Opened 3 years ago
Closed 3 years ago
#2179 closed defect (invalid)
QUIC: multiple hosts listening on quic cause config verification fail
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | major | Milestone: | |
Component: | nginx-core | Version: | |
Keywords: | quic | Cc: | |
uname -a: | Linux nix-test 5.10.29 #1-NixOS SMP Sat Apr 10 11:36:11 UTC 2021 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.19.10
built by gcc 10.2.0 (GCC) built with OpenSSL 1.1.1 (compatible; BoringSSL) (running with BoringSSL) TLS SNI support enabled configure arguments: --prefix=/nix/store/0rxkiby7ck7dpbyy8zj6x45wpv0gd5gx-nginx-quic --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-threads --with-pcre-jit --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --pid-path=/var/log/nginx/nginx.pid --http-client-body-temp-path=/var/cache/nginx/client_body --http-proxy-temp-path=/var/cache/nginx/proxy --http-fastcgi-temp-path=/var/cache/nginx/fastcgi --http-uwsgi-temp-path=/var/cache/nginx/uwsgi --http-scgi-temp-path=/var/cache/nginx/scgi --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-http_image_filter_module --with-http_geoip_module --with-stream_geoip_module --with-file-aio --with-http_v3_module --with-http_quic_module --with-stream_quic_module --add-module=/nix/store/dr6n543igdhj589qirfh36m5a5fcg47d-rtmp --add-module=/nix/store/6pb7j6kymf3y4xs5blp3g8mwin2j22kk-dav --add-module=/nix/store/y39g23fn8ikzcd1iy3b1bclqwjk2qmxd-moreheaders |
Description
Having two server blocks listen on quic causes nginx -t to fail with
nginx: [emerg] duplicate listen options for 0.0.0.0:443 in /root/nginx.conf:25
nginx: configuration file /root/nginx.conf test failed
The config to re-produce:
(Note that removing the last server block causes it to work, it is only when there is more than one that it fails)
(Also this is nginx-quic with revision 12f18e0bca09)
http { server { listen 0.0.0.0:443 ssl http2 ; # UDP listener for **QUIC+HTTP/3 listen 0.0.0.0:443 http3 reuseport; # Advertise that HTTP/3 is available add_header Alt-Svc 'h3=":443"'; # Sent when QUIC was used add_header QUIC-Status $quic; listen [::]:443 ssl http2 ;# UDP listener for **QUIC+HTTP/3 listen [::]:443 http3 reuseport; # Advertise that HTTP/3 is available add_header Alt-Svc 'h3=":443"'; # Sent when QUIC was used add_header QUIC-Status $quic; server_name domain.tld ; ssl_certificate /var/lib/acme/domain.tld/fullchain.pem; ssl_certificate_key /var/lib/acme/domain.tld/key.pem; ssl_trusted_certificate /var/lib/acme/domain.tld/chain.pem; } server { listen 0.0.0.0:443 ssl http2 ; # UDP listener for **QUIC+HTTP/3 listen 0.0.0.0:443 http3 reuseport; # Advertise that HTTP/3 is available add_header Alt-Svc 'h3=":443"'; # Sent when QUIC was used add_header QUIC-Status $quic; listen [::]:443 ssl http2 ;# UDP listener for **QUIC+HTTP/3 listen [::]:443 http3 reuseport; # Advertise that HTTP/3 is available add_header Alt-Svc 'h3=":443"'; # Sent when QUIC was used add_header QUIC-Status $quic; server_name sub.domain.tld ; ssl_certificate /var/lib/acme/domain.tld/fullchain.pem; ssl_certificate_key /var/lib/acme/domain.tld/key.pem; ssl_trusted_certificate /var/lib/acme/domain.tld/chain.pem; } } events {}
Note:
See TracTickets
for help on using tickets.
Such behaviour is caused by specifying the 'reuseport' option twice for the same socket.
Quote from documentation (http://nginx.org/en/docs/http/ngx_http_core_module.html#listen):
The listen directive can have several additional parameters specific to socket-related system calls. These parameters can be specified in any listen directive, but only once for a given address:port pair.