HTTP/3 only on a sub domain

Help
1

Hello everyone,

Ive started using Caddy two days ago, because Im writing my thesis about the different HTTP versions.

1. The problem I’m having:

The problem that Im having is that Im unable to configure Caddy to serve specific HTTP versions on different sub domains.

What Ive tryed to do is:

http1.domain.de - works fine
http2.domain.de - serves HTTP/2 and 3
http3.domain.de - serves HTTP/2 and 3

Even when I only set a global option to only use HTTP/1 and 2 i get 3…

2. Error messages and/or full log output:

no error message

3. Caddy version:

Caddy 2.7.2

4. How I installed and ran Caddy:

Im running Caddy in a Container via Docker.

In the Caddyfile Ive tried to set in the global:

servers http1.example.de {
protocols h1
}

servers http2.example.de {
protocols h1 h2
}

servers http3.example.de {
protocols h3
}
2

Update:

It dont solved it.
http3.* dont serve HTTP/3 anymore too.

Looks like I ve solved my issue myself right now.

With the following Caddyfile:

{
        debug
        auto_https off
}

http1.*:80 {
        templates

        file_server browse

        header Cache-Control "no-store, always"
}

http2.*:443 {
        templates

        file_server browse

        tls /etc/tls/certs/certificate.pem /etc/tls/certs/private-key.pem

        header Cache-Control "no-store, always"
        header -Alt-Svc
}

http3.*:443 {
        templates

        file_server browse

        tls /etc/tls/certs/certificate.pem /etc/tls/certs/private-key.pem

        header Cache-Control "no-store, always"
}
3

That’s not a valid site address. You need to use the full domain. * is not a full-range wildcard, it only matches a single label (parts between . dots) and can only be used on the left, not the right.

That’s not possible from a networking standpoint. You’d need to either use different port numbers, or bind to more than one network interface (IP address).

When you configure Caddy to listen on port :443, this is one server. A given server can only have one configuration for protocols, because protocol choice happens before the server even knows what the domain is (because it needs to use those protocols to unpack the data and then read the domain in the payload).

You need to use the servers global option to configure servers and their protocols. See the docs:

4

Hi Francis,

I replace the domain with the “*”, but thats still good to know :slight_smile:.
Thank you.

So if I want to have HTTP/3 on http3.* I need to run it on a diffrent port?
Isnt the upgrade to HTTP/3 happening threw the header after a first connection was established?

alt-svc h3=":443"; ma=2592000

And with those servers configurations I only had trouble.
They simply dont applied, for example when I ve set:

servers *.*:* {
  protocols h1 h2
}

I still got HTTP/3 :smiley:

5

servers does not take domains, it takes a bind address + port. And it does not take wildcards. By default the bind address is “empty”, as in “bind to every network interface”, e.g. :443, but it could be 127.0.0.1:443 to only bind to the loopback interface (to only handle IPv4 connections from the same machine, and not from outside).

Please re-read the Server Options docs I linked above.

No, that’s just an “advertisement” of HTTP/3 support. It’s not a protocol upgrade. It doesn’t work like WebSockets.

HTTP/3 is a totally separate connection (and is over UDP instead of TCP), it has no relationship to other connections.

1 Like
6

Thank you very mutch :slight_smile:

7

You can’t actually force http3 for now - browsers will always try to connect using http2/1 first and if http3 is available, using http3 for subsequent requests. There is a workaround, just don’t serve any content and tell visitors this site can only be viewed using http3 :sweat_smile:.

To force specific http versions, you can set tls alpn. I did it in one of my blogs.

2 Likes
8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.