Now that Nginx 1.25.1 support quic/http3 on the run, I try to enable it by following either their doc or few examples over the internet, but so far I couldn’t get anything to work: it’s always served over http1.1.
(I have no issue enabling http2, just for the record).
Here’s my config file for a test vhost:
server {
listen 443 quic;
listen 443 ssl;
server_name www.mywebsite.com;
http3 on;
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|txt|srt|swf|woff|woff2)$ {
root /var/www/landings/mywebsite/site/;
add_header Access-Control-Allow-Origin *;
add_header Alt-Svc 'h3=":443"; ma=86400';
expires 30d;
}
location / {
proxy_pass http://127.0.0.1:8005/;
root /var/www/landings/mywebsite/site/;
include /etc/nginx/conf.d/headers.conf;
add_header Access-Control-Allow-Origin *;
add_header Alt-Svc 'h3=":443"; ma=86400';
}
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
I tried a few various steps, like with or without the http3 directive, with add_header QUIC-Status $http3;
, and stuff that would regularly pop up in tutorials pages, but so far nothing did the trick.
TLSv1.3 is enabled.
The logs show nothing specific, and nginx configuration check is all clear.
Nginx version is 1.25.1 on debian bullseye.
If anyone has an idea of what I could have missed… Thanks!
2
Answers
After some tries, I was able to make HTTP/3 to work by adding the following headers, according this official nginx blog post:
(you can replace
$server_port
by443
if this is the port you’re using for HTTPS)It seems one can add those headers either in a specific vhost file in the
server
directive, or for all vhosts in thenginx.conf
in thehttp
directive. Maybe it didn’t work for you since you put the header in thelocation
directive.By the way:
It seems the
http3 on
directive is not necessary, as it is already enabled by default (which is not the case for thehttp2 on
directive)While we’re at it, it might be also a good idea to enable the QUIC 0-RTT connection resumption feature:
Same, it seems this can alternatively be added for all vhosts in the
http
directive in the globalnginx.conf
conf file.I’m facing the same issue and personally is driving me insane, setting the headers like you did not work for me. I’m still trying to figure out what’s wrong.