Can't make QUIC work

Hi there!
i’m using Caddy 0.9.3 in production for some times and I saw on HN the QUIC functionality so I tried it.

Everything seems to be well configured, following the great guide (https://github.com/mholt/caddy/wiki/QUIC)
Opening UDP 443 on the server was a missing part on the wiki, it may help others if added…

BUT Chrome 54 (#enable-quic flag enabled) doesn’t use QUIC on my test website…Protocol still uses TLS 1.2.

Anyone has made it works on the latest version of Chrome + Caddy?

Here is the Caddyfile:

mydomain.com
tls myemail@gmail.com
root htdocs
gzip
fastcgi / 127.0.0.1:9123 php
errors logs/caddy-error.log

Thanks for answering, and your great job Matt…and the community!

1 Like

Gah, of course Chrome would do a major update right after I say that on HN – the QUIC protocol is in motion and latest Chrome probably only supports the newest version(s) of QUIC, which I suspect Caddy will support in the next release.

I don’t believe that’s a version problem as I can see, Google server is using v35:

clients4.google.com:443 true QUIC_VERSION_35

and Caddy is proposing v36,35,34:

alt-svc:quic=":443"; ma=2592000; v=“36,35,34”

Maybe there’s much more than a problem of version…

So this is why quic isnt working for me? Im also getting this http://puu.sh/sWEZj/ea069f3ecf.png on my version. I made a post on this forum a few days ago about quic because im doing my thesis on the comparison of quic+http2 vs http1.1/tcp so if its broken it basicly means im screwed? Or is there a way i can get it to work? (Assuming it hasnt been patched yet i seem to also have 0.9.3)

Edit: It is ofcourse also possible im simply screwing things up on my end.

Try with the new release coming out later today.

Im so glad to hear that! It will probably be tomorrow for me though (From belgium eu).

Its pretty late here but since i was still awake and saw that the new patch is here i wanted to try it out and see if my quic is working now. It does not seem to be working but maybe i am missing something.

This is the start up command http://puu.sh/sX2iX/2abf72aa2d.png

The UDP port seems to be open (i think?) http://puu.sh/sX2kT/2485c2a54d.png

And im running on the new patch http://puu.sh/sX2n0/3b59edbeaf.png

Other than this my chrome browser has quic enabled http://puu.sh/sX2pm/ba5f9d3692.png

The setup seems to be correct from what i understand. Maybe it is enabled but im just looking at the wrong things?
I get this with page inspecting http://puu.sh/sX2sS/051d26ce58.png and no active events at chrome://net-internals/#events&q=type:QUIC_SESSION%20is:active

Is there something obvious im missing? Is it working for anyone else?

edit: Maybe because my certificate thing isnt showing up as green? http://puu.sh/sX343/8e512b9af2.png i dont know whats wrong :frowning:

That’s why. QUIC only works with valid certificates.

1 Like

Ow, i didnt know that! I do hope thats the problem. Im not really sure why its unsecure though. Im using tls self_signed in the caddy file is this why its not showing up as valid? When i enter my email adress i can see ERR_SSL_PROTOCOL_ERROR in the google chrome console but im not really sure where to look for a better run down of what went wrong. Maybe because i dont have an account with that email with “a trusted CA”? Is there someway i can tell my browser to trust certificates from that ip/server, could i get it to work like that?

edit im trying this now http://stackoverflow.com/questions/7580508/getting-chrome-to-accept-self-signed-localhost-certificate

Wel it seems like it might not be the fault of the certificate. I was able to allow the self signed certficate but still no luck with quic. http://puu.sh/sX7mM/2036e124a0.png . Pretty darn lost on why its not working now but its 01:30 here in belgium and i have classes tomorrow so im off to bed and il worry about it some more tomorrow afternoon.

Because your system doesn’t trust self-signed certificates. Even if your browser does, the QUIC library needs to trust it as well through your system roots.

2 Likes

Thanks,

No idea how to do that but i guess il try and find out tomorrow…

You could always download the certificate while the server is running and add it to your trust store, but you’ll have to do it again when you restart the server; better yet, can you use a real hostname?

1 Like

I think i did it correctly but still no luck. I followed this guide on how to add a certificate to the trusted root certification authorities store for my local machine Manage Trusted Root Certificates | Microsoft Docs but im still getting this http://puu.sh/sXyTp/ef45fedd97.png im not sure if i need to do it somewhere else aswell. Maybe the quic library thing you talked about still doesnt trust it ?:frowning:

I assume its working for you so i must still be doing something wrong. Maybe what i did still doesnt make it count as a " real, trusted certificate" but im not sure how to make it a real trusted certificate if thats the case

Sorry for bothering you but can you confirm that quic is working for others? So i know its a problem with my setup and not caddy.

Here, I have my site over QUIC for now: https://matt.life/ - using Caddy 0.9.4.

2 Likes

Hmm interesting, at first it didnt work for me because of a plugin called “Cache killer”. When that plugin is disabled i do get quic on your website. Disabling it did not seem to help my site however so there still seems to be a problem on my end.

Still no luck but il try this tomorrow https://github.com/mholt/caddy/issues/143 it seems promising if i can figure it out.

Im happy to say this https://github.com/mholt/caddy/issues/1432 finally fixed it for me. So for people who are having trouble getting quic to work and stumble upon this thread, disable all your chrome plugins (one plugin makes quic not work for me) and it seems like u cant get it to work with a self singed certificate.

What did you do to fix it Anton? The issue that had a solution for you seems to be deleted … I enabled quick in caddy startup command, opened port 443 UDP on router and firewall and I enabled the quic flag in Chrome (v56).

In the response headers I see quic but a chrome plugin states it’s not quic enabled (which it does show in gmail and Matt’s website (https://matt.life/))

alt-svc:quic=":443"; ma=2592000; v="36,35,34"
alternate-protocol:443:quic