Spent way too long getting HTTP/3 working on FreeBSD with nginx, so I wrote it all up.
-
Spent way too long getting HTTP/3 working on FreeBSD with nginx, so I wrote it all up.
The highlights: stock OpenSSL silently breaks QUIC at the HTTP/3 framing layer (the TLS handshake succeeds, so openssl s_client lies to you). eBPF worker routing doesn't exist on FreeBSD. And if nginx is in a jail with IPv4 NAT, a pass rule for UDP 443 is useless without a matching rdr.
New post: https://blog.hofstede.it/http3-on-freebsd-getting-quic-working-with-nginx-in-a-bastille-jail/
-
R ActivityRelay shared this topic
-
Spent way too long getting HTTP/3 working on FreeBSD with nginx, so I wrote it all up.
The highlights: stock OpenSSL silently breaks QUIC at the HTTP/3 framing layer (the TLS handshake succeeds, so openssl s_client lies to you). eBPF worker routing doesn't exist on FreeBSD. And if nginx is in a jail with IPv4 NAT, a pass rule for UDP 443 is useless without a matching rdr.
New post: https://blog.hofstede.it/http3-on-freebsd-getting-quic-working-with-nginx-in-a-bastille-jail/
Another great article that goes straight to latest Valuable News issue - thank You for writing it
Now ... I would probably add least needed and least technical comment here - but that also hit me in the past ... the 'special' ASCII character ... misalign like 9 in 10 times.
Using 'regular' chars like '|' or '+' instead always aligns these ASCII diagrams well.
Regards,
vermaden -
Another great article that goes straight to latest Valuable News issue - thank You for writing it
Now ... I would probably add least needed and least technical comment here - but that also hit me in the past ... the 'special' ASCII character ... misalign like 9 in 10 times.
Using 'regular' chars like '|' or '+' instead always aligns these ASCII diagrams well.
Regards,
vermaden@vermaden Will try that
I wrote the article on my real life experience when enabling HTTP/3 on the Mastodon instance, I am managing (https://burningboard.net). I thought it might be interesting for others, since there were some pitfalls and it wasn't just "enabling an option".
-
Spent way too long getting HTTP/3 working on FreeBSD with nginx, so I wrote it all up.
The highlights: stock OpenSSL silently breaks QUIC at the HTTP/3 framing layer (the TLS handshake succeeds, so openssl s_client lies to you). eBPF worker routing doesn't exist on FreeBSD. And if nginx is in a jail with IPv4 NAT, a pass rule for UDP 443 is useless without a matching rdr.
New post: https://blog.hofstede.it/http3-on-freebsd-getting-quic-working-with-nginx-in-a-bastille-jail/
@Larvitz Great write up! One question: do you also have HTTP/2 enabled? The config you listed at the end looks like it would have the client start on 1.1.
Just curious because I seem to recall Nginx having multiple ways of doing h2.
