Opened 3 years ago

Closed 2 years ago

#2263 closed defect (worksforme)

Nginx-Quic - Only 1 quic domain possible on udp 443

Reported by: bertusdebruin@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.19.x
Keywords: Cc:
uname -a: Linux test102 5.10.0-9-amd64 #1 SMP Debian 5.10.70-1 (2021-09-30) x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.21.3 (test102)
built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL)
TLS SNI support enabled
configure arguments: --with-cc-opt='-I../boringssl/include -g -O2 -ffile-prefix-map=/home/roman/Desktop/nginx/nginx-quic-quic=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --with-ld-opt='-L../boringssl/build/ssl -L../boringssl/build/crypto' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_v2_hpack_enc --with-http_v3_module --with-http_quic_module --with-http_dav_module --with-http_slice_module --with-threads --with-zlib=/home/roman/Desktop/nginx/nginx-quic-quic/debian/modules/zlib-cloudflare --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_quic_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/home/roman/Desktop/nginx/nginx-quic-quic/debian/modules/http-auth-pam --add-dynamic-module=/home/roman/Desktop/nginx/nginx-quic-quic/debian/modules/http-dav-ext --add-dynamic-module=/home/roman/Desktop/nginx/nginx-quic-quic/debian/modules/http-echo --add-dynamic-module=/home/roman/Desktop/nginx/nginx-quic-quic/debian/modules/http-upstream-fair --add-dynamic-module=/home/roman/Desktop/nginx/nginx-quic-quic/debian/modules/http-brotli --add-dynamic-module=/home/roman/Desktop/nginx/nginx-quic-quic/debian/modules/http-vhost-traffic-status --add-dynamic-module=/home/roman/Desktop/nginx/nginx-quic-quic/debian/modules/http-subs-filter

Description

Seems as it is only possible to connect 1 Quic domain with Nginx-Quic on the same udp port.
All the other domains on the same Quic port are failed to connect using the Quic connection.

Tested with the default udp 443 port and http/3 curl + chrome,firefox,edge.
with the example configuration as suggested at https://quic.nginx.org/readme.html.

Workaround use another udp port:
For example domain1 udp port 443 and domain2 udp port 8443 and the problem is gone in 60 seconds.

Is this a known nginx-quic bug?
It would be very nice if all domains are accessible via the same Quic on udp port 443.

Thanks.

Change History (1)

comment:1 by Sergey Kandaurov, 2 years ago

Resolution: worksforme
Status: newclosed

Virtual server selection with SNI is tested to work, for both then reported and actual nginx-quic revisions.
Feel free to reopen the ticket and provide more details, if you still have the problem.

Note: See TracTickets for help on using tickets.