Quic Protocol isn't working

neonota · May 24, 2023, 3:45pm

1. The problem I’m having:

Quic Protocol should work automatically with Caddy. But for some reason it’s not working for my wesbite. There is no issue with my network or browser.

2. Error messages and/or full log output:

There is no error message in the log. (Log that shows up after running systemctl status caddy

3. Caddy version:

v2.6.4 h1:2hwYqiRwk1tf3VruhMpLcYTg+11fCdr8S3jhNAdnPy8=

4. How I installed and ran Caddy:

a. System environment:

OS : Ubuntu 22.04.2 LTS (GNU/Linux 5.19.0-1025-aws x86_64)

Installed following this guide : Install — Caddy Documentation

b. Command:

Not applicable

c. Service/unit/compose file:

d. My complete Caddy config:

nixorigin.one, www.nixorigin.one {
        # Set this path to your site's directory.
        root * /var/www/html/public

        header {
                X-Frame-Options "SAMEORIGIN"
                X-XSS-Protection "1; mode=block"
                X-Content-Type-Options "nosniff"
                Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
                Referrer-Policy "same-origin"


        }


        php_fastcgi unix//run/php/php8.1-fpm.sock
        # Enable the static file server.
        file_server

        # Another common task is to set up a reverse proxy:
        # reverse_proxy localhost:8080

        # Or serve a PHP site through php-fpm:
        # php_fastcgi localhost:9000
}

5. Links to relevant resources:

francislavoie · May 25, 2023, 12:17am

QUIC and HTTP/3 are over UDP, instead of TCP. Make sure your firewall and router allows UDP traffic on port 443. If you have ufw running on Ubuntu, check that it allows UDP traffic.

neonota · May 25, 2023, 3:22pm

Thanks for the heads up. I’ve now allowed UDP traffic on my firewall. According to https://http3check.net/ QUIC is now working . But Tools search result saying the opposite. Is there any other way I can confirm this ? My browsers are still showing TLS 1.3 …

matt · May 25, 2023, 3:48pm

Never heard of that second site, and it looks broken (all the HTTP/3-enabled sites I try says it can’t connect).

The best way to confirm HTTP/3 is to use a curl build that supports HTTP/3 like so:

$ curl3 --http3 -v ...

francislavoie · May 25, 2023, 8:58pm

This works for me now:

docker run -it --rm ymuski/curl-http3 curl -vs -D/dev/stdout -o/dev/null --http3 https://nixorigin.one

So you seem good to go

Yes, TLS 1.3 is the latest version of TLS. HTTPS is HTTP over TLS, and HTTP/3 always enables TLS. That’s correct and a good thing.

neonota · May 25, 2023, 11:49pm

Thank you

system · June 24, 2023, 11:49pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.