3
nginx-quic chrome 支持度
source link: https://www.v2ex.com/t/792380
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
搭建 nginx-quic,按照 www.nginx.com/blog/introducing-technology-preview-nginx-support-for-quic-http-3 配置的 server 。
用 www.http3check.net 显示支持 http3 quic 。
但是 chrome 按 f2 显示走的是 tls1.3,不是 quic 协议。
另,chrom 对 cf 的 quic 支持非常友好。对 nginx-quic 支持度不够啊
用 www.http3check.net 显示支持 http3 quic 。
但是 chrome 按 f2 显示走的是 tls1.3,不是 quic 协议。
另,chrom 对 cf 的 quic 支持非常友好。对 nginx-quic 支持度不够啊
12 条回复 • 2021-07-31 17:21:38 +08:00
eason1874 2 天前 
1
v2clay 2 天前 via Android
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
mons 22 小时 42 分钟前 1
@v2clay #6
这是我之前架的时候用的,Alt-Svc 只加了 h3-29 和对应的 max-age,没加 QUIC-Status header. 刚试了一下,还是可以正常走 QUIC
```
server {
listen 443 ssl;
listen 443 http3 reuseport;
listen [::]:443 ssl;
listen [::]:443 http3 reuseport;
server_name abc.xyz;
ssl_protocols TLSv1.3;
ssl_certificate /etc/letsencrypt/live/abc.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/abc.xyz/privkey.pem;
error_page 497 =307 https://$host$request_uri;
add_header Alt-Svc 'h3-29=":443"; ma=86400';
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
```
Chrome dev tools:
可能需要刷新一次才会显示 QUIC.
这是我之前架的时候用的,Alt-Svc 只加了 h3-29 和对应的 max-age,没加 QUIC-Status header. 刚试了一下,还是可以正常走 QUIC
```
server {
listen 443 ssl;
listen 443 http3 reuseport;
listen [::]:443 ssl;
listen [::]:443 http3 reuseport;
server_name abc.xyz;
ssl_protocols TLSv1.3;
ssl_certificate /etc/letsencrypt/live/abc.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/abc.xyz/privkey.pem;
error_page 497 =307 https://$host$request_uri;
add_header Alt-Svc 'h3-29=":443"; ma=86400';
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
```
Chrome dev tools:
可能需要刷新一次才会显示 QUIC.
mons 18 小时 12 分钟前 1
@v2clay #10 看起来是的:
https://crbug.com/1012564
> Where QUIC and TLS (over TCP) differ is when the cert is valid as determined by the CertVerifier, QUIC imposes an additional check that the cert is issued by a known root (as opposed to a user-installed root) and internally returns QUIC_CERT_ROOT_NOT_KNOWN if it is not issued by a known root.
> The use of --origin-to-force-quic-on is intended for someone developing a QUIC server. When testing that a QUIC server is working as expected, I think that flag is a reasonable way to test that.
https://www.chromium.org/quic/quic-faq
> If you're testing only with the toy quic server, you can do something like:
> % chrome --disable-setuid-sandbox --enable-quic --origin-to-force-quic-on=localhost:6121 http://localhost:6121/
https://crbug.com/1012564
> Where QUIC and TLS (over TCP) differ is when the cert is valid as determined by the CertVerifier, QUIC imposes an additional check that the cert is issued by a known root (as opposed to a user-installed root) and internally returns QUIC_CERT_ROOT_NOT_KNOWN if it is not issued by a known root.
> The use of --origin-to-force-quic-on is intended for someone developing a QUIC server. When testing that a QUIC server is working as expected, I think that flag is a reasonable way to test that.
https://www.chromium.org/quic/quic-faq
> If you're testing only with the toy quic server, you can do something like:
> % chrome --disable-setuid-sandbox --enable-quic --origin-to-force-quic-on=localhost:6121 http://localhost:6121/
kerro1990 13 小时 55 分钟前
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK