I tried to test outside of Docker, but I encountered the same problem. ``` curl --http3-only https://0.0.0.0:443 -k -v * Trying 0.0.0.0:443... * ipv4 connect timeout after 300000ms, move on! * Failed to connect to 0.0.0.0 port 443 after 300357 ms: Timeout was reached * Closing connection 0 curl: (28) Failed to connect to 0.0.0.0 port 443 after 300357 ms: Timeout was reached ``` ``` curl --http3 https://0.0.0.0:443 -k -v * Trying 0.0.0.0:443... * Trying 0.0.0.0:443... * Connected to 0.0.0.0 (127.0.0.1) port 443 (#0) * ALPN: offers http/1.1 * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8): * TLSv1.3 (IN), TLS handshake, Certificate (11): * TLSv1.3 (IN), TLS handshake, CERT verify (15): * TLSv1.3 (IN), TLS handshake, Finished (20): * TLSv1.3 (OUT), TLS handshake, Finished (20): * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN: server did not agree on a protocol. Uses default. * Server certificate: * subject: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd * start date: Feb 22 12:12:22 2023 GMT * expire date: Feb 22 12:12:22 2024 GMT * issuer: C=AU; ST=Some-State; O=Internet Widgits Pty Ltd * SSL certificate verify result: self signed certificate (18), continuing anyway. * using HTTP/1.x > GET / HTTP/1.1 > Host: 0.0.0.0 > User-Agent: curl/8.0.0-DEV > Accept: */* > * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * TLSv1.3 (IN), TLS handshake, Newsession Ticket (4): * old SSL session ID is stale, removing * HTTP 1.0, assume close after body < HTTP/1.0 200 OK < server: SimpleHTTP/0.6 Python/3.7.8 < date: Fri, 24 Feb 2023 08:39:47 GMT < content-type: text/html; charset=utf-8 < content-length: 5041 < alt-svc: h3=":443";ma=2592000; * HTTP/1.0 connection set to keep alive < connection: keep-alive ``` Does the output ALPN: offers http/1.1 indicate that haproxy HTTP/3 is not enabled?
Willy Tarreau <w...@1wt.eu> 于2023年2月24日周五 16:25写道: > On Fri, Feb 24, 2023 at 04:22:14PM +0800, AiDai wrote: > > Thanks, but it doesn't work. > > ``` > > curl https://0.0.0.0:443 -k -v --http3-only > > * Trying 0.0.0.0:443... > > * ipv4 connect timeout after 300000ms, move on! > > * Failed to connect to 0.0.0.0 port 443 after 300905 ms: Timeout was > reached > > * Closing connection 0 > > curl: (28) Failed to connect to 0.0.0.0 port 443 after 300905 ms: Timeout > > was reached. > > ``` > > However, I no longer receive a "connection to 0.0.0.0:443 refused" > error. I > > suspect that there may be additional settings that need to be configured. > > Maybe. You should really test outside of docker. Docker conversion should > only be the final step of any test, once everything is proven to work fine, > because otherwise it's undebuggable and complicates troubleshooting like > crazy as you can see here :-/ > > Willy >