Package Details: nginx-quic 1.21.0-3

Git Clone URL: https://aur.archlinux.org/nginx-quic.git (read-only, click to copy)
Package Base: nginx-quic
Description: Lightweight HTTP server and IMAP/POP3 proxy server, HTTP/3 QUIC branch
Upstream URL: https://nginx.org
Keywords: http3 nginx quic webserver
Licenses: custom
Conflicts: nginx
Provides: nginx
Submitter: DasSkelett
Maintainer: DasSkelett
Last Packager: DasSkelett
Votes: 3
Popularity: 0.94
First Submitted: 2020-12-20 02:20
Last Updated: 2021-06-11 11:47

Required by (127)

Sources (4)

Latest Comments

DasSkelett commented on 2021-06-11 12:31

I just switched the package over to the upstream merge of 1.21.0, and also included some newer commits (+ updated boringssl).

It looks like this has fixed whatever was broken previously, QUIC works fine in Firefox and Chrome again!

Important breaking change: the $http3 variable has been removed. If you used it in the Alt-Svc header or logging, you need to replace it with h3-29or even just h3. Keep in mind that Firefox 89 does not yet recognize the final h3= in the Alt-Svc header (will be enabled in Firefox 90), so you need to keep h3-29= around for now. Example:

add_header Alt-Svc 'h3=":443"; ma=86400, h3-29=":443"; ma=86400';

DasSkelett commented on 2021-05-26 10:23

Updated to 1.21.0-ish, which contains some exciting QUIC changes (connection migration), and also a fix for CVE-2021-23017 (resolver 1-byte memory overwrite).

You may encounter issues building with GCC 11, I'm looking for ways to fix this. In theory it's just a new warning, but unfortunately boringssl forces -Werror in their CMakeLists.txt. If someone has an idea or the necessary CMake knowledge to circumvent this without writing a custom patch, I'd be glad for some advice.

Edit: I think I was able to find an acceptable fix, please let me know if it still doesn't work.

Edit 2: While compilation works fine, nginx-quic 1.21.0 seems to be broken when acting as proxy. No idea whether this is caused by plain nginx changes, nginx-quic additions or some incompatibility between them. Will keep an eye on it and update the package if I spot an obvious fix commit. In the mean time you might want to hold off updating to 1.21.0.

jskier commented on 2021-04-25 01:44

Works great now, thanks!

DasSkelett commented on 2021-04-24 19:57

That's interesting. This abi_test.cc unused result... error happens if you build with -D_FORTIFY_SOURCE, which turns some minor code quality issues into errors (in this case it's return values of Boringssl test functions called being ignored, which probably isn't a big deal).

The PKGBUILD contains a line to overwrite -D_FORTIFY_SOURCE with 0 if it's set in the $CPPFLAGS environment variable. But testing shows that setting it in $CXXFLAGS makes the compilation fail as well.

While I bumped the Boringssl commit as well with the nginx 1.20 update, I don't think it caused it, since I had the problem before. I suspect your build environment changed (something has added -D_FORTIFY_SOURCE to the $CXXFLAGS), which causes the build to fail now. In any case, I'm about to push fix to also clear the option from $CXXFLAGS like it already happens with $CPPFLAGS.

Edit: pushed the fix, please try again, it should work for you as well now.

Further edit: Looks like pacman got an update that changed some build flags, including moving -D_FORTIFY_SOURCE to $CFLAGS and making $CXXFLAGS a copy of $CFLAGS. So that's what changed.
- https://github.com/archlinux/svntogit-packages/commit/a790c389cb0fd2ddd35e1f581ee337f6891801fc
- https://gitlab.archlinux.org/archlinux/rfcs/-/blob/master/rfcs/0003-buildflags.rst#specification

jskier commented on 2021-04-24 19:11

With the bump to 1.20, I get this with boringssl compile: /tmp/nginx-quic/src/boringssl/crypto/test/abi_test.cc: In function ‘void abi_test::internal::FatalError(Args ...) [with Args = {const char*}]’:

DasSkelett commented on 2021-04-15 15:53

Upstream hasn't merged the 1.19.10 updates into the nginx-quic branch yet, so I've added a prepare() to do this "manually" (well, still automated) before the build. Fortunately there weren't any merge conflicts.

Worked like a charm in my testing, nginx compiles, runs and responds to QUIC traffic successfully, but please report any build issues you encounter.

As soon as upstream updates the nginx-quic branch to include the 1.19.10 patches I'll revert this change and switch the revision pointer to their merge commit again.

Edit: This happened now, so I switched the PKGBUILD to the upstream merge again. It's pointing to revision 47a43b011dec which adds support for the new keepalive_time of 1.19.10 to QUIC connections.