Welcome! Log In Create A New Profile

Advanced

Best practice for HTTP/2 + HTTP/3 & QUIC in 1 `server` block

May 23, 2023 01:58PM
Hello.
Firstly, thank you to the Nginx team for HTTP/3 & QUIC support in Nginx 1.25.0, and congratulations for this milestone!

I am experimenting with deployment, having compiled from source with LibreSSL and successfully enabled 1 site. I have encountered an issue where >1 sites are running on the same instance of Nginx on the same server. I am using this as my basis for configuration experimentation:

http://nginx.org/en/docs/http/ngx_http_v3_module.html

…which currently provides this `server` block:

server {
# for better compatibility it's recommended
# to use the same port for http/3 and https
listen 8443 quic reuseport;
listen 8443 ssl;

ssl_certificate certs/example.com.crt;
ssl_certificate_key certs/example.com.key;

location / {
# used to advertise the availability of HTTP/3
add_header Alt-Svc 'h3=":8443"; ma=86400';
}

I am currently running a HTTP/2 + HTTP/1 in production, and I would like to run HTTP/3 & QUIC + HTTP/2 + HTTP/1, if that's viable. I am using the 2x `listen` directives above, plus my production `listen` directives, like this:

listen [::]:443 http2 ssl;
listen 443 http2 ssl;
listen 8443 quic reuseport;
listen 8443 ssl;

Note: the production directive include IPv6, I will modify the working HTTP/3 & QUIC `listen` directives to cover that when I have it working on my server.

This port 443 + port 8443 approach appears to work, and a check from http3check.net reports success on HTTP/3 and QUIC. So far, so good. There are other sites running on the same VPS, and if I use the 443 + port 8443 approach above to another site, it fails the `nginx -t` check:

nginx: [emerg] duplicate listen options for 0.0.0.0:8443 in /etc/nginx/servers-enabled/example.com.conf:96

Line #96 in that file is:

listen 8443 quic reuseport;

I am lost on what to do next. Regarding the comment:

# for better compatibility it's recommended
# to use the same port for http/3 and https

…does that refer to https on pre-HTTP/3, or HTTP/3? If I comment out the port 443 `listen` directives, the site goes offline.

I am happy to maintain an additional `server` block for each site on HTTP/3 & QUIC, that would isolate the port 443 + port 8443 directives…but I would appreciate any advice or guidance on whether it's viable to run HTTP/3 & QUIC alongside HTTP/2 in a single `server` block. Indeed, I would be most grateful for any advice on best practice for this situation where there are >1 sites on a single VPS, each running HTTP/1, HTTP/2 and HTTP/3 & QUIC.

Thank you for reading, and best wishes.
Subject Author Posted

Best practice for HTTP/2 + HTTP/3 & QUIC in 1 `server` block

petecooper May 23, 2023 01:58PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 161
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 500 on July 15, 2024
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready