Example QUIC conf and Port change

K

Kartheekdasari

New Member
#22
#22
I created my certs with Openssl and I use -k with curl command.QUIC can be opened on any port.
I have nginx running on port 8443
OLS on 9443
h2o on 7443

Below is OLS on quic and port is 9443
```
186369/openlitespee
udp 0 0 0.0.0.0:9443 0.0.0.0:* 186369/openlitespee
udp 0 0 0.0.0.0:9443 0.0.0.0:* 186369/openlitespee
udp 0 0 0.0.0.0:9443 0.0.0.0:* 186369/openlitespee
udp 0 0 0.0.0.0:9443 0.0.0.0:* 186369/openlitespee
udp 0 0 0.0.0.0:9443 0.0.0.0:* 186369/openlitespee
udp 0 0 0.0.0.0:9443 0.0.0.0:* 186369/openlitespee
udp 0 0 0.0.0.0:9443 0.0.0.0:* 186369/openlitespee
udp 0 0 0.0.0.0:9443 0.0.0.0:* 186369/openlitespee
unix 2 [ ACC ] STREAM LISTENING 4944427 186369/openlitespee /usr/local/lsws/admin/tmp/admin.sock.7587
unix 2 [ ACC ] STREAM LISTENING 4944434 186369/openlitespee /usr/local/lsws/cgid/cgid.sock.587
unix 3 [ ] STREAM CONNECTED 4944429 186369/openlitespee
unix 3 [ ] STREAM CONNECTED 4944428 186369/openlitespee
unix 3 [ ] DGRAM CONNECTED 4944437 186369/openlitespee
unix 3 [ ] DGRAM CONNECTED 4944436 186369/openlitespee
root@ubuntu:~#
```

I have ran curl command with -k(this tells curl not to verify certs) and file download is fine via quic with OLS 9443

```
root@ubuntu:~# curl -k -v --http3 -# -o /tmp/BPS.pdf https://localhost:9443/
* Trying [::1]:9443...
* QUIC cipher selection: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256
* QUIC: connection to ::1 port 9443 refused
* QUIC connect to ::1 port 9443 failed: Couldn't connect to server
* Trying 127.0.0.1:9443...
* QUIC cipher selection: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256
* Skipped certificate verification
* Connected to localhost (127.0.0.1) port 9443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://localhost:9443/
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: localhost:9443]
* [HTTP/3] [0] [:path: /]
* [HTTP/3] [0] [user-agent: curl/8.4.0-DEV]
* [HTTP/3] [0] [accept: */*]
> GET / HTTP/3
> Host: localhost:9443
> User-Agent: curl/8.4.0-DEV
> Accept: */*
>
< HTTP/3 200
< etag: "29cd-63e661c5-41130;;;"
< last-modified: Fri, 10 Feb 2023 15:24:53 GMT
< content-type: text/html
< content-length: 10701
< accept-ranges: bytes
< date: Tue, 26 Sep 2023 07:28:48 GMT
< server: LiteSpeed/1.7.18 Open
< alt-svc: h3=":9443"; ma=2592000, h3-29=":9443"; ma=2592000, h3-Q050=":9443"; ma=2592000, h3-Q046=":9443"; ma=2592000, h3-Q043=":9443"; ma=2592000, quic=":9443"; ma=2592000; v="43,46"
<
{ [10701 bytes data]
################################################################################################################################# 100.0%* Connection #0 to host localhost left intact

root@ubuntu:~#
```
 
LiteCache

LiteCache

Active Member
#23
#23
@Kartheekdasari
I think you have a misunderstanding of the requirements of QUIC. If you use OpenSSL and a certificate generated with OpenSSL was not signed by a trusted certificate authority, then that certificate is self-signed. According to LiteSpeed's specifications, it must be a "trusted" certificate. I am also not aware of any information that allows QUIC to use a port other than port 443, which is why I question your statement that you can use a different TCP/UDP port for QUIC with Apache or nginx. If you look at your own log file, it will confirm that the port 9443 you are using cannot be used for QUIC.

By the way, you cannot bypass the QUIC requirements with the curl command -k.

Code: 
* QUIC: connection to ::1 port 9443 refused
* QUIC connect to ::1 port 9443 failed: Couldn't connect to server
If QUIC doesn't work with your very strange parameters, why not leave it with the default parameters?
 
K

Kartheekdasari

New Member
#24
#24
I just wanted to bypass cert verification and not quic parameters.
Curl is connected to ols in second retry,
If I leave it to default parameters,then what is the point of enabling quic
 
LiteCache

LiteCache

Active Member
#25
#25
As long as you use a self-signed certificate, the basic requirements are missing. You cannot test QUIC on localhost. I already told you in LiteSpeed Slack that you need a public IP, a domain and a trusted SSL certificate. You can only test QUIC under these conditions.
 
LiteCache

LiteCache

Active Member
#27
#27
This is not a limit of OLS, but a limit of lsquic, at least that's how LiteSpeed describes it. And when LiteSpeed writes that the certificate must be trusted, then I understand this as a certificate that is signed by a trusted certificate authority. In fact, you won't find out until you study the QUIC specification.
 
FedorovVyach

FedorovVyach

New Member
#35
#35
Cold-Egg said:
The file location is correct.
Click to expand...
Good day! I want to ask YOU - unblock the user t79787883649@gmail.com (Anna) I am currently studying your OpenLiteSpeed software product with her. In the Alibaba Cloud Academy training account. And her domains are registered to the specified mail. Service https://my.quic.cloud / is also linked to this mail. And it is not possible to send a question to YOU because the mail is blocked. And go to the forum.

I am writing this letter at her request because she is helping me with my project ecolm.ru .

Sincerely, Fedorov
-------------
As a newcomer to the forum, it is forbidden for me to send screenshots. therefore, they are visible on the link

https://blog-ecolm-ru.blogspot.com/2023/10/mail-for-cold-egg-admin.html
 
Cold-Egg

Cold-Egg

Administrator
#36
#36
FedorovVyach

FedorovVyach

New Member
#38
#38
Cold-Egg said:
Hi,

I am not clear where this t79787883649@gmail.com email got blocked, on the WordPress forum https://wordpress.org/support/plugin/litespeed-cache/ or litespeed site https://store.litespeedtech.com/store/clientarea.php?

If you want to share the report for support, please share the Report number with the support member after clicking the Send to LiteSpeed button, and the LiteSpeed support member will be able to check the information from there.
Click to expand...
https://drive.google.com/drive/folders/1GyxMf_eor2zV-qiI2Uytb_yQTvwgvE2M?usp=sharing

You are the senior and most competent in technical matters here at the forum. It seemed to me that the OLS product was suitable in many respects. And it's probably not difficult to make a script in a spam filter that checks emails for installation (server deployment) and does not block admins.
Or maybe it's unnecessary - because the sales of the product are so beautiful ...
if you read it, I will ask the question ouic.cloud in the description of its service indicated that it is possible to issue an SSL certificate from them and said to go to their main site in the store. I went to the store and could not find the conditions for issuing an SSL certificate.
As I understand it - if they give a certificate, then one that suits them (as a service), because with the correct configuration, all the content of the site goes to the cloud cached and from there to the user. That is, the important interests of the owners of the service are taken into account.

Please tell me the link or instructions to receive .


______
Please excuse me if my text is not very neat - I use an automatic translator from Russian to English.
 
Last edited:
You must log in or register to reply here.
Top