NGINX 1.25 introduced support for http/3 (over QUIC). To enable it, one can add
listen 443 quic reuseport;
to the server block, alongside the likely existing
listen 443 ssl http2;
However, if I add the quic listen for more than one server block (which all have a different server_name set), then NGINX rejects the config with the following error:
[emerg] 2611#2611: duplicate listen options for 0.0.0.0:443 in /etc/nginx/sites-enabled/site.conf
It is possible to listen on different ports for different domains, but that doesn’t seem to be user-friendly — Firefox will display the port number in the url, even if it loaded the page over http/2 first and then got the http/3 port from an Alt-Svc header. It’s also tedious to manually allocate ports and to configure the firewall for this.
All my server blocks are using the same certificate. All domains that I have a server block for are subject alternative names in the single certificate. RFC9114 says that http/3 clients must support Server Name Indication, but even without it, because all my domains use the same certificate, it should be possible in theory to establish a connection and then decide what content to serve based on the Host header. This is not what happens though, when I send a request over QUIC, NGINX serves from the server block that the listen 443 quic is in, it seems to ignore the server name.
Is it possible with NGINX 1.25 to serve multiple domains over http/3 all on port 443?
2
Answers
Yes, nginx can serve http/3 on multiple virtual hosts, but
reuseportoption is supported only for 1 virtual host per the samelisten IP:PORTdirective.So, you should use different IPs for your virtual hosts or remove
reuseportoption.You should specify "reuseport" only once, and nginx will use it for all hosts with the same host-port pair.
No need for different IPs.
nginx docs