1
wellsc 2021-07-29 07:25:16 +08:00 via iPhone
quic 本身就包含 tls 了
|
2
eason1874 2021-07-29 08:00:19 +08:00 1
|
3
mons 2021-07-29 08:09:31 +08:00 1
这 blog 里的 Alt-Svc header 写法有点老了,h3 改成 h3-29 应该就好了;几个月前架过玩,会显 quic
|
5
v2clay OP alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
|
7
Love4Taylor 2021-07-29 14:34:44 +08:00 via iPhone
印象中 gQUIC 和 MTU 有关系,到 HTTP/3 之后就不清楚了
|
8
mons 2021-07-31 08:34:22 +08:00 1
@v2clay #6
这是我之前架的时候用的,Alt-Svc 只加了 h3-29 和对应的 max-age,没加 QUIC-Status header. 刚试了一下,还是可以正常走 QUIC ``` server { listen 443 ssl; listen 443 http3 reuseport; listen [::]:443 ssl; listen [::]:443 http3 reuseport; server_name abc.xyz; ssl_protocols TLSv1.3; ssl_certificate /etc/letsencrypt/live/abc.xyz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/abc.xyz/privkey.pem; error_page 497 =307 https://$host$request_uri; add_header Alt-Svc 'h3-29=":443"; ma=86400'; location / { proxy_pass http://localhost:8080; proxy_set_header X-Forwarded-For $remote_addr; } } ``` Chrome dev tools: 可能需要刷新一次才会显示 QUIC. |
11
mons 2021-07-31 13:04:18 +08:00 1
@v2clay #10 看起来是的:
https://crbug.com/1012564 > Where QUIC and TLS (over TCP) differ is when the cert is valid as determined by the CertVerifier, QUIC imposes an additional check that the cert is issued by a known root (as opposed to a user-installed root) and internally returns QUIC_CERT_ROOT_NOT_KNOWN if it is not issued by a known root. > The use of --origin-to-force-quic-on is intended for someone developing a QUIC server. When testing that a QUIC server is working as expected, I think that flag is a reasonable way to test that. https://www.chromium.org/quic/quic-faq > If you're testing only with the toy quic server, you can do something like: > % chrome --disable-setuid-sandbox --enable-quic --origin-to-force-quic-on=localhost:6121 http://localhost:6121/ |
12
kerro1990 2021-07-31 17:21:38 +08:00
alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
|