how router.RunTLS(addr, tfg *tls.Config)
thanks
My current specific scenarios only include * tls Config, no certFile, keyFile string
Comment From: mstmdev
server := &http.Server{Addr: addr, Handler: router.Handler(), TLSConfig: tlsConfig}
server.ListenAndServeTLS("", "")
You can try the above code.
Comment From: hktalent
@mstmdev thanks
Comment From: hktalent
@mstmdev Thank you very much
My HTTP 3.0 has never worked properly. Can you help me?
func RunHttp3(addr, certFile, keyFile string, router *gin.Engine) (err error) {
log.Printf("Listening and serving HTTPS on %s\n", addr)
// tcp
util.Wg.Add(1)
go func() {
defer util.Wg.Done()
http3.ListenAndServe(addr, certFile, keyFile, router.Handler())
//router.RunTLS(addr, certFile, keyFile)
}()
util.Wg.Add(1)
go func() {
defer util.Wg.Done()
// udp
quicConf := &quic.Config{}
// udp
server := http3.Server{
Handler: router.Handler(),
Addr: addr,
QuicConfig: quicConf,
TLSConfig: common.InitCa(),
}
err = server.ListenAndServe()
//err = server.ListenAndServeTLS(certFile, keyFile)
log.Println("http3.0 is start")
}()
return
}
Comment From: mstmdev
Can you provide more error information?
Comment From: mstmdev
package main
import (
"crypto/tls"
"fmt"
"io"
"net/http"
"time"
"github.com/gin-gonic/gin"
"github.com/lucas-clemente/quic-go/http3"
)
func main() {
// load cert
cert, err := tls.LoadX509KeyPair("../testdata/certificate/cert.pem", "../testdata/certificate/key.pem")
if err != nil {
fmt.Printf("load cert error => %v\n", err)
return
}
tlsConfig := &tls.Config{}
tlsConfig.Certificates = make([]tls.Certificate, 1)
tlsConfig.Certificates[0] = cert
// start server
router := gin.Default()
router.GET("/hello", func(context *gin.Context) {
context.String(http.StatusOK, "hello world")
})
server := http3.Server{
Handler: router.Handler(),
Addr: ":4242",
TLSConfig: tlsConfig,
}
go func() {
err = server.ListenAndServe()
if err != nil {
fmt.Printf("start server error =>%v\n", err)
return
}
fmt.Printf("http3 server start!\n")
}()
<-time.After(time.Second * 3)
// start client
client := http.Client{
Transport: &http3.RoundTripper{
TLSClientConfig: &tls.Config{
InsecureSkipVerify: true,
},
},
}
resp, err := client.Get("https://127.0.0.1:4242/hello")
if err != nil {
fmt.Printf("client get error =>%v\n", err)
return
}
defer resp.Body.Close()
data, err := io.ReadAll(resp.Body)
if err != nil {
fmt.Printf("client read data error =>%v\n", err)
return
}
fmt.Printf("client read data =>%s\n", string(data))
}
Here is an example that was tested in my local machine and it was running ok.
Comment From: hktalent
@mstmdev thanks I found that there is no problem with the code. I can access https through the http3 code, but the browser cannot access it, which is very embarrassing.
Comment From: hktalent
@kristiansvalland I found a very embarrassing problem 1. After starting http3 [udp], test through the code, you can access http3 normally, but the browser cannot access 2. My solution is to start http2 [TCP] at the same time 3. I don't know if this is the right way?
https://stackoverflow.com/questions/61172217/does-http3-quic-fall-back-to-tls-1-2-if-the-browser-doesnt-support-quic
Comment From: mstmdev
Perhaps you do not have a trusted certificate, see playing-with-quic.
Comment From: hktalent
Thank you very much I use the correct certificate of http2, 51pwn.com
You can have a look @mstmdev
Comment From: mstmdev
package main
import (
"fmt"
"net/http"
"github.com/gin-gonic/gin"
"github.com/lucas-clemente/quic-go/http3"
)
func main() {
// start server
router := gin.Default()
router.GET("/hello", func(context *gin.Context) {
context.String(http.StatusOK, "hello quic")
})
err := http3.ListenAndServe(":4242", "./cert.pem", "./key.pem", router.Handler())
if err != nil {
fmt.Printf("start server error =>%v\n", err)
return
}
}
If you want to custom the tls.Config, you can copy the http3.ListenAndServe function to your local code and modify it.
And you need to open both UDP and TCP port permissions in the firewall.
@hktalent
Comment From: mstmdev
An HTTP origin can advertise the availability of an equivalent HTTP/3 endpoint via the Alt-Svc HTTP response header field or the HTTP/2 ALTSVC frame ([ALTSVC]) using the "h3" ALPN token.
Comment From: hktalent
server := http3.Server{ Handler: router.Handler(), Addr: addr, QuicConfig: quicConf, TLSConfig: common.InitCa(), } err = server.ListenAndServe()
You mean that TLSConfig is not used in http3.Server, right? @mstmdev
Comment From: mstmdev
The HTTP3 web service for browser access needs to start a HTTP1.1 or HTTP2 server first, it works with the quic server together.
The server.ListenAndServe() function only starts a quic server, we should use the http3.ListenAndServe function to start a http server and a quic server or copy and modify the http3.ListenAndServe for custom.
@hktalent
Comment From: hktalent
@mstmdev You are right, it will be normal after I copy and modify the custom startup Thank you very much
https://geekflare.com/tools/test/kem4n48j04m0azz1ypgints4esqetejp
If you want to custom the tls.Config, you can copy the http3.ListenAndServe function to your local code and modify it. And you need to open both UDP and TCP port permissions in the firewall. @hktalent ```
Comment From: hktalent
@mstmdev @kristiansvalland I tested google here https://geekflare.com/tools/test/64g2q3i606z83f63ap3gf56yyeo4efyx support h3-29 h3-Q050 h3-Q046 h3-Q043 quic/46 quic/43
while testing own server https://geekflare.com/tools/test/kem4n48j04m0azz1ypgints4esqetejp but only supports h3-29
Do you know what to do to fully support h3 like google? in golang
Comment From: hktalent
@mstmdev Another strange phenomenon is I test locally access https://127.0.0.1:8081/indexes/ default is Version HTTP/3 After publishing to the server, the default protocol becomes your http/2 https://51pwn.com/indexes/
However, here the test https://geekflare.com/tools/test/kem4n48j04m0azz1ypgints4esqetejp But it supports h3
Practice has proved that it is not the reason for the following settings NextProtos = []string{"h3", "h2", "http/1.1"}
Comment From: mstmdev
Do you have a proxy server? Can your proxy server access the UDP port of the origin site? @hktalent
Comment From: hktalent
I turned off the proxy and tested in firefox and chrome Found that the default is still http2, @mstmdev Oddly enough, the native development environment tests https://127.... The default is http3
Comment From: mstmdev
I mean do you have an nginx proxy?
Comment From: hktalent
No nginx proxy is used, golang server is directly used @mstmdev
Comment From: mstmdev
Is your 443 UDP port alive?
Comment From: hktalent
@mstmdev yes
netstat -anup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp6 0 0 :::53 :::* 687696/./51pwnPlatf
udp6 0 0 :::443 :::* 687696/./51pwnPlatf
Comment From: mstmdev
I am also unable to access the QUIC server, check the firewall?
Comment From: hktalent
Now I have turned off all firewalls, and the test found that the default is still http2 @mstmdev
Comment From: mstmdev
Do you have some server logs? Does the cloud service provider have some limit? In my cloud test server, I must add a rule to open the UDP port. And you can run the HTTP3 client in your server by golang, and check the result to ensure localhost access is ok.
Comment From: hktalent
cloudpowerall I checked, and there is no relevant firewall configuration The rules of iptables are added by myself, and it is the same when it is closed