How to enable QUIC on LiteSpeed Web Server

QUIC (or, Quick UDP Internet Connection) is an experimental protocol initially developed by Google in 2012, and announced publicly the following year. QUIC is a good choice for those looking to reduce connection-establishment time and improve congestion control. Since version 5.2, LiteSpeed provides the first production-grade mass-market QUIC implementation available for the public. If you want to serve your web content using the QUIC protocol, LiteSpeed is the solution.

The followings explain the requirements and steps to enable QUIC on LSWS.

Enabling QUIC is easy

To enable QUIC, there is no configuration change in LSWS. For control panel, QUIC is turned on by default for Apache HTTPS vhosts.

All user need to do is open UDP port 443.

  • HTTPS with trusted cert,
  • UDP port 443 open at the firewall.

Firewall Configuration

QUIC itself should auto listen on 443 on UDP. The only thing you should do is to open it in any firewall they may be running.

QUIC (Quick UDP Internet Connections) runs a stream-multiplexing protocol over Transport Layer Security (TLS) on top of UDP instead of TCP. Be sure you've enabled the port with both TCP and UDP.

Most of the time, tcp 443 should have been enabled. You will need to identify which firewall is running, such as firewalld, iptables, csf, or even any external firewalls.

You can quickly check to make sure it is listening by running

netstat -lupn | grep 443

How to verify QUIC is enabled

  • Check header:
    alt-svc:quic=":443"; v="35,37", or "http/2+quic/37"
  • Check quic connections:
    chrome://net-internals/#quic
  • There’s a Chrome extension which will allow you to see the protocols being used on any website. Install HTTP/2 and SPDY indicator, and you will see a lightning bolt in the Chrome toolbar. Blue indicates HTTP/2 is enabled. Green indicates HTTP/2 + QUIC. Hover over the lightning bolt to see a more detailed list of protocols in action. Tip: You should see the QUIC indicator on dynamic pages with a regular refresh. If not, press CTRL + SHIFT + R to request a fresh copy of the page.  600

Understanding QUIC

Requirements

  • Must have QUIC enabled in GUI/conf
  • Must use either Chrome or Opera with QUIC enabled
  • Must not use self-signed certificates only trusted certificates will work
  • Must have UDP Port 443 open at firewall
  • QUIC will not work with a proxy front end like CloudFlare
  • QUIC will only apply to https, not http
  • QUIC can be enabled at the server level, listener level or virtual host level

Understanding the Priority of the Settings

QUIC can be enabled or disabled at three different levels. It's important to understand how these settings affect each other.
If QUIC is not explicitly turned off at any level, then priority for enabling QUIC is given at the most specific level: Virtual Host, then Listener, then Server.
If QUIC is explicity turned off at any level, then none of the more specific levels may turn it on. In other words, if QUIC is turned off at the Server level, then it cannot be turned on at the Listener level or at the Virtual Host level.

Put another way:

For a particular Virtual Host, QUIC will be ON if:

  • Virtual Host Level = ON or is not set AND
  • Listener Level = ON or is not set AND
  • Server Level = ON or is not set.

For a particular Virtual Host, QUIC will be OFF if:

  • Virtual Host Level = OFF OR
  • Listener Level = OFF OR
  • Server Level = OFF.

Here is an example setup:

QUIC Directives

 
litespeed_wiki/config/enable_quic.txt · Last modified: 2017/08/23 20:13 by Jackson Zhang