Pomalé HTTP/3 s Nginx

[darebacik]

Fungujem s reverznym proxy nginx a chcel som vyskusat HTTP/3 (momentalne idem s HTTP/2 a nemam dovod menit). Clovek je vsak zvedavy, tak si nainstaluje nginx s podporou HTTP/3 (nginx 1.25.2). Takze v konfiguraku zrusim http2 a podla toho nastavim HTTP/3.

Avsak funguje to dost zle. Aj ked HTTP/3 funguje (otestovane) a ma byt rychlejsie, tak weby sa nacitaju niekolko nasobne pomalsie ako s http2. Bud to mam nieco zle nastavene, alebo ...
Zatial nechcem riesit configy, ale chcem vediet ci to niekto pouziva a ako to funguje
BTW testoval som tiez caddy, tak tam je to o nieco lepsie, ale tiez nic moc.

[Reklama]

[Zajsoft]

HTTP/2 se nevypina, necha se bezet paralelne(hlavne kvuli nesvepravnym uzivatelum/adminum, co fungujou na obskurdnich verzich/prohlizecich ) na stejnem portu...

Jinak realita z provozu je ze HTTP/2 i HTTP/3 kazde pokrejva cca 40% prave z vyse uvedeneho duvodu.

Klidne nahod konfigy...

[darebacik]

po spusteni nginx som mal v logu (nie error, ale warning)

Kód: [Vybrat]

Sep 07 12:37:59 debian-12-nginx-proxy nginx[815]: nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /etc/nginx/sites-enabled/www.example.com:5co je vlastne toto

Kód: [Vybrat]

    listen 443 ssl http2;
Pre jednu domenu vyzera config nasledovne. Config robi redirect z non www na www + https. Dalej su obsahom ssl cert a HTTP hlavicky.

Kód: [Vybrat]

server {
    server_name example.com;
    return 301 http://www.example.com$request_uri;


    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
   
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
    add_header Alt-Svc 'h3=":$server_port"; ma=86400';
}
 
server {
    server_name www.example.com;
 
    location / {
        proxy_pass http://192.168.20.13;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;

    }
    listen 443 quic reuseport; # QUIC
    listen 443 ssl;             # TCP

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
    add_header Alt-Svc 'h3=":$server_port"; ma=86400';
}

server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name example.com;
    return 404; # managed by Certbot


}
 
server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name www.example.com;
    return 404; # managed by Certbot


}

[ETNyx]

Google není kamarád? Pokud se nepletu tak přesto, že už je součásti balíku, tak to je furt experimentální vlastnost. Tak se asi není čemu divit. Sám jsem to zkoušel se starší verzí a pomalejší to bylo. Tady někdo testoval tu 1.25 a zřejmně v závyslosti na podmínkách to někdy rychlejší bylo jindy ne,.. https://kiwee.eu/blog/http-3-how-it-performs-compared-to-http-2/

[Zajsoft]

Krapet nestiham, snad nekdy odpoledne...
Kazdopadne, v 1.25 uz to je zarazeny normalne a sam to pouzivam ve stejnym setupu, za NGIXem sedi Apache...
Ale bacha treba v distribucnich balikach Ubuntu, to zapnuty jeste neni a ani to vtipne nehazi chyby...
Takze pouzivam primo Mainline balicky od F5.

[Reklama]

[darebacik]

Moje povodne configy, ktore pouzivam s http2 vyzeraju takto a vsetko fungovalo vyborne.

Kód: [Vybrat]

server {
    server_name example.com;
    return 301 http://www.example.com$request_uri;

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
}
 
server {
    server_name www.example.com;
 
    location / {
        proxy_pass http://192.168.20.13;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    listen 443 ssl http2; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
}

server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name example.com;
    return 404; # managed by Certbot


}
 
server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name www.example.com;
    return 404; # managed by Certbot


}

Pre SSL pouzivam certbot, takze tam kde sa nachadza # managed by Certbot, tak automaticky bolo doplnene certbotom.
Presiel som na nginx s podporou HTTP/3 a configy som nechal take ako su. po reloade to na mna kricalo, ze http direktiva je zastarala, ale vsetko fungovalo, Takze v kazdom configu som to opravil z

Kód: [Vybrat]

listen 443 ssl http2; na

Kód: [Vybrat]

listen 443 ssl;
http2 on;
Dalej som do druheho server bloku pridal dalsie 2 direktivy

Kód: [Vybrat]

listen 443 quic reuseport;
add_header Alt-Svc 'h3=":$server_port"; ma=86400';Ocheckoval som syntax a reloadol som nginx.

Kód: [Vybrat]

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Super, vsetko funguje vratane HTTP/3 a ide to celkom rychlo. Tolko stastia som nemal, uz ani nepamatam kedy 
Akurat, ked idem preverit HTTP/3 na http3check tak pochopitelne to funguje len na www.example.com a nie na example.com. To preto, lebo tato  direktiva

Kód: [Vybrat]

listen 443 quic reuseport;moze byt pouzita v celom konfiguraku iba raz. Uvadza sa to aj tu, co poslal kolega link
Konfig s HTTP/3 vyzera teraz takto

Kód: [Vybrat]

server {
    server_name example.com;
    return 301 http://www.example.com$request_uri;

    listen 443 ssl; # managed by Certbot
    http2 on;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
}
 
server {
    server_name www.example.com;
 
    location / {
        proxy_pass http://192.168.20.13;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    listen 443 ssl; # managed by Certbot
    http2 on;
    listen 443 quic reuseport;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    add_header Referrer-Policy                      "no-referrer"   always;
    add_header X-Content-Type-Options               "nosniff"       always;
    add_header X-Download-Options                   "noopen"        always;
    add_header X-Frame-Options                      "SAMEORIGIN"    always;
    add_header X-Permitted-Cross-Domain-Policies    "none"          always;
    add_header X-Robots-Tag                         "none"          always;
    add_header X-XSS-Protection                     "1; mode=block" always;
    add_header Content-Security-Policy "default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';" always;
    add_header Permissions-Policy "geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()";
    add_header Alt-Svc 'h3=":$server_port"; ma=86400';

}

server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name example.com;
    return 404; # managed by Certbot


}
 
server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name www.example.com;
    return 404; # managed by Certbot


}
Myslel som si, ze pre kazdu domenu (mam ich viac) spravim podobny config. Ale ako uz je spomenute, tak listen 443 quic reuseport; moze byt v nginx pouzity iba raz. Ak sa pouzije aj v druhom configu, tak:

Kód: [Vybrat]

nginx: [emerg] duplicate listen options for 0.0.0.0:443 in /etc/nginx/sites-enabled/www.example.com:38
nginx: configuration file /etc/nginx/nginx.conf test failed

OK. Nechal som ho len v konfigu pre jednu domenu a v druhej som pridal len hlavicku co informuje browser, ze sa jedna o HTTP/3 add_header Alt-Svc 'h3=":$server_port"; ma=86400';. Preveril som aj druhu domenu na http3check a skutocne som dostal vysledok

QUIC is supported
HTTP/3 is supported

Avsak browser (napr. Mozilla) cez vyvojarsku konzolu stale tvrdi, ze to funguje na HTTP2

Kód: [Vybrat]

HTTP/2 200 OK
server: nginx/1.25.2
date: Fri, 15 Sep 2023 07:11:32 GMT
content-type: text/html; charset=UTF-8
content-length: 11005
link: <https://www.example.com/wp-json/>; rel="https://api.w.org/", <https://www.example.com/wp-json/wp/v2/pages/7>; rel="alternate"; type="application/json", <https://www.eample.com/>; rel=shortlink
vary: Accept-Encoding
content-encoding: gzip
strict-transport-security: max-age=31536000; includeSubDomains
referrer-policy: no-referrer
x-content-type-options: nosniff
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-robots-tag: none
x-xss-protection: 1; mode=block
content-security-policy: default-src 'self' https: data: 'unsafe-inline' 'unsafe-eval';
permissions-policy: geolocation=(),midi=(),sync-xhr=(),microphone=(),camera=(),magnetometer=(),gyroscope=(),fullscreen=(self),payment=()
alt-svc: h3=":443"; ma=86400
X-Firefox-Spdy: h2
Zatial som sa dalej nedostal.

[Zajsoft]

Stale mam hroznej blazinec...
Nicmene, ono hlavni pruser je, ze tyhle testery(a ruzny SW/knihovny) jeste nemaj opravenou detekci, ze ma stacit jen
add_header Alt-Svc '"h3=":$server_port"; ma=2592000; persist=1"' a ceka specificky starsi verze/drafty.
Takze aktualne tam kvuli tomu mam takovejhle blazinec(diky cemu je zbytecne/nesmyslne ta hlavicka velka...)

add_header Alt-Svc 'h2=":$server_port"; ma=2592000; persist=1, h2c=":$server_port"; ma=2592000; persist=1, h3=":$server_port"; ma=2592000; persist=1, h3-23=":$server_port"; ma=2592000; persist=1, h3-25=":$server_port"; ma=2592000; persist=1, h3-27=":$server_port"; ma=2592000; persist=1, h3-29=":$server_port"; ma=2592000; persist=1, h3-32=":$server_port"; ma=2592000; persist=1, h3-34=":$server_port"; ma=2592000; persist=1, h3-Q043=":$server_port"; ma=2592000; persist=1, h3-Q046=":$server_port"; ma=2592000; persist=1, h3-Q050=":$server_port"; ma=2592000; persist=1, quic=":$server_port"; ma=2592000; persist=1; v="50,46,43"';

Do utery sem mimo civilizaci, pak se snad konecne dostanu k tomu, abych v klidu ty konfigy prosel, nebo Ti sem hodim svoje(ted bohuzel nemam cas je ani projit, natoz je ocistit/etc...).

[Zajsoft]

Tak se mi nakonec ted neco odlozilo, takze v rychlosti:

Kód: [Vybrat]

/etc/nginx/conf.d/99-front_proxy.conf:

server {
        server_name example.com;

        listen 80 reuseport;
        listen [::]:80 reuseport;
}

server {
        server_name example.com;

        ssl_certificate   /etc/letsencrypt/live/$ssl_server_name/fullchain.pem;
        ssl_certificate_key  /etc/letsencrypt/live/$ssl_server_name/privkey.pem;

        # Enable HTTP/2 (optional).
        listen 443 ssl reuseport;
        listen [::]:443 ssl reuseport;

        # Enable HTTP/3.
        listen     443 quic reuseport;
        listen     [::]:443 quic reuseport;

        http2 on;
        http3 on;
        ssl_early_data on;
        ssl_session_tickets on;

        # HSTS (ngx_http_headers_module is required) (63072000 seconds)
        add_header Strict-Transport-Security 'max-age=63072000; includeSubDomains; preload' always;

        # Add Alt-Svc header to negotiate HTTP/3.
        # required for browsers to direct them to quic port
        add_header Alt-Svc 'h2=":$server_port"; ma=2592000; persist=1, h2c=":$server_port"; ma=2592000; persist=1, h3=":$server_port"; ma=2592000; persist=1, h3-23=":$server_port"; ma=2592000; persist=1, h3-25=":$server_port"; ma=2592000; persist=1, h3-27=":$server_port"; ma=2592000; persist=1, h3-29=":$server_port"; ma=2592000; persist=1, h3-32=":$server_port"; ma=2592000; persist=1, h3-34=":$server_port"; ma=2592000; persist=1, h3-Q043=":$server_port"; ma=2592000; persist=1, h3-Q046=":$server_port"; ma=2592000; persist=1, h3-Q050=":$server_port"; ma=2592000; persist=1, quic=":$server_port"; ma=2592000; persist=1; v="50,46,43"'; # Advertise that QUIC is available
        #access_log  /var/log/nginx/host.access.log  main;

        location / {
                proxy_ssl_session_reuse on;
                proxy_http_version 1.1;
                proxy_cache_bypass $http_upgrade;
                proxy_ssl_server_name on;
                proxy_set_header  'Connection' '';
#               proxy_set_header Upgrade $http_upgrade;
#               proxy_set_header Connection 'upgrade';
##              proxy_hide_header Connection;
                proxy_hide_header Upgrade;

                proxy_read_timeout 150;
                proxy_connect_timeout 150;
                proxy_send_timeout 150;

                proxy_socket_keepalive on;

                proxy_pass http://localhost:6666/;
                include proxy_params;
        }

        ## Tune Nginx buffers #
        ## proxy_busy_buffers_size   512k;
        ## proxy_buffers   4 512k;
        ## proxy_buffer_size   256k;
        ## proxy_busy_buffers_size   512k;
        proxy_buffers   256 32k;
        proxy_buffer_size   32k;

}


/etc/nginx/conf.d/my_env

        # Enable all TLS versions (TLSv1.3 is required for QUIC).

        ssl_session_timeout 1d;
        ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions

        ssl_early_data on;
#       ssl_session_tickets off;
        ssl_session_tickets on;

        ssl_dhparam /etc/ssl/certs/dhparam.pem;

GCM-SHA384:DHE-RSA-CHACHA20-POLY1305;
        ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:!CBC;

        # OCSP stapling
        ssl_stapling on;
        ssl_stapling_verify on;

        resolver localhost;



/etc/nginx/proxy_params:
#proxy_set_header Host $http_host;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

proxy_set_header X-Forwarded-Host  $host;
proxy_set_header X-Forwarded-Port  $server_port;


set_real_ip_from 127.0.0.1;
set_real_ip_from ::1;
real_ip_header X-Real-IP;
real_ip_recursive off;

A bacha, pokud by jsi za tim mel Apache, tak mod_rpaf uz nepremava... Misto tohou pouzit mod_remoteip

Edit admin: Prosím zavírejte dlouhé výpisy do tagu code.

[darebacik]

Ja som ten moj config (este pre http2) riesil tak, ze vzdy sa robi redirect s non www na www a z http na https. Ked pozres vyssie, tak nejako som sa dokopal k vysledku, ale funguje to len s jednou domenou (jednym configom). Do dalsieho uz nemozem pouzit directivu

Kód: [Vybrat]

listen 443 quic reuseport;
Tvoj config som zatial neskusal, lebo je to len pre jednu domenu, bez redirectu.

[Zajsoft]

Ano, posilal jsem jen to podstatne, pro odpichnuti, ne, ze Ti budu vyrabet a debugovat konfig na miru.
Coz samozrejme muzu, ale pak je to bud placena zakazka, nebo konzultace, ze... :-D

Pripadne jeste poradim treba jeste nastroj h2spec

[darebacik]

Nie som profik ani ziadny IT pracovnik. S takymito srandickami sa hrajem vo volnom case a len pre vlastnu potrebu. Nasiel som riesenie na stackoverflow a funguje zatial OK. Dolezite je pouzit smernicu listen 443 quic reuseport; len raz a v dalsich server blokoch

Kód: [Vybrat]

listen 443 ssl;
listen 443 quic;Podla navodu som pridal aj hlavicky

Kód: [Vybrat]

    add_header Alt-Svc 'h3=":$server_port"; ma=86400';
    add_header x-quic 'h3';
    add_header Alt-Svc 'h3-29=":$server_port"';Ja mam kazdu domenu umiestnenu v samostatnom config file. Cize smernica listen 443 quic reuseport; moze byt pouzita len v jednom config file.

Netvrdim, ze moje riesenie je spravne, ale z uzivatelskej strany to funguje OK (otestovane na dvoch domenach).
Zatial dakujem za nakopnutia.

[darebacik]

Este by som mal k HTTP/3 jednu drobnu poznamku. HTTP/3 oproti HTTP/2 resp. 1.1 ma byt omnoho rychlejsie (uzivatel to stejne nezisti, lebo sa jedna o milisekundy), pretoze to bezi cez UDP a nie TCP.
Pozrel som si teda napr. web google.com, alebo facebook.com, ktore bezia tiez cez HTTP/3. Asi som sa zle domnieval, ze HTTP/3 bezi od prveho GETu, ale nie je to tak.
Uzivatel weboveho prehliadaca takmer nikdy nezada do url 

Kód: [Vybrat]

https://www.google.comMozno sa najde niekto, kto zadava do url

Kód: [Vybrat]

www.google.comale najcastejsie uzivatel zadava

Kód: [Vybrat]

google.com
Takze v mozile si vycistim historiu, cache a do url pisem google.com. Pred tym si vsak cez F12 otvorim dev. konzolu a zistujem, ze prvy GET odpovedal nesifrovane s HTTP/1.1 (vid prilozene obrazky). To je jasne, pretoze pred to co som napisal sa doplni http://.
Druhy GET je totez, ale na servery maju spraveny redirect na www, cize za http:// sa doplni www.
Treti GET presmeruje uz na sifrovany https a to uz bezi na HTTP/2.
Stvrty GET uz potom funguje normalne na HTTP/3.

Ak by uzivatel do url vzdy pisal

Kód: [Vybrat]

https://www.google.comTak by usetril 2 presmerovania na www a https a dalsi GET by uz fungoval s HTTP/3
Ak nie je nastaveny browser tak, ze po ukonceni si maze cache atd. tak dalsie otvorenie browsera a zadanie google.com do url uz bezi vzdy s HTTP/3.

Mne to teraz funguje podobne ako na google, preto som mal obavu ci je to v poriadku. Skusal som tiez caddy a tam to funguje tak isto.

Akurat som menej stastny s tychto cisel na http3check, ale s tym asi nic nenarobim

Kód: [Vybrat]

CONNECTION ID PACKET RX HANDSHAKE DONE
8A2D393C9E... 108.332         343.382
D660B73AE9... 107.781         218.93