Alex
NGINX mainline supports HTTP/3 now and it would be nice for a (newly deployed server) to enable this for vhosts and open the 443/UDP port. Possibly optional since it requires mainline NGINX but IMHO worth it.
Background info:
- packages: https://nginx.org/en/linux_packages.html
- mainline vs. stable: https://serverfault.com/a/715126/602652
Dennis
Before we'll do this implementation, we'll have to upgrade our NGINX installations.
We've released that this morning, 1.24 is being installed on fresh servers now. We'll be adding a documentation article & upgrade button to upgrade existing NGINX versions.
We'll have to wait until this seems stable and working, then we'll integrate the stable/mainline option inside the server builder, and also HTTP/3.
Kay van Aarssen
@Dennis Any news on this, and will it be an option on existing servers to switch to the Mainline version? Or do we need to deploy a new server for that?
Simon
Any update on this? I am looking to get my sites QUIC/HTTPS3 ready.
Jesser Horitani
Please also update haproxy on load balancers to version 2.8. That version also supports HTTP/3.
dgillier
Hello, Any news on this ?
Dennis
Yes, the news: https://x.com/dennis_smink/status/1810568164863856993
Kay van Aarssen
For now if you want to use it add this to your NGINX Site config;
# HTTP/3 QUIC
listen 443 quic reuseport;
listen [::]:443 quic reuseport;
ssl_protocols TLSv1.3;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
add_header Alt-Svc 'h3-29=":443"; ma=86400'; # h3-29 is the version of HTTP/3
add_header X-Content-Type-Options nosniff;
Make sure you also open port 443 UDP on both your VPS Provider if you have Firewall Enabled and also in the network tab on the server level in Ploi.
To see if HTTP/3 Works you can use this website: https://http3check.net/
Dennis
Basically, in essence, this is it. I am still looking how to do this UI-wise properly.
The change isn't that hard, really. Just UI-wise a challenge to not overbloat it.
Julius Kiekbusch
My approach would be:
- Enabled by default for all new servers.
- Automatic Changes after confirmation
- a list of manual steps, like settings allowing UDP ports on 443 or adding the nginx snippet. (for these who do not trust automation or have a complicated setup)
Dennis
It would be beautiful if anyone here can test! Kay already did, and it was a success 🔥
Claes Boklund
Works!
Julius Kiekbusch
Hey, I would also like to test this, but I am unsure what steps I need to follow.
First I checked on a Ubuntu 20.04 LTS the nginx version with nginx -v:
nginx version: nginx/1.18.0 (Ubuntu)
I probably need to upgrade my nginx, for HTTP/3 Support right? How would I do that?
Afterwards I would add the snippet from Kay to the site which should support HTTP/3:
# HTTP/3 QUIC
listen 443 quic reuseport;
listen [::]:443 quic reuseport;
ssl_protocols TLSv1.3;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
add_header Alt-Svc 'h3-29=":443"; ma=86400'; # h3-29 is the version of HTTP/3
add_header X-Content-Type-Options nosniff;
Lastly I need to request a new Let's Encrypt certificate with HTTP/3 support right?
Or are there other constraints/requirements/steps to follow?
Dennis
Ok so with Ploi, your server needs to be created after May 2024, if it's not, it wont automatically allow you.
This guide, shows you how you can do it manually: https://ploi.io/documentation/server/setting-up-http3-with-nginx-on-ubuntu
You do not need to request a fresh SSL certificate, this is unrelated.
HTTP/3 support
-
Dennis moved item to board Live
2 days ago -
Dennis moved item to board In code review
1 month ago -
Dennis moved item to board In progress
1 year ago -
Dennis moved item to board Planned
1 year ago -
Alex moved item to project Server Level Requests
1 year ago -
Alex created the item
1 year ago