CDN启用QUIC导致网站重定向死循环的问题

起初在腾讯云里面打开了quic的配置，然后测试使用http3访问，回源协议选择：协议跟随

然后使用curl.exe --http3-only https://blog.onbed.cn/amazing/1300 -vv -L 测试访问，提示检测到回环重定向的问题

➜  D:\tools\scoop\apps\curl\8.6.0_7\bin\curl.exe --http3-only https://blog.onbed.cn/amazing/1300 -vv -L
* Host blog.onbed.cn:443 was resolved.
* IPv6: (none)
* IPv4: 36.25.254.124, 60.188.68.249, 61.164.142.164, 36.25.254.9, 60.188.68.175, 183.136.219.238, 60.188.67.110
*   Trying 36.25.254.124:443...
* QUIC cipher selection: TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_CCM_SHA256
*  CAfile: D:\tools\scoop\apps\curl\8.6.0_7\bin\curl-ca-bundle.crt
*  CApath: none
*  subjectAltName: host "blog.onbed.cn" matched cert's "blog.onbed.cn"
* Verified certificate just fine
* Connected to blog.onbed.cn (36.25.254.124) port 443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://blog.onbed.cn/amazing/1300
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: blog.onbed.cn]
* [HTTP/3] [0] [:path: /amazing/1300]
* [HTTP/3] [0] [user-agent: curl/8.6.0]
* [HTTP/3] [0] [accept: */*]
> GET /amazing/1300 HTTP/3
> Host: blog.onbed.cn
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/3 423
< server: SLT-MID
< date: Wed, 27 Mar 2024 07:01:24 GMT
< x-cache-lookup: Return Directly
< x-cache-lookup: Cache Miss
< x-cache-lookup: Cache Miss
< x-cache-lookup: Hit From Inner Cluster
< content-length: 19
< x-nws-log-uuid: 10970234533466028616
< x-cache-lookup: Cache Miss
< strict-transport-security: max-age=1;
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
<
Forward Loop Detect* Connection #0 to host blog.onbed.cn left intact

然后在手机chrome测试，问题依旧

经过分析，怀疑是启用了协议跟随，然后源站不支持h3，源站返回重定向到h2，然后导致来回重定向。

先关掉CDN的协议跟随，然后使用curl测试，发现正常。

可以证明腾讯云CDN的https回源没有使用quic

然后尝试把源站的nginx升级到1.25版本，开启quic服务，CDN开启协议跟随

然后尝试访问，发现又出现了重定向死循环问题。

注释掉https跳转代码，再次访问，发现正常：

# if ($scheme != "https") {
#     return 301 https://$host$request_uri;
# }

可能是由于nginx跳转出现了问题，决定先关闭协议跟随，使用https回源。

发送评论 编辑评论

推荐文章

发送评论编辑评论