nginx-quic chrome 支持度

quic 本身就包含 tls 了

用 Chrome 91 打开官方网页可以看到是支持的，h3-29，你的不支持可能是哪里配置不对，建议按 README 再配置一遍

https://quic.nginx.org/

这 blog 里的 Alt-Svc header 写法有点老了，h3 改成 h3-29 应该就好了；几个月前架过玩，会显 quic

@mons 谢谢，我也正在想可能是这个原因

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

@mons 似乎不行

印象中 gQUIC 和 MTU 有关系，到 HTTP/3 之后就不清楚了

@v2clay #6

这是我之前架的时候用的，Alt-Svc 只加了 h3-29 和对应的 max-age，没加 QUIC-Status header. 刚试了一下，还是可以正常走 QUIC

```
server {
listen 443 ssl;
listen 443 http3 reuseport;
listen [::]:443 ssl;
listen [::]:443 http3 reuseport;
server_name abc.xyz;

ssl_protocols TLSv1.3;
ssl_certificate /etc/letsencrypt/live/abc.xyz/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/abc.xyz/privkey.pem;

error_page 497 =307 https://$host$request_uri;

add_header Alt-Svc 'h3-29=":443"; ma=86400';

location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $remote_addr;
}
}
```

Chrome dev tools:



可能需要刷新一次才会显示 QUIC.

@mons 已成功，谢谢

@mons #8 自签名的证书是不是不能显示 quic

@v2clay #10 看起来是的：

https://crbug.com/1012564

> Where QUIC and TLS (over TCP) differ is when the cert is valid as determined by the CertVerifier, QUIC imposes an additional check that the cert is issued by a known root (as opposed to a user-installed root) and internally returns QUIC_CERT_ROOT_NOT_KNOWN if it is not issued by a known root.

> The use of --origin-to-force-quic-on is intended for someone developing a QUIC server. When testing that a QUIC server is working as expected, I think that flag is a reasonable way to test that.


https://www.chromium.org/quic/quic-faq

> If you're testing only with the toy quic server, you can do something like:

> % chrome --disable-setuid-sandbox --enable-quic --origin-to-force-quic-on=localhost:6121 http://localhost:6121/

alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400