Open pdiaz opened 4 years ago
@pdiaz we use the openresty distribution so this feature requires support from that project first. Someone already asked a similar question here https://github.com/openresty/openresty/issues/556
The controller is currently build using openresty but seems that everything is contained on this repository. A first step would be to build nginx with the Cloudflare patch...
https://github.com/kubernetes/ingress-nginx/blob/master/images/nginx/rootfs/build.sh#L444
No, sorry. This must be present in openresty firsts. We cannot add this feature without the QA process they have to ensure nothing breaks.
That said, you can fork the repository and build and maintain the feature in your fork.
Sure I can fork it. It's also better to collaborate with other people instead of trying to make all this on my own. Is anyone interested in joining forces?
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle stale
Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten
.
Rotten issues close after an additional 30d of inactivity.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /lifecycle rotten
Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen
.
Mark the issue as fresh with /remove-lifecycle rotten
.
Send feedback to sig-testing, kubernetes/test-infra and/or fejta. /close
@fejta-bot: Closing this issue.
So no http3 support?
/reopen
@sim1: You can't reopen an issue/PR unless you authored it or you are a collaborator.
/reopen
@pdiaz: Reopened this issue.
/remove-lifecycle rotten
When can we expect HTTP3 to be supported? Is there any changes in configuration that will need to be made, or will it simply require upgrading versions?
I am also looking for HTTP3 support in openresty. Is it supported yet ?
/kind feature
Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale
.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close
.
Send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale
/remove-lifecycle stale
/remove-lifecycle stale
we have just upgraded to nginx 1.20.1 and from here https://quic.nginx.org/README it looks that HTTP/3 is still experimental so not until there is a stable release will we be implementing HTTP/3.
/priority important-longterm /triage accepted /lifecycle active
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.
This bot triages issues and PRs according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
/remove-lifecycle stale
Any new progress?
HTTP/3 has some issues with SSL implementations it's why difficult to add it into NGINX. Basically, the responsibility between SSL lib and HTTP server became is dramatically different because we should support UDP protocol QUIC.
/lifecycle frozen
How do you think this issue will be resolved across webservers as a whole, it sounds like it might be a problem for software other than NGINX that does a similar thing (e.g. Apache) if I'm understanding correctly?
TL;DR Please let me know what/where I can file my upvotes so that I can cover up my website's performance woes with the new, faster protocol
Now that rfc9114 is published as a proposed standard theoretically webserver devs will probably be working on making this no longer experimental. Looks like traefik has it in experimental state for use with their ingress now, not that it helps ingress-nginx users.
Looks like it saw quite a bit of iteration but not merged / released yet unless I'm reading that wrong. https://hg.nginx.org/nginx-quic/graph/tip
We are in the middle of a stabilization project, working reducing chess, making release faster and prepping for the gateway api. Right now an experimental is counterintuitive to that.
We support it eventually but right it is not a priority.
Expect to support http3.0 as soon as possible 2022年08月19日 星期五 14时53分28秒 -0.422328 秒
什么时候支持HTTP3.0呢 traefik已经支持HTTP3.0了
When will HTTP3.0 be supported? Traefik has already supported HTTP3.0.
For all the people that ask, wenn HTTP/3 is available:
Subscribe
Once merged and released on Openresty, come back.
nginx-1.25.0 已经支持http3.0. nginx-ingress 什么时候支持呢
There is a new PR to upgrade OpenResty core to NGINX v1.25+. https://github.com/openresty/openresty/pull/920
PR landed! 🎉 - https://github.com/openresty/openresty/pull/920
What work remains to be done? Perhaps others could contribute the implementation (:
any progress?
https://github.com/kubernetes/ingress-nginx/pull/10668
Upgraded NGINX to v1.25.3
The current 1.10.0 release doesn’t seem to include http3 support:
nginx version: nginx/1.25.3
built by gcc 13.2.1 20231014 (Alpine 13.2.1_git20231014)
built with OpenSSL 3.1.4 24 Oct 2023
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --conf-path=/etc/nginx/nginx.conf --modules-path=/etc/nginx/modules --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_gzip_static_module --with-http_sub_module --with-http_v2_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_ssl_preread_module --with-threads --with-http_secure_link_module --with-http_gunzip_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wno-deprecated-declarations -fno-strict-aliasing -D_FORTIFY_SOURCE=2 --param=ssp-buffer-size=4 -DTCP_FASTOPEN=23 -fPIC -Wno-cast-function-type' --with-ld-opt='-fPIE -fPIC -pie -Wl,-z,relro -Wl,-z,now' --user=www-data --group=www-data --add-module=/tmp/build/ngx_devel_kit --add-module=/tmp/build/set-misc-nginx-module --add-module=/tmp/build/headers-more-nginx-module --add-module=/tmp/build/ngx_http_substitutions_filter_module --add-module=/tmp/build/lua-nginx-module --add-module=/tmp/build/stream-lua-nginx-module --add-module=/tmp/build/lua-upstream-nginx-module --add-dynamic-module=/tmp/build/nginx-http-auth-digest --add-dynamic-module=/tmp/build/ModSecurity-nginx --add-dynamic-module=/tmp/build/ngx_http_geoip2_module --add-dynamic-module=/tmp/build/ngx_brotli
Also ngx_http_v3_module
is not in /etc/nginx/modules
. If you try turning on quic you get an error:
2024/02/29 14:59:29 [emerg] 347#347: the "quic" parameter requires ngx_http_v3_module in /etc/nginx/nginx.conf:288
This is probably a good thing, as nginx 1.25.4 fixes some http3-related security CVEs.
Looking forward to Ingress support for HTTP/3.
Recent(-ish) fixes to OpenResty allow it to be built with http3 support. Hopefully that will trickle down to ingress-nginx shortly.
Any new progress ?
Any new progress ?
According to nginx-1.25 readme, we will be close to the goal after the final release of OpenSSL 3.4.0. The OpenSSL final release is currently scheduled for 2024/10/14 according to OpenSSL 3.4.0 Project Schedule. It is worth celebrating that OpenSSL 3.4.0 alpha has been successfully released on schedule. I believe HTTP/3 will be usable in about one or two months.
Several companies are working on HTTP/3 support, including on NGINX.
What are the plans related to support this new and exciting protocol?
One first step would be to enable it with https://github.com/cloudflare/quiche/blob/master/extras/nginx/nginx-1.16.patch