Using QUIC cc protocol with OpenLiteSpeed

yasha

yasha

New Member
#1
#1
Hi

I can not configure the ols server to listen on udp 443 port on Quic.
root@server:vs # netstat -lupn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:52035 0.0.0.0:* 140683/openlitespee
udp 0 0 0.0.0.0:39335 0.0.0.0:* 140680/openlitespee
udp 0 0 0.0.0.0:7080 0.0.0.0:* 140675/openlitespee
Click to expand...
there is no listener on port 443.
this is the /usr/local/lsws/conf/httpd_config.conf output:
Code: 
#
# PLAIN TEXT CONFIGURATION FILE
#
#It not set, will use host name as serverName
serverName
user                      nobody
group                     nogroup
priority                  0
inMemBufSize              60M
swappingDir               /tmp/lshttpd/swap
autoFix503                1
gracefulRestartTimeout    300
mime                      conf/mime.properties
showVersionNumber         0
adminEmails               root@localhost

errorlog logs/error.log {
  logLevel                DEBUG
  debugLevel              0
  rollingSize             10M
  enableStderrLog         1
}

accesslog logs/access.log {
  rollingSize             10M
  keepDays                30
  compressArchive         0
}
indexFiles                index.html, index.php

expires  {
  enableExpires           1
  expiresByType           image/*=A604800,text/css=A604800,application/x-javascript=A604800,application/javascript=A604800,font/*=A604800,application/x-font-ttf=A604800
}
uploadPassByPath          1

tuning  {
  maxConnections          10000
  maxSSLConnections       10000
  connTimeout             300
  maxKeepAliveReq         10000
  keepAliveTimeout        5
  sndBufSize              0
  rcvBufSize              0
  maxReqURLLen            32768
  maxReqHeaderSize        65536
  maxReqBodySize          2047M
  maxDynRespHeaderSize    32768
  maxDynRespSize          2047M
  maxCachedFileSize       4096
  totalInMemCacheSize     20M
  maxMMapFileSize         256K
  totalMMapCacheSize      40M
  useSendfile             1
  fileETag                28
  enableGzipCompress      1
  compressibleTypes       default
  enableDynGzipCompress   1
  gzipCompressLevel       6
  gzipAutoUpdateStatic    1
  gzipStaticCompressLevel 6
  brStaticCompressLevel   6
  gzipMaxFileSize         10M
  gzipMinFileSize         300
  quicEnable              1
  quicShmDir              /dev/shm
  quicCongestionCtrl      2
}

fileAccessControl  {
  followSymbolLink        1
  checkSymbolLink         0
  requiredPermissionMask  000
  restrictedPermissionMask 000
}

perClientConnLimit  {
  staticReqPerSec         0
  dynReqPerSec            0
  outBandwidth            0
  inBandwidth             0
  softLimit               10000
  hardLimit               10000
  gracePeriod             15
  banPeriod               300
}

CGIRLimit  {
  maxCGIInstances         20
  minUID                  11
  minGID                  10
  priority                0
  CPUSoftLimit            10
  CPUHardLimit            50
  memSoftLimit            1460M
  memHardLimit            1470M
  procSoftLimit           400
  procHardLimit           450
}

accessDenyDir  {
  dir                     /
  dir                     /etc/*
  dir                     /dev/*
  dir                     conf/*
  dir                     admin/conf/*
}

accessControl  {
  allow                   ALL
}

extprocessor lsphp {
  type                    lsapi
  address                 uds://tmp/lshttpd/lsphp.sock
  maxConns                10
  env                     PHP_LSAPI_CHILDREN=10
  env                     LSAPI_AVOID_FORK=200M
  initTimeout             60
  retryTimeout            0
  persistConn             1
  respBuffer              0
  autoStart               1
  path                    fcgi-bin/lsphp
  backlog                 100
  instances               1
  priority                0
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           1400
  procHardLimit           1500
}

scripthandler  {
  add                     lsapi:lsphp php
}

railsDefaults  {
  maxConns                1
  env                     LSAPI_MAX_IDLE=60
  initTimeout             60
  retryTimeout            0
  pcKeepAliveTimeout      60
  respBuffer              0
  backlog                 50
  runOnStartUp            3
  extMaxIdleTime          300
  priority                3
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           500
  procHardLimit           600
}

wsgiDefaults  {
  maxConns                5
  env                     LSAPI_MAX_IDLE=60
  initTimeout             60
  retryTimeout            0
  pcKeepAliveTimeout      60
  respBuffer              0
  backlog                 50
  runOnStartUp            3
  extMaxIdleTime          300
  priority                3
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           500
  procHardLimit           600
}

nodeDefaults  {
  maxConns                5
  env                     LSAPI_MAX_IDLE=60
  initTimeout             60
  retryTimeout            0
  pcKeepAliveTimeout      60
  respBuffer              0
  backlog                 50
  runOnStartUp            3
  extMaxIdleTime          300
  priority                3
  memSoftLimit            2047M
  memHardLimit            2047M
  procSoftLimit           500
  procHardLimit           600
}

module modreqparser

module uploadprogress

module cache {
  internal                1

checkPrivateCache   1
checkPublicCache    1
maxCacheObjSize     10000000
maxStaleAge         200
qsCache             1
reqCookieCache      1
respCookieCache     1
ignoreReqCacheCtrl  1
ignoreRespCacheCtrl 0

enableCache         0
expireInSeconds     3600
enablePrivateCache  0
privateExpireInSeconds 3600
  ls_enabled              1
}

virtualhost Example {
  vhRoot                  Example/
  configFile              conf/vhosts/Example/vhconf.conf
  allowSymbolLink         1
  enableScript            1
  restrained              1
  setUIDMode              0
}

listener Default {
  address                 *:8088
  secure                  0
  keyFile                 $SERVER_ROOT/admin/conf/webadmin.key
  certFile                $SERVER_ROOT/admin/conf/webadmin.crt
  certChain               0
  enableSpdy              8
  enableQuic              1

  module modreqparser {

    ls_enabled            1
  }

  module uploadprogress {

    ls_enabled            1
  }
  map                     Example *
}

vhTemplate centralConfigLog {
  templateFile            conf/templates/ccl.conf
  listeners               Default
}

vhTemplate EasyRailsWithSuEXEC {
  templateFile            conf/templates/rails.conf
  listeners               Default
}
in the config file Quic is enabled: enableQuic 1
 
Cold-Egg

Cold-Egg

Administrator
#2
#2
QUIC is enabled by default. Since the listener port is set to 8088, you won't find it by filtering with port 443.
Code: 
listener Default {
  address                 *:8088
In order to get port 443 + QUIC working, please visit the web admin > listener, set port to 443, and apply a valid certificate
 
yasha

yasha

New Member
#3
#3
reconfigured the httpd_config.conf:
Code: 
...
listener Default {
  address                 *:443
  secure                  0
  keyFile                 /home/oper/compiralabs_certs/compiralabs.key
  certFile                /home/oper/compiralabs_certs/fbfda24f235b14b9.crt
  certChain               1
  CACertFile              /home/oper/compiralabs_certs/gd_bundle-g2-g1.crt
  enableSpdy              8
  enableQuic              1

  module modreqparser {

    ls_enabled            1
  }

  module uploadprogress {

    ls_enabled            1
  }
  map                     Example lsquic.compiralabs.com
}
...
still no QUIC, output of netstat -lupn:
Code: 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name  
udp        0      0 0.0.0.0:38963           0.0.0.0:*                           827730/openlitespee
udp        0      0 0.0.0.0:7080            0.0.0.0:*                           827723/openlitespee
udp        0      0 0.0.0.0:41049           0.0.0.0:*                           827725/openlitespee
this is the netstat -natp:
Code: 
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827723/openlitespee
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827723/openlitespee
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827723/openlitespee
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827723/openlitespee
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827723/openlitespee
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827723/openlitespee
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827723/openlitespee
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      827723/openlitespee
the 443 port is being used in tcp


updated the httpd_config.conf to enable secure:
Code: 
...
listener Default {
  address                 *:443
  secure                  1
  keyFile                 /home/oper/compiralabs_certs/compiralabs.key
  certFile                /home/oper/compiralabs_certs/fbfda24f235b14b9.crt
  certChain               1
  CACertFile              /home/oper/compiralabs_certs/gd_bundle-g2-g1.crt
  enableSpdy              8
  enableQuic              1

  module modreqparser {

    ls_enabled            1
  }

  module uploadprogress {

    ls_enabled            1
  }
  map                     Example lsquic.compiralabs.com
}
...
and got my listener netstat -lupn:
Code: 
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name   
udp        0      0 0.0.0.0:7080            0.0.0.0:*                           829850/openlitespee
udp        0      0 0.0.0.0:40341           0.0.0.0:*                           829855/openlitespee
udp        0      0 127.0.0.53:53           0.0.0.0:*                           1211/systemd-resolv
udp        0      0 10.0.0.50:68            0.0.0.0:*                           1208/systemd-networ
udp        0      0 0.0.0.0:443             0.0.0.0:*                           829850/openlitespee
udp        0      0 0.0.0.0:443             0.0.0.0:*                           829850/openlitespee
udp        0      0 0.0.0.0:443             0.0.0.0:*                           829850/openlitespee
udp        0      0 0.0.0.0:443             0.0.0.0:*                           829850/openlitespee
udp        0      0 0.0.0.0:443             0.0.0.0:*                           829850/openlitespee
udp        0      0 0.0.0.0:443             0.0.0.0:*                           829850/openlitespee
udp        0      0 0.0.0.0:443             0.0.0.0:*                           829850/openlitespee
udp        0      0 0.0.0.0:443             0.0.0.0:*                           829850/openlitespee
thanks for the help
 
Last edited:
You must log in or register to reply here.
Top