Thank You Johny. I fixed that (In fact, I'd fixed it in the trial machine earlier, but when I restored a backup, it came back in).
Unfortunately, the error still remains. Pls see the picture below. I can confirm that the traffic is hitting 443/UDP, but nothing is being returned. https://drive.google.com/file/d/1knHKb_jUcjdY71wCz-w1TG4QupxH9CN3/view?usp=sharing [image: image.png] Looks like no cigar for me yet. On Mon, Dec 21, 2020 at 10:24 PM Jonny Barnes <[email protected]> wrote: > I think your Alt Svc header should be pointing to port 443, not 8443 > > On Mon, 21 Dec 2020 at 14:41, Surinder Sund <[email protected]> wrote: > >> forgot to add that this affects only http3 requests [I've tested from >> more than one machine and multiple clients, including cURL and FF] >> >> http2 request work fine with no change in configuration. >> >> On Mon, Dec 21, 2020 at 7:16 PM Surinder Sund <[email protected]> wrote: >> >>> I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu 20.04. >>> >>> But I'm getting this error: >>> >>> **1 SSL_do_handshake() failed (SSL: error:10000118:SSL >>> routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)* >>> >>> Looks like some issue with the way Boringssl is set up, or being used by >>> Nginx? >>> >>> >>> HOW I BUILT BORINGSSL >>> >>> cd boringssl; mkdir build ; cd build ; cmake -GNinja .. >>> ninja >>> >>> NGINX DETAILS >>> >>> *~/nginx-quic# nginx -V* >>> >>> nginx version: nginx/1.19.6 >>> built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) >>> built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) >>> TLS SNI support enabled >>> configure arguments: --with-debug --with-http_v3_module >>> --with-cc-opt=-I../boringssl/include >>> --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' >>> --with-http_quic_module --with-stream_quic_module >>> --with-http_image_filter_module --with-http_sub_module --with-stream >>> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx >>> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules >>> --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log >>> --pid-path=/var/run/nginx.pid >>> >>> >>> HOW I BUILT NGINX QUIC: >>> >>> cd ~/nginx-quic ; >>> ./auto/configure --with-debug --with-http_v3_module \ >>> --with-cc-opt="-I../boringssl/include" \ >>> --with-ld-opt="-L../boringssl/build/ssl \ >>> -L../boringssl/build/crypto" \ >>> --with-http_quic_module --with-stream_quic_module >>> --with-http_image_filter_module --with-http_sub_module --with-stream >>> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx >>> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules >>> --conf-path=/etc/nginx/nginx.conf >>> --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid >>> >>> >>> MY NGINX BUILD CONFIGURATION SUMMARY: >>> >>> Configuration summary >>> + using system PCRE library >>> + using system OpenSSL library >>> + using system zlib library >>> >>> nginx path prefix: "/etc/nginx" >>> nginx binary file: "/usr/sbin/nginx" >>> nginx modules path: "/usr/lib/nginx/modules" >>> nginx configuration prefix: "/etc/nginx" >>> nginx configuration file: "/etc/nginx/nginx.conf" >>> nginx pid file: "/var/run/nginx.pid" >>> nginx error log file: "/var/log/nginx/error.log" >>> nginx http access log file: "/etc/nginx/logs/access.log" >>> nginx http client request body temporary files: "client_body_temp" >>> nginx http proxy temporary files: "proxy_temp" >>> nginx http fastcgi temporary files: "fastcgi_temp" >>> nginx http uwsgi temporary files: "uwsgi_temp" >>> nginx http scgi temporary files: "scgi_temp" >>> >>> >>> >>> >>> MY SITE CONFIGURATION >>> >>> >>> listen 80; >>> listen [::]:80; >>> listen 443 ssl http2 fastopen=150; >>> listen [::]:443 ipv6only=on ssl fastopen=150; >>> include snippets/ssl-params.conf; >>> server_name blah.blah; >>> root /var/wordpress; >>> index index.html index.htm index.php; >>> access_log /var/log/nginx/xx.log; >>> error_log /var/log/nginx/xx-error_log; >>> ssl_early_data on; >>> listen 443 http3 reuseport; >>> listen [::]:443 http3 reuseport; >>> add_header Alt-Svc '$http3=":8443"; ma=86400'; >>> >>> >>> *in nginx.conf I've added this:* >>> >>> ssl_protocols TLSv1.3; #disabled 1.1 & 1.2 >>> >>> >>> UDP is open on port 441, I've double checked this from the outside. So >>> it's not a port issue. >>> >>> _______________________________________________ >> nginx-devel mailing list >> [email protected] >> http://mailman.nginx.org/mailman/listinfo/nginx-devel > > _______________________________________________ > nginx-devel mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
