No no. UDP is open. Anyway, I've given up trying to get it working. On Tue, Dec 22, 2020 at 10:34 PM Jonny Barnes <[email protected]> wrote:
> Do you have a firewall setup on the server to only allow traffic on 443 if > it’s tcp traffic? > > Rule needs to be added for udp as well > > On Tue, 22 Dec 2020 at 13:08, Surinder Sund <[email protected]> wrote: > >> Thank You Johny. >> >> I fixed that (In fact, I'd fixed it in the trial machine earlier, but >> when I restored a backup, it came back in). >> >> Unfortunately, the error still remains. >> >> Pls see the picture below. I can confirm that the traffic is hitting >> 443/UDP, but nothing is being returned. >> >> >> https://drive.google.com/file/d/1knHKb_jUcjdY71wCz-w1TG4QupxH9CN3/view?usp=sharing >> >> [image: image.png] >> >> Looks like no cigar for me yet. >> >> >> >> >> >> On Mon, Dec 21, 2020 at 10:24 PM Jonny Barnes <[email protected]> >> wrote: >> >>> I think your Alt Svc header should be pointing to port 443, not 8443 >>> >>> On Mon, 21 Dec 2020 at 14:41, Surinder Sund <[email protected]> wrote: >>> >>>> forgot to add that this affects only http3 requests [I've tested from >>>> more than one machine and multiple clients, including cURL and FF] >>>> >>>> http2 request work fine with no change in configuration. >>>> >>>> On Mon, Dec 21, 2020 at 7:16 PM Surinder Sund <[email protected]> >>>> wrote: >>>> >>>>> I'm trying to get NGINX QUIC to work on a fresh install of Ubuntu >>>>> 20.04. >>>>> >>>>> But I'm getting this error: >>>>> >>>>> **1 SSL_do_handshake() failed (SSL: error:10000118:SSL >>>>> routines:OPENSSL_internal:NO_SUPPORTED_VERSIONS_ENABLED)* >>>>> >>>>> Looks like some issue with the way Boringssl is set up, or being used >>>>> by Nginx? >>>>> >>>>> >>>>> HOW I BUILT BORINGSSL >>>>> >>>>> cd boringssl; mkdir build ; cd build ; cmake -GNinja .. >>>>> ninja >>>>> >>>>> NGINX DETAILS >>>>> >>>>> *~/nginx-quic# nginx -V* >>>>> >>>>> nginx version: nginx/1.19.6 >>>>> built by gcc 9.3.0 (Ubuntu 9.3.0-17ubuntu1~20.04) >>>>> built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with >>>>> BoringSSL) >>>>> TLS SNI support enabled >>>>> configure arguments: --with-debug --with-http_v3_module >>>>> --with-cc-opt=-I../boringssl/include >>>>> --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' >>>>> --with-http_quic_module --with-stream_quic_module >>>>> --with-http_image_filter_module --with-http_sub_module --with-stream >>>>> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx >>>>> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules >>>>> --conf-path=/etc/nginx/nginx.conf >>>>> --error-log-path=/var/log/nginx/error.log >>>>> --pid-path=/var/run/nginx.pid >>>>> >>>>> >>>>> HOW I BUILT NGINX QUIC: >>>>> >>>>> cd ~/nginx-quic ; >>>>> ./auto/configure --with-debug --with-http_v3_module \ >>>>> --with-cc-opt="-I../boringssl/include" \ >>>>> --with-ld-opt="-L../boringssl/build/ssl \ >>>>> -L../boringssl/build/crypto" \ >>>>> --with-http_quic_module --with-stream_quic_module >>>>> --with-http_image_filter_module --with-http_sub_module --with-stream >>>>> --add-module=/usr/local/src/ngx_brotli --prefix=/etc/nginx >>>>> --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules >>>>> --conf-path=/etc/nginx/nginx.conf >>>>> --error-log-path=/var/log/nginx/error.log --pid-path=/var/run/nginx.pid >>>>> >>>>> >>>>> MY NGINX BUILD CONFIGURATION SUMMARY: >>>>> >>>>> Configuration summary >>>>> + using system PCRE library >>>>> + using system OpenSSL library >>>>> + using system zlib library >>>>> >>>>> nginx path prefix: "/etc/nginx" >>>>> nginx binary file: "/usr/sbin/nginx" >>>>> nginx modules path: "/usr/lib/nginx/modules" >>>>> nginx configuration prefix: "/etc/nginx" >>>>> nginx configuration file: "/etc/nginx/nginx.conf" >>>>> nginx pid file: "/var/run/nginx.pid" >>>>> nginx error log file: "/var/log/nginx/error.log" >>>>> nginx http access log file: "/etc/nginx/logs/access.log" >>>>> nginx http client request body temporary files: "client_body_temp" >>>>> nginx http proxy temporary files: "proxy_temp" >>>>> nginx http fastcgi temporary files: "fastcgi_temp" >>>>> nginx http uwsgi temporary files: "uwsgi_temp" >>>>> nginx http scgi temporary files: "scgi_temp" >>>>> >>>>> >>>>> >>>>> >>>>> MY SITE CONFIGURATION >>>>> >>>>> >>>>> listen 80; >>>>> listen [::]:80; >>>>> listen 443 ssl http2 fastopen=150; >>>>> listen [::]:443 ipv6only=on ssl fastopen=150; >>>>> include snippets/ssl-params.conf; >>>>> server_name blah.blah; >>>>> root /var/wordpress; >>>>> index index.html index.htm index.php; >>>>> access_log /var/log/nginx/xx.log; >>>>> error_log /var/log/nginx/xx-error_log; >>>>> ssl_early_data on; >>>>> listen 443 http3 reuseport; >>>>> listen [::]:443 http3 reuseport; >>>>> add_header Alt-Svc '$http3=":8443"; ma=86400'; >>>>> >>>>> >>>>> *in nginx.conf I've added this:* >>>>> >>>>> ssl_protocols TLSv1.3; #disabled 1.1 & 1.2 >>>>> >>>>> >>>>> UDP is open on port 441, I've double checked this from the outside. So >>>>> it's not a port issue. >>>>> >>>>> _______________________________________________ >>>> nginx-devel mailing list >>>> [email protected] >>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >>> >>> _______________________________________________ >>> nginx-devel mailing list >>> [email protected] >>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> >> _______________________________________________ >> nginx-devel mailing list >> [email protected] >> http://mailman.nginx.org/mailman/listinfo/nginx-devel > > _______________________________________________ > nginx-devel mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx-devel
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
