skip to Main Content

Now that Nginx 1.25.1 support quic/http3 on the run, I try to enable it by following either their doc or few examples over the internet, but so far I couldn’t get anything to work: it’s always served over http1.1.

(I have no issue enabling http2, just for the record).

Here’s my config file for a test vhost:

server {
    listen 443 quic;
    listen 443 ssl;
    server_name www.mywebsite.com;

    http3 on;

    location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|txt|srt|swf|woff|woff2)$ {
        root /var/www/landings/mywebsite/site/;
        add_header Access-Control-Allow-Origin *;
        add_header Alt-Svc 'h3=":443"; ma=86400';
        expires 30d;
    }

    location / {
        proxy_pass http://127.0.0.1:8005/;
        root /var/www/landings/mywebsite/site/;
        include /etc/nginx/conf.d/headers.conf;
        add_header Access-Control-Allow-Origin *;
        add_header Alt-Svc 'h3=":443"; ma=86400';
    }

    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

I tried a few various steps, like with or without the http3 directive, with add_header QUIC-Status $http3;, and stuff that would regularly pop up in tutorials pages, but so far nothing did the trick.

TLSv1.3 is enabled.

The logs show nothing specific, and nginx configuration check is all clear.
Nginx version is 1.25.1 on debian bullseye.

If anyone has an idea of what I could have missed… Thanks!

2

Answers


  1. After some tries, I was able to make HTTP/3 to work by adding the following headers, according this official nginx blog post:

    server {
    
        listen 443 quic;
        listen 443 ssl;
        server_name www.mywebsite.com;
    
        ...
    
        # Add Alt-Svc headers to negotiate HTTP/3
        add_header Alt-Svc  'h3=":$server_port"; ma=3600, h2=":$server_port"; ma=3600';
        add_header Alt-Svc  'h2=":$server_port"; ma=2592000; persist=1';
        add_header Alt-Svc  'h2=":$server_port"; ma=2592000;';
    
        ...
    
    }
    

    (you can replace $server_port by 443 if this is the port you’re using for HTTPS)

    It seems one can add those headers either in a specific vhost file in the server directive, or for all vhosts in the nginx.conf in the http directive. Maybe it didn’t work for you since you put the header in the location directive.

    By the way:

    1. It seems the http3 on directive is not necessary, as it is already enabled by default (which is not the case for the http2 on directive)

    2. While we’re at it, it might be also a good idea to enable the QUIC 0-RTT connection resumption feature:

    server {
        ...
    
        # Enabling QUIC 0-RTT
        ssl_early_data on;
    
        ...
    }
    

    Same, it seems this can alternatively be added for all vhosts in the http directive in the global nginx.conf conf file.

    Login or Signup to reply.
  2. I’m facing the same issue and personally is driving me insane, setting the headers like you did not work for me. I’m still trying to figure out what’s wrong.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search