search

cloudflare / quiche

🥧 Savoury implementation of the QUIC transport protocol and HTTP/3
https://docs.quic.tech/quiche/
BSD 2-Clause "Simplified" License
9.41k stars 709 forks source link

VHost Problem #974

Open ismkdc opened 3 years ago

ismkdc commented 3 years ago

hello i am trying to use http3 with multiple vohst but nginx errors nginx: [emerg] duplicate listen options for 0.0.0.0:443 in /etc/nginx/nginx.conf:110 so i cannot reuseport directive with multiple times. How i can use http3 with multiple vhost?

ljluestc commented 2 hours ago 

# General HTTP/3 setup
http {
    include       mime.types;
    default_type  application/octet-stream;

    # Required for HTTP/3
    ssl_prefer_server_ciphers off;

    # Enable QUIC and HTTP/3
    # Uses BoringSSL API to specify the certificate chain
    ssl_protocols TLSv1.3;
    ssl_certificate /etc/nginx/ssl/cert.pem;
    ssl_certificate_key /etc/nginx/ssl/key.pem;
    ssl_session_cache shared:SSL:10m;

    # Specific settings for QUIC and HTTP/3
    ssl_conf_command Options X25519:P-256;
    ssl_conf_command Ciphersuites TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256;

    # Add Alt-Svc header to negotiate HTTP/3
    add_header Alt-Svc 'h3-29=":443"; ma=86400'; # HTTP/3-29

    # Cache settings
    ssl_session_timeout 1d;
    ssl_session_tickets off;
    ssl_stapling on;
    ssl_stapling_verify on;

    # Buffer settings for HTTP/3
    http3_max_header_size 4k;

    # Enable QUIC for the listener
    listen 443 ssl http2 reuseport; # For HTTP/2
    listen 443 ssl http2 quic;      # For HTTP/3
    listen [::]:443 ssl http2 reuseport; # For IPv6 support with HTTP/2 and HTTP/3
}

# Virtual host 1
server {
    server_name example1.com;

    listen 443 ssl http2; # HTTP/2
    listen 443 ssl http2 quic; # HTTP/3
    listen [::]:443 ssl http2; # IPv6 support

    ssl_certificate /etc/nginx/ssl/example1.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example1.com.key;

    # Root path and index files
    root /var/www/example1.com;
    index index.html;

    # HTTP/3 specific settings for this host
    add_header Alt-Svc 'h3-29=":443"; ma=86400'; # HTTP/3 advertisement

    location / {
        try_files $uri $uri/ =404;
    }
}

# Virtual host 2
server {
    server_name example2.com;

    listen 443 ssl http2; # HTTP/2
    listen 443 ssl http2 quic; # HTTP/3
    listen [::]:443 ssl http2; # IPv6 support

    ssl_certificate /etc/nginx/ssl/example2.com.crt;
    ssl_certificate_key /etc/nginx/ssl/example2.com.key;

    # Root path and index files
    root /var/www/example2.com;
    index index.html;

    # HTTP/3 specific settings for this host
    add_header Alt-Svc 'h3-29=":443"; ma=86400'; # HTTP/3 advertisement

    location / {
        try_files $uri $uri/ =404;
    }
}