New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Why does not work quic ? #1763
Comments
It's difficult to understand fully the behavior of browsers with QUIC. In my experience, chromium was more restrictive, as it seems to only accept certificates signed by an authority recognized by the browser. With firefox this restriction was not present. As QUIC is a still recent protocol, try to use the more recent version of chrome/firefox. If you can, try to record a network capture to see if there is some UDP traffic as sometimes debugger tools of the browsers does not report QUIC connections. Also, if you want to first test your QUIC frontend, you can try to use a command-line tool with QUIC support to directly reach the UPD endpoint. For example, curl has experimental support of QUIC but this requires to compile it by hand. |
For me, chromium starts with H2 and only switches to H3 on the second reload (i.e. press Ctrl-R twice). There are probably a number of heuristics in place to avoid the impact on the vast majority of non-QUIC traffic, that require to perform background probes or certain such things in order to decide whether to switch to H3 for subsequent requests or not. |
By the way, for me FF91 stopped using QUIC on haproxy.org a week or two ago, and there was no way to make it accept it again, it would only exchange a few packets and switch back to H2. And today without any explanation, it's back to work; the process was not even stopped! I think browsers perform some negative caching of issues in order not to try again after a site showed some issues. |
but I can access google.com with http3 on current browser. |
Just like mine used to work on quic.cloudflare.com while not on haproxy.org, and recently started to refuse to use H3 on both quic.cloudflare.com and haproxy.org for a few days, then decided to accept it again on both without even restarting it. I really don't know how they're deciding to stop using H3/QUIC on a site, but there's definitely some caching and we don't know where to search for diagnostic info. |
You mean, is this problem related to the Chrome browser? |
I'm saying that it possibly isn't even a problem and might be the expected behavior as a consequence of some initially failed tests. We've all gone through this during debugging and that's really painful. What is really annoying at the moment with browsers is that they provide absolutely zero information to debug such situations. So it's not even possible to say whether it's expected or not. As Amaury said, you should really try a second tool, and check with network traces or by enabling QUIC traces in haproxy whether the browser and haproxy engage in a conversation or not. Also I'm seeing that you're having "quic4@:443". In case there are multiple addresses on your machine (I don't know), this can cause problems as UDP is connection-less, so it's possible that the browser speaks to haproxy on one IP address and that responses are sent from another one chosen by the operating system. Just in case that would be related, please adjust your config to bind to an explicit address, e.g. "quic4@192.168.1.1:443". |
@wtarreau I got it. I will also try to set the dedecated IP. thx! |
Interesting and very good to know for our debugging sessions, thanks very much for the hint! |
Many similar issues have been fixed over the last year and the experience got much better overall. I suggest to close this one and open a new one with new info if similar problems arise with an up-to-date version now. |
Detailed Description of the Problem
chrome browser has been connected to server with h2 protocol after quic setting!.
Expected Behavior
use h3 proto in chrome.
Steps to Reproduce the Behavior
Do you have any idea what may have caused this?
I have no idea.
Let me know what is my fault?
Do you have an idea how to solve the issue?
No response
What is your configuration?
Output of
haproxy -vv
Last Outputs and Backtraces
No response
Additional Information
No response
The text was updated successfully, but these errors were encountered: