How to test if http3 is working normally on an internal host without public ip?

1. Output of caddy version:

v2.6.2 h1:wKoFIxpmOJLGl3QXoo6PNbYvGW4xLEgo32GPBEjWL8o=

2. How I run Caddy:

$ caddy adapt
2022/12/11 04:34:26.084 INFO    using adjacent Caddyfile
{"apps":{"http":{"servers":{"srv0":{"listen":[":443"],"routes":[{"match":[{"host":["localhost"]}],"handle":[{"handler":"subroute","routes":[{"handle":[{"body":"Hello, world!","handler":"static_response"}]}]}],"terminal":true}]}}}}}
$sudo caddy run
2022/12/11 04:34:56.335 INFO    using adjacent Caddyfile
2022/12/11 04:34:56.336 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//"]}
2022/12/11 04:34:56.336 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS       {"server_name": "srv0", "https_port": 443}
2022/12/11 04:34:56.336 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
2022/12/11 04:34:56.336 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc00018ee00"}
2022/12/11 04:34:56.336 INFO    tls     cleaning storage unit   {"description": "FileStorage:/home/xl/.local/share/caddy"}
2022/12/11 04:34:56.337 INFO    tls     finished cleaning storage units
2022/12/11 04:34:56.344 INFO    root certificate is already trusted by system   {"path": "storage:pki/authorities/local/root.crt"}
2022/12/11 04:34:56.344 INFO    http    enabling HTTP/3 listener        {"addr": ":443"}
2022/12/11 04:34:56.344 INFO    failed to sufficiently increase receive buffer size (was: 208 kiB, wanted: 2048 kiB, got: 416 kiB). See for details.
2022/12/11 04:34:56.344 INFO    http.log        server running  {"name": "srv0", "protocols": ["h1", "h2", "h3"]}
2022/12/11 04:34:56.344 INFO    http.log        server running  {"name": "remaining_auto_https_redirects", "protocols": ["h1", "h2", "h3"]}
2022/12/11 04:34:56.344 INFO    http    enabling automatic TLS certificate management   {"domains": ["localhost"]}
2022/12/11 04:34:56.345 WARN    tls     stapling OCSP   {"error": "no OCSP stapling for [localhost]: no OCSP server specified in certificate", "identifiers": ["localhost"]}
2022/12/11 04:34:56.345 INFO    autosaved config (load with --resume flag)      {"file": "/home/xl/.config/caddy/autosave.json"}
2022/12/11 04:34:56.345 INFO    serving initial configuration
$ sudo netstat -tunlp | grep caddy
tcp        0      0*               LISTEN      1531/caddy          
tcp6       0      0 :::443                  :::*                    LISTEN      1531/caddy          
tcp6       0      0 :::80                   :::*                    LISTEN      1531/caddy          
udp6       0      0 :::443                  :::*                                1531/caddy     

a. System environment:

Ubuntu 18.04

b. Command:

caddy adapt
caddy run

d. My complete Caddy config:

respond "Hello, world!"

3. The problem I’m having:

Is it possible to test whether http3 is working normally on an internal server without a public address or domain name? I enabled caddy 2.6 on port 443 of an internal server which does not have a public address or a domain name, but I don’t know how to test if http3 is enabled successfully and working normally.

Another question: when I use “sudo netstat -tunlp | grep caddy” to check port usage (as is shown in part 2), why is caddy only using ipv6-based TCP and UDP on port 443? Why are ipv4 TCP and ipv4 UDP on port 443 not shown?

4. What I already tried and Error messages and/or full log output:

I tried with curl. It seems to work well on https, but fails to respond to curl-http3 tool.

$ curl https://localhost:443
Hello, world!
$ docker run --rm ymuski/curl-http3 curl --http3 https://localhost:443
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0
curl: (7) quiche: recv() unexpectedly returned -1 (errno: 111, socket 5)

That docker image is nearly two years old, I’m not sure if it’s using the latest version of the H3 spec. Caddy only supports the latest spec.

But your setup looks fine to me, except this warning:

Make sure to follow these instructions on your host machine to ensure H3 performance is optimal.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.