-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
QUIC-only Mode #1614
Comments
🤔 What exactly do you mean by "QUIC-only"? Is that different from using |
By that I mean an option for Caddy to accept connections only over QUIC (only listen on UDP?), leaving the TCP port open for another server to listen on. |
Oh. No, there's no way to do that with Caddy. It's extremely niche, and severely limits the kinds of clients that can connect. Why do you need this? |
I'd like to experiment with QUIC while keeping nginx for handling other connections since Caddy's cipher suites don't support some legacy clients that I need. Previously, I tested with quic-reverse-proxy, which had a flag (-quic_only) that changed it into only handling QUIC connections. I know that it's a niche feature request, but perhaps it could still be sane to add in, because I'm guessing that it wouldn't require too much code change. |
Hmm... so, I am not really inclined to implement this (doesn't seem generally useful) -- I would recommend just testing on a separate machine or a different port. Thanks for your request though! |
You can use --origin-to-force-quic-on=: in Chrome to force QUIC on the client. |
I'm aware of that flag, but I'm trying to force QUIC on the server, as opposed to the client side. |
I've found a way to split TCP/UDP traffic incoming on port 443 with iptables NAT, but if anybody knows of a better method, please do let me know. |
@injust How did you manage to split the traffic, so you can do QUIC-only with Caddy? I know the time passed since this answer but can you still explain how to do it or did you find another, better solution, yet? |
Use ufw to block the TCP port and only keep udp open? |
@henrocker Here is a series of iptables rules that will split the traffic:
TCP traffic on port 443 is redirected to 60443 (or any other port you prefer), and UDP traffic remains untouched. Have Caddy listen to https://domain.tld as usual, and have nginx listen to the high port to handle the TCP traffic. |
This would be indeed a good feature for those people who would like to use caddy only for quic on 443/udp but another webserver on 443/tcp. I personally run caddy in a container which then only 443/udp is forwarded to. |
I deploy my services in Docker, and this problem could be solved naturally. nginx:
ports:
- '443:443'
caddy:
ports:
- '443:443/udp' |
+1 docker is good solution but I'm not using docker. :( firewall require root and may need edit kernel setting. |
Implemented in #4707. HTTP/3 can be enabled exclusive to other HTTP versions. |
I tried with My Caddyfile is something like this:
Here is the caddy log output when I run
By the way, I'm using caddy 2.6.2. |
@ha-ku What logs show if you turn on debug mode (add I know this works, at least it did in my testing. So I'm curious what's different in your case. |
Logs go like this with
|
I think that's because even though HTTP/3 is being served exclusively, it still binds to TCP first before wrapping the listener. Can you open a new issue to request that feature (UDP-only)? |
OK, I'll do it. |
Thank you! |
I'd like to play with Caddy's QUIC feature while maintaining my current nginx setup.
Would it be possible to implement a QUIC-only mode that could be enabled by command-line option?
The text was updated successfully, but these errors were encountered: