Opened 9 months ago
Last modified 8 months ago
#2620 new defect
IPv6 with HTTP/3 / QUIC don't work
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | nginx-1.27 |
Component: | http/3 | Version: | 1.25.x |
Keywords: | Cc: | ||
uname -a: | 6.7.9-zen1-1-zen #1 ZEN SMP PREEMPT_DYNAMIC Fri, 08 Mar 2024 01:58:50 +0000 x86_64 GNU/Linux | ||
nginx -V: | nginx version: nginx/1.25.4 |
Description (last modified by )
Listener Config
# HTTP/3 / QUIC Listener listen 443 quic; # HTTP/2 Fallback listen 443 ssl; listen [::]:443 quic; # HTTP/2 Fallback listen [::]:443 ssl; http2 on; http3 on; http3_hq on; # SSL Settings ssl_protocols TLSv1.3; ssl_prefer_server_ciphers off; quic_retry on; quic_gso on; # enable 0-RTT ssl_early_data on; ssl_session_tickets off; # Redirect HTTP/3 add_header alt-svc 'h3=":$server_port"; ma=86400, h3-29=":$server_port"; ma=86400, h3-28=":$server_port"; ma=86400, h3-27=":$server_port"; ma=86400'; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header quic-status $http3 always; add_header x-quic 'h3' always;
Netstat
[root@router ~]# netstat -tulpen | grep nginx tcp 0 0 0.0.0.0:853 0.0.0.0:* LISTEN 0 22839291 148259/nginx: maste tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 0 22839295 148259/nginx: maste tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 0 22839293 148259/nginx: maste tcp6 0 0 :::853 :::* LISTEN 0 22839292 148259/nginx: maste tcp6 0 0 :::443 :::* LISTEN 0 22839296 148259/nginx: maste tcp6 0 0 :::80 :::* LISTEN 0 22839294 148259/nginx: maste udp 0 0 0.0.0.0:443 0.0.0.0:* 0 22839297 148259/nginx: maste udp6 0 0 :::443 :::* 0 22839298 148259/nginx: maste
HTTP/3 works fine with a IPv4 resolve but not with IPv6, HTTP/2 will answer instead to the Client (Google Chrome).
What I do wrong ? I use the latest SourceCode based on last Release with
OpenSSL 3.2.1 30 Jan 2024 (Library: OpenSSL 3.2.1 30 Jan 2024)
Change History (5)
comment:1 by , 9 months ago
Description: | modified (diff) |
---|
comment:2 by , 9 months ago
comment:3 by , 9 months ago
./auto/configure \ --with-http_stub_status_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-stream --with-threads --with-mail --with-file-aio --with-stream_ssl_module --with-stream_ssl_preread_module $MODULE \ --with-threads --with-file-aio --with-debug \ --add-module=$COMPILE_DIR/ngx_brotli \ --add-module=$COMPILE_DIR/ngx_devel_kit-master \ --add-module=$COMPILE_DIR/nginx_upstream_check_module-master \ --add-module=$COMPILE_DIR/ngx_http_geoip2_module-master \ --add-module=$COMPILE_DIR/nginx-auth-ldap \ --add-module=$COMPILE_DIR/nginx-http-flv-module \ --add-module=$COMPILE_DIR/nginx-dav-ext-module-master/ --with-http_dav_module \ --with-http_xslt_module --with-http_realip_module --with-http_auth_request_module
This is my Compile Configuration
Debug is tested on a Internal Service with "C:\Program Files\Google\Chrome\Application\chrome.exe" --origin-to-force-quic-on=door.3dns.intern:443
H3 works fine in a local Network Domain
comment:4 by , 9 months ago
I don't see any ipv6 activity in this log. I see ipv4 http/3 activity serving a request. Try searching the full log for ipv6-related lines.
comment:5 by , 8 months ago
Milestone: | nginx-1.25 → nginx-1.27 |
---|
Ticket retargeted after milestone closed
Note:
See TracTickets
for help on using tickets.
Is there any http/3-quic activity in debug log when you connect with ipv6?
You need to enable debug logging for this.
https://nginx.org/en/docs/debugging_log.html