Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2025-07-09 03:04:57 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

Added sections about self-signed certificates and --origin-to-force-quic-on flag

twdkeule 2017-05-08 13:37:34 +02:00
parent aad4a813bf
commit b0043d4902
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
QUIC.md

@ -8,7 +8,7 @@ Sites that you serve with TLS will be shuttled over the wire with QUIC if the cl
### Client Support
Chrome 52+ supports QUIC without needing a whitelist, but make sure that the [**#enable-quic** flag](chrome://flags/#enable-quic) is set to Enabled. Then just open Chrome to your site and it should be served over QUIC! You can verify this by opening the inspector tools and going to the Security tab. Reload the page and click to view connection details:
Chrome 52+ supports QUIC without needing a whitelist, but make sure that the [**#enable-quic** flag](chrome://flags/#enable-quic) is set to Enabled (you can also use the command-line flag `--enable-quic`). Then just open Chrome to your site and it should be served over QUIC! You can verify this by opening the inspector tools and going to the Security tab. Reload the page and click to view connection details:
![](https://i.imgur.com/0i00b0h.png)
@ -29,12 +29,15 @@ $ /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome \
QUIC is reliable transport for TLS+HTTP based on UDP. It accelerates TLS handshakes to just 1 round trip, avoids TCP slow start, and offers reliability when switching networks. Sites load faster and more reliably with QUIC!
However the initial connection will still happen over TCP untill the first HTTP response is received by the client after which it knows it can switch to QUIC. To force an initial connection over QUIC (and to profit from the faster connection setup), Chrome has to be started with the `--origin-to-force-quic-on=<host>:<port>` option.
### Troubleshooting
First, make sure your domain name is properly set in your Caddyfile and the command to launch Chrome _in all places_.
Next, your site must use a real, trusted certificate (at least, that's the case at time of writing).
Next, your site must use a trusted certificate as QUIC requires encryption.
You can create a CA yourself an add it to your CA-database. When using this self-signed certificate, it must contain a hostname with top-level domain, eg. `foo.bar`, for Chromium to correctly send a QUIC ClientHello message. For testing over localhost you can add an entry to /etc/hosts.
If that's all good and if you're even just a little bit savvy with Go, then you could add `import "github.com/lucas-clemente/quic-go/utils"` and call `utils.SetLogLevel(utils.LogLevelDebug)` somewhere in Caddy's main() function. That will provide very detailed output. (Note that this log utility is not meant to be a public API.)