-1

Ubuntu 20.04 LSWS 5.4.8

QUIC is working in WebAdmin, but don't work at any Virtual hosts. How can I enable that thing in virtual host on subdomain. UDP ports are opened, Firewall is disabled. Commands outputs: 443 udp listening, ufw status

Any ideas?

gluktd
  • 46
  • 4
  • have you checked https://www.litespeedtech.com/support/wiki/doku.php/litespeed_wiki:config:enable_quic and http3check.net ? – qtwrk Aug 25 '20 at 19:34
  • Thank you for reply. I know this instruction from memory. But let's walk through it together. 1. QUIC enabled on all levels. 2. QUIC enabled in all browsers 3. Cert is from certbot. 4. SSL is configured exactly like on link 5. No firewalls is running. 6. i'm using force redirect from http to https 7. -LSWS 5.4.8 is installed – gluktd Aug 26 '20 at 07:16

1 Answers1

1

QUIC settings

Default QUIC setting is enabled, you really no need to set anything on LSWS for it.

Firewall

To me, that nc -vu command is not enough to verify UDP 443 port unless it will return some information back. I would recommend verify it with tcpdump, e.g.

Run tcpdump on the website's server.

tcpdump -vv udp port 443 -X

Run nc command from any client server.

nc -vu YOUR_DOMAIN 443

and you should see some output on server if there's any UDP port 443 traffic in and out.

Trust Certificate

You will need to setup HTTPS with trusted certificate. Here we can use openssl command to do a quick verify

openssl s_client -connect YOUR_DOMAIN:443

Check if the Verify return code is 0.

If above methods all shows good, please share the output result and site URL so we can check more.

Eric
  • 499
  • 2
  • 10
  • tcpdump is showing, when i do it from the vps at the same hosting company. But doesn't when i do it from outside or my local machine ``` root@vps-34372:~# tcpdump -i eth0 -A -s0 port 443 and udp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes 15:04:38.184588 IP vps-32890.vps-default-host.net.43022 > vps-34372.vps-default-host.net.443: UDP, length 1 E.....@.=.....v..E....... z.X ``` – gluktd Aug 26 '20 at 07:20
  • 1
    From your test result it's sounds like data center or hosting company block the UDP port 443. I would recommend you to contact with hosting company to confirm the environment. – Eric Aug 26 '20 at 08:38
  • 1
    you are definitely right. Hosting company even doesn't know that they are blocking udp on 443. The decision is to move on GCP, that solved a problem completely. – gluktd Aug 26 '20 at 17:45