |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
68 |
8966
6f8253673669
README: documented QuicTLS support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8929
diff
changeset
|
69 $ ./auto/configure --with-debug --with-http_v3_module \ |
6f8253673669
README: documented QuicTLS support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8929
diff
changeset
|
70 --with-cc-opt="-I../boringssl/include" \ |
6f8253673669
README: documented QuicTLS support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8929
diff
changeset
|
71 --with-ld-opt="-L../boringssl/build/ssl \ |
8372
0e6528551f26
Configure: unbreak with old OpenSSL, --with-http_v3_module added.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8366
diff
changeset
|
72 -L../boringssl/build/crypto" |
8366 | 73 $ make |
74 | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
75 Alternatively, nginx can be configured with QuicTLS [6] |
8966
6f8253673669
README: documented QuicTLS support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8929
diff
changeset
|
76 |
6f8253673669
README: documented QuicTLS support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8929
diff
changeset
|
77 $ ./auto/configure --with-debug --with-http_v3_module \ |
6f8253673669
README: documented QuicTLS support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8929
diff
changeset
|
78 --with-cc-opt="-I../quictls/build/include" \ |
6f8253673669
README: documented QuicTLS support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8929
diff
changeset
|
79 --with-ld-opt="-L../quictls/build/lib" |
6f8253673669
README: documented QuicTLS support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8929
diff
changeset
|
80 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
81 Alternatively, nginx can be configured with a modern version |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
82 of LibreSSL [7] |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
83 |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
84 $ ./auto/configure --with-debug --with-http_v3_module \ |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
85 --with-cc-opt="-I../libressl/build/include" \ |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
86 --with-ld-opt="-L../libressl/build/lib" |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
87 |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
88 When configuring nginx, it's possible to enable QUIC and HTTP/3 |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
89 using the following new configuration options: |
8487
6e84524886d4
QUIC: updated README to mention "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8449
diff
changeset
|
90 |
6e84524886d4
QUIC: updated README to mention "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8449
diff
changeset
|
91 --with-http_v3_module - enable QUIC and HTTP/3 |
6e84524886d4
QUIC: updated README to mention "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8449
diff
changeset
|
92 --with-stream_quic_module - enable QUIC in Stream |
6e84524886d4
QUIC: updated README to mention "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8449
diff
changeset
|
93 |
8366 | 94 3. Configuration |
95 | |
8922
be08b858086a
HTTP/3: http3_hq directive and NGX_HTTP_V3_HQ macro.
Roman Arutyunyan <arut@nginx.com>
parents:
8840
diff
changeset
|
96 The HTTP "listen" directive got a new option "http3" which enables |
be08b858086a
HTTP/3: http3_hq directive and NGX_HTTP_V3_HQ macro.
Roman Arutyunyan <arut@nginx.com>
parents:
8840
diff
changeset
|
97 HTTP/3 over QUIC on the specified port. |
8366 | 98 |
8487
6e84524886d4
QUIC: updated README to mention "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8449
diff
changeset
|
99 The Stream "listen" directive got a new option "quic" which enables |
6e84524886d4
QUIC: updated README to mention "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8449
diff
changeset
|
100 QUIC as client transport protocol instead of TCP or plain UDP. |
6e84524886d4
QUIC: updated README to mention "quic" listen parameter.
Roman Arutyunyan <arut@nginx.com>
parents:
8449
diff
changeset
|
101 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
102 Along with "http3" or "quic", it's also possible to specify "reuseport" |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
103 option [8] to make it work properly with multiple workers. |
8366 | 104 |
8402
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
105 To enable address validation: |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
106 |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
107 quic_retry on; |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
108 |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
109 To enable 0-RTT: |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
110 |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
111 ssl_early_data on; |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
112 |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
113 Make sure that TLS 1.3 is configured which is required for QUIC: |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
114 |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
115 ssl_protocols TLSv1.3; |
af22b60a905b
README: documented Retry, 0-RTT, TLSv1.3 configuration.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8396
diff
changeset
|
116 |
8819
d0ef43a53a51
QUIC: updated README with GSO details.
Vladimir Homutov <vl@nginx.com>
parents:
8804
diff
changeset
|
117 To enable GSO (Generic Segmentation Offloading): |
d0ef43a53a51
QUIC: updated README with GSO details.
Vladimir Homutov <vl@nginx.com>
parents:
8804
diff
changeset
|
118 |
d0ef43a53a51
QUIC: updated README with GSO details.
Vladimir Homutov <vl@nginx.com>
parents:
8804
diff
changeset
|
119 quic_gso on; |
d0ef43a53a51
QUIC: updated README with GSO details.
Vladimir Homutov <vl@nginx.com>
parents:
8804
diff
changeset
|
120 |
9019
0e74a77c2475
README: updated after HTTP/3 RFC publication, minor refinements.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8984
diff
changeset
|
121 To limit maximum UDP payload size on receive path: |
8924
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
122 |
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
123 quic_mtu <size>; |
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
124 |
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
125 To set host key for various tokens: |
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
126 |
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
127 quic_host_key <filename>; |
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
128 |
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
129 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
130 By default, GSO Linux-specific optimization [10] is disabled. |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
131 Enable it in case a corresponding network interface is configured to |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
132 support GSO. |
8819
d0ef43a53a51
QUIC: updated README with GSO details.
Vladimir Homutov <vl@nginx.com>
parents:
8804
diff
changeset
|
133 |
8498
affb0245e291
QUIC: added HTTP/3 directives list to README.
Roman Arutyunyan <arut@nginx.com>
parents:
8487
diff
changeset
|
134 A number of directives were added that configure HTTP/3: |
affb0245e291
QUIC: added HTTP/3 directives list to README.
Roman Arutyunyan <arut@nginx.com>
parents:
8487
diff
changeset
|
135 |
8924
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
136 http3_stream_buffer_size |
8498
affb0245e291
QUIC: added HTTP/3 directives list to README.
Roman Arutyunyan <arut@nginx.com>
parents:
8487
diff
changeset
|
137 http3_max_concurrent_pushes |
8924
d6ef13c5fd8e
QUIC: simplified configuration.
Vladimir Homutov <vl@nginx.com>
parents:
8923
diff
changeset
|
138 http3_max_concurrent_streams |
8498
affb0245e291
QUIC: added HTTP/3 directives list to README.
Roman Arutyunyan <arut@nginx.com>
parents:
8487
diff
changeset
|
139 http3_push |
affb0245e291
QUIC: added HTTP/3 directives list to README.
Roman Arutyunyan <arut@nginx.com>
parents:
8487
diff
changeset
|
140 http3_push_preload |
8922
be08b858086a
HTTP/3: http3_hq directive and NGX_HTTP_V3_HQ macro.
Roman Arutyunyan <arut@nginx.com>
parents:
8840
diff
changeset
|
141 http3_hq (requires NGX_HTTP_V3_HQ macro) |
8498
affb0245e291
QUIC: added HTTP/3 directives list to README.
Roman Arutyunyan <arut@nginx.com>
parents:
8487
diff
changeset
|
142 |
8923
651cc905b7c2
HTTP/3: $http3 variable.
Roman Arutyunyan <arut@nginx.com>
parents:
8922
diff
changeset
|
143 In http, an additional variable is available: $http3. |
651cc905b7c2
HTTP/3: $http3 variable.
Roman Arutyunyan <arut@nginx.com>
parents:
8922
diff
changeset
|
144 The value of $http3 is "h3" for HTTP/3 connections, |
651cc905b7c2
HTTP/3: $http3 variable.
Roman Arutyunyan <arut@nginx.com>
parents:
8922
diff
changeset
|
145 "hq" for hq connections, or an empty string otherwise. |
651cc905b7c2
HTTP/3: $http3 variable.
Roman Arutyunyan <arut@nginx.com>
parents:
8922
diff
changeset
|
146 |
651cc905b7c2
HTTP/3: $http3 variable.
Roman Arutyunyan <arut@nginx.com>
parents:
8922
diff
changeset
|
147 In stream, an additional variable is available: $quic. |
8366 | 148 The value of $quic is "quic" if QUIC connection is used, |
8788
f0882db8c8d4
HTTP/3: removed $http3 that served its purpose.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8787
diff
changeset
|
149 or an empty string otherwise. |
8366 | 150 |
151 Example configuration: | |
152 | |
153 http { | |
154 log_format quic '$remote_addr - $remote_user [$time_local] ' | |
155 '"$request" $status $body_bytes_sent ' | |
8929 | 156 '"$http_referer" "$http_user_agent" "$http3"'; |
8366 | 157 |
158 access_log logs/access.log quic; | |
159 | |
160 server { | |
161 # for better compatibility it's recommended | |
162 # to use the same port for quic and https | |
163 listen 8443 http3 reuseport; | |
164 listen 8443 ssl; | |
165 | |
166 ssl_certificate certs/example.com.crt; | |
167 ssl_certificate_key certs/example.com.key; | |
168 ssl_protocols TLSv1.3; | |
169 | |
170 location / { | |
171 # required for browsers to direct them into quic port | |
8788
f0882db8c8d4
HTTP/3: removed $http3 that served its purpose.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8787
diff
changeset
|
172 add_header Alt-Svc 'h3=":8443"; ma=86400'; |
8366 | 173 } |
174 } | |
175 } | |
176 | |
177 4. Clients | |
178 | |
179 * Browsers | |
180 | |
8982
8f5d0ade0da7
README: updated to QUICv1.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8966
diff
changeset
|
181 Known to work: Firefox 90+ and Chrome 92+ (QUIC version 1) |
8366 | 182 |
183 Beware of strange issues: sometimes browser may decide to ignore QUIC | |
184 Cache clearing/restart might help. Always check access.log and | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
185 error.log to make sure the browser is using HTTP/3 and not TCP https. |
8366 | 186 |
187 * Console clients | |
188 | |
189 Known to work: ngtcp2, firefox's neqo and chromium's console clients: | |
190 | |
191 $ examples/client 127.0.0.1 8443 https://example.com:8443/index.html | |
192 | |
193 $ ./neqo-client https://127.0.0.1:8443/ | |
194 | |
8982
8f5d0ade0da7
README: updated to QUICv1.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8966
diff
changeset
|
195 $ chromium-build/out/my_build/quic_client http://example.com:8443 |
8366 | 196 |
197 | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
198 In case everyhing is right, the access log should show something like: |
8366 | 199 |
200 127.0.0.1 - - [24/Apr/2020:11:27:29 +0300] "GET / HTTP/3" 200 805 "-" | |
8788
f0882db8c8d4
HTTP/3: removed $http3 that served its purpose.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8787
diff
changeset
|
201 "nghttp3/ngtcp2 client" "quic" |
8366 | 202 |
203 | |
204 5. Troubleshooting | |
205 | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
206 Here are some tips that may help to identify problems: |
8366 | 207 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
208 + Ensure nginx is built with proper SSL library that supports QUIC |
8366 | 209 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
210 + Ensure nginx is using the proper SSL library in runtime |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
211 (`nginx -V` shows what it's using) |
8366 | 212 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
213 + Ensure a client is actually sending requests over QUIC |
8366 | 214 (see "Clients" section about browsers and cache) |
215 | |
216 We recommend to start with simple console client like ngtcp2 | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
217 to ensure the server is configured properly before trying |
8395 | 218 with real browsers that may be very picky with certificates, |
8366 | 219 for example. |
220 | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
221 + Build nginx with debug support [9] and check the debug log. |
8366 | 222 It should contain all details about connection and why it |
223 failed. All related messages contain "quic " prefix and can | |
224 be easily filtered out. | |
225 | |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
226 + For a deeper investigation, please enable additional debugging |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
227 in src/event/quic/ngx_event_quic_connection.h: |
8366 | 228 |
229 #define NGX_QUIC_DEBUG_PACKETS | |
230 #define NGX_QUIC_DEBUG_FRAMES | |
8657
2dfc5ef29973
QUIC: introduced QUIC buffers.
Roman Arutyunyan <arut@nginx.com>
parents:
8601
diff
changeset
|
231 #define NGX_QUIC_DEBUG_ALLOC |
8366 | 232 #define NGX_QUIC_DEBUG_CRYPTO |
233 | |
8410
c7d1b500bd0a
Updated README with "Contributing" section and draft details.
Vladimir Homutov <vl@nginx.com>
parents:
8402
diff
changeset
|
234 6. Contributing |
c7d1b500bd0a
Updated README with "Contributing" section and draft details.
Vladimir Homutov <vl@nginx.com>
parents:
8402
diff
changeset
|
235 |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
236 Please refer to |
8410
c7d1b500bd0a
Updated README with "Contributing" section and draft details.
Vladimir Homutov <vl@nginx.com>
parents:
8402
diff
changeset
|
237 http://nginx.org/en/docs/contributing_changes.html |
c7d1b500bd0a
Updated README with "Contributing" section and draft details.
Vladimir Homutov <vl@nginx.com>
parents:
8402
diff
changeset
|
238 |
c7d1b500bd0a
Updated README with "Contributing" section and draft details.
Vladimir Homutov <vl@nginx.com>
parents:
8402
diff
changeset
|
239 7. Links |
8366 | 240 |
8787
8422570f6af4
README: updated after QUIC RFC publication, nginx 1.21 rebase.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8763
diff
changeset
|
241 [1] https://datatracker.ietf.org/doc/html/rfc9000 |
9019
0e74a77c2475
README: updated after HTTP/3 RFC publication, minor refinements.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8984
diff
changeset
|
242 [2] https://datatracker.ietf.org/doc/html/rfc9114 |
8984
a7b789e2be27
README: updated link to nginx-devel mailman.
Sergey Kandaurov <pluknet@nginx.com>
parents:
8983
diff
changeset
|
243 [3] https://mailman.nginx.org/mailman3/lists/nginx-devel.nginx.org/ |
8366 | 244 [4] https://boringssl.googlesource.com/boringssl/ |
9034
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
245 [5] https://www.libressl.org/ |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
246 [6] https://github.com/quictls/openssl |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
247 [7] https://github.com/libressl-portable/portable/releases/tag/v3.6.0 |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
248 [8] https://nginx.org/en/docs/http/ngx_http_core_module.html#listen |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
249 [9] https://nginx.org/en/docs/debugging_log.html |
79cd6993a3e3
README: converted to passive voice, LibreSSL support.
Sergey Kandaurov <pluknet@nginx.com>
parents:
9028
diff
changeset
|
250 [10] http://vger.kernel.org/lpc_net2018_talks/willemdebruijn-lpc2018-udpgso-paper-DRAFT-1.pdf |