1. 首页
  2. 问答
  3. [alibaba/tengine]quic端口无法访问,tengine启动有报错

[alibaba/tengine]quic端口无法访问,tengine启动有报错

2024-05-15 201 views
3
Question

启动有报错提示,quic端口无法访问,提示超时,错误日志是debug: 2023/12/06 09:48:23 [notice] 37819#0: signal process started 2023/12/06 09:48:23 [emerg] 37827#0: |xquic|xqc_engine_create: fail| 2023/12/06 09:48:23 [emerg] 37828#0: |xquic|xqc_engine_create: fail| 2023/12/06 09:48:23 [emerg] 37827#0: |xquic|ngx_xquic_process_init|engine_init fail| 2023/12/06 09:48:23 [emerg] 37828#0: |xquic|ngx_xquic_process_init|engine_init fail| 2023/12/06 09:48:23 [alert] 37825#0: worker process 37828 exited with fatal code 2 and cannot be respawned 2023/12/06 09:48:23 [alert] 37825#0: worker process 37827 exited with fatal code 2 and cannot be respawned

tengine信息:

nginx -V
Tengine version: Tengine/3.1.0
nginx version: nginx/1.24.0
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) 
built with OpenSSL 1.1.1h  22 Sep 2020
TLS SNI support enabled
configure arguments: --user=www --group=www --prefix=/data/app/tengine-3.1.0 --with-pcre --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_geoip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --add-module=modules/ngx_http_concat_module --add-module=modules/ngx_http_footer_filter_module --add-module=modules/ngx_http_proxy_connect_module --add-module=modules/ngx_http_reqstat_module --add-module=modules/ngx_http_sysguard_module --add-module=modules/ngx_http_trim_filter_module --add-module=modules/ngx_http_upstream_check_module --add-module=modules/ngx_http_upstream_consistent_hash_module --add-module=modules/ngx_http_upstream_dynamic_module --add-module=modules/ngx_http_upstream_dyups_module --add-module=modules/ngx_http_upstream_session_sticky_module --add-module=modules/ngx_http_upstream_vnswrr_module --add-module=modules/ngx_http_user_agent_module --add-module=modules/ngx_multi_upstream_module --with-jemalloc --with-http_lua_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-http_dav_module --with-luajit-lib=/usr/local/lib/ --with-luajit-inc=/usr/local/include/luajit-2.1/ --with-ld-opt=-Wl,-rpath,/usr/local/lib --add-module=../ngx_brotli --with-http_lua_module --with-cc-opt='-I modules/ngx_http_lua_module/src' --with-xquic-inc=../xquic-1.6.0/include --with-xquic-lib=../xquic-1.6.0/build --add-module=modules/ngx_http_xquic_module --with-openssl=../Tongsuo-8.3.2

配置:

user  root root;
xquic_log   "pipe:rollback /data/app/tengine/logs/tengine-xquic.log baknum=10 maxsize=1G interval=1d adjust=600" info;
http {
    xquic_ssl_certificate /data/app/tengine/ssl/domain.key;
    xquic_ssl_certificate_key /data/app/tengine/ssl/domain.pem;
    xquic_congestion_control bbr;
    xquic_socket_rcvbuf 5242880;
    xquic_socket_sndbuf 5242880;
    xquic_anti_amplification_limit 5;

server {
        listen 80 default_server reuseport backlog=4096;
        listen 443 default_server reuseport backlog=4096 ssl http2;
        listen 443 default_server reuseport backlog=4096 xquic;
        server_name aa.domain.com;

        add_header Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000' always;
        error_log  /data/app/tengine/logs/error-xquic.log debug;
        ssl_certificate /data/app/tengine/ssl/domain.pem;
        ssl_certificate_key /data/app/tengine/ssl/domain.key;
        location / {
          return 200 "quic";
        }
}
server {
        listen 80 ;
        listen 443 ssl http2;
        listen 443 xquic;
        server_name bb.domain.com;

        add_header Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000' always;
        error_log  /data/app/tengine/logs/error-xquic.log debug;
        ssl_certificate /data/app/tengine/ssl/domain.pem;
        ssl_certificate_key /data/app/tengine/ssl/domain.key;

        location / {
          return 200 "quic";
        }
}
}

BobFang2023

回答

4

开启XQUIC

  1. 需要使用root用户 user root;
  2. H3协议默认使用TLS 1.3,使用XQUIC证书指令,配置默认H3证书

参考: https://github.com/alibaba/tengine/blob/master/modules/ngx_http_xquic_module/README.md

image

可以打开debug级别日志,查看具体的报错信息。

你好,我是用root用户跑的,xquic_ssl_certificate和xquic_ssl_certificate_key也在https配置内有配置,debug模式开启了,没有多余其它的报错

user  root root;
worker_processes  auto;
pid       /data/app/tengine/pid/nginx.pid;
events {
    worker_connections  65536;
    use epoll;
}

xquic_log   "pipe:rollback /data/app/tengine/logs/tengine-xquic.log baknum=10 maxsize=1G interval=1d adjust=600" debug;

http {
    ##http3
    xquic_ssl_certificate /data/app/tengine/ssl/域名.key;
    xquic_ssl_certificate_key /data/app/tengine/ssl/域名.pem;
    xquic_congestion_control bbr;
    xquic_socket_rcvbuf 5242880;
    xquic_socket_sndbuf 5242880;
    xquic_anti_amplification_limit 5;

server {
        listen 80 default_server reuseport backlog=4096;
        listen 443 default_server reuseport backlog=4096 ssl http2;
        listen 443 default_server reuseport backlog=4096 xquic;
        server_name aa.域名;

        add_header Alt-Svc 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000' always;

        error_log  /data/app/tengine/logs/error-xquic.log debug;

        ssl_certificate /data/app/tengine/ssl/域名.pem;
        ssl_certificate_key /data/app/tengine/ssl/域名.key;
        ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;

        location / {
          return 444 "quic";
        }
}

}

BobFang2023

6

在配置文件main段 设置 日志指令 error_log

看下具体的报错信息

error_log "pipe:rollback /data/app/tengine/logs/tengine-error.log baknum=10 maxsize=2G interval=1d adjust=600" debug; xquic_log "pipe:rollback /data/app/tengine/logs/tengine-xquic.log baknum=10 maxsize=1G interval=1d adjust=600" info;

image

lianglli

2

在配置文件main段 设置 日志指令 error_log

看下具体的报错信息

error_log "pipe:rollback /data/app/tengine/logs/tengine-error.log baknum=10 maxsize=2G interval=1d adjust=600" debug; xquic_log "pipe:rollback /data/app/tengine/logs/tengine-xquic.log baknum=10 maxsize=1G interval=1d adjust=600" info;

image

多谢,通过开启error_log的debug模式找到原因了,是我证书配反了,已解决

BobFang2023

 相关问题