Open latez opened 3 years ago
I don't think this is the right place. This is only the Puppet module to install and configure the nginx package. That means you need to contact the nginx developers.
@ekohl Nginx has already added support for QUIC
My question is more around implementing the necessary config lines -
;Enable QUIC and HTTP/3. listen 443 quic reuseport;
;Request buffering in not currently supported for HTTP/3. proxy_request_buffering off;
;Add Alt-Svc header to negotiate HTTP/3. add_header alt-svc 'h3-27=":443"; ma=86400'; ssl_protocols TLSv1.3;
Ah, then I misunderstood. In that case, a PR is welcome.
;Enable QUIC and HTTP/3. listen 443 quic reuseport;
Note: reuseport
can only be applied to one vhost (per IP), so it should be added to a default https vhost.
reuseport
is a hard requirement as well, otherwise only one worker will be able to handle HTTP/3.
;Request buffering in not currently supported for HTTP/3. proxy_request_buffering off;
Do you have a source for this? It's been 4 years, maybe that is no longer the case?
;Add Alt-Svc header to negotiate HTTP/3. add_header alt-svc 'h3-27=":443"; ma=86400';
Could you elaborate on those values? What does -27
mean? On my end using h3
worked fine. Also, we should use the $server_port
variable (or the listen_port
).
add_header Alt-Svc 'h3=":$server_port"; ma=86400';
add_header x-quic 'h3';
ssl_protocols TLSv1.3;
While we should make sure that TLSv1.3 is enabled whith quic, I don't think we have to drop TLS1.2 if the server supports http2 as well.
We should also evaluate the following options:
# Default?
http3 on;
http3_hq on;
quic_retry on;
# Enabling QUIC 0-RTT, might be a sec risk
ssl_early_data on;
Hello Team,
Hope I am asking in the right place! Any chance that support for http3 will be added in order to support QUIC?
Thanks!