nginx: Enable HTTP/3

Close #16
JGoutin · Aug 16, 2024 · 2adc513 · 2adc513
1 parent c108e65
commit 2adc513
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 2 deletions.
diff --git a/roles/nginx/tasks/firewall.yml b/roles/nginx/tasks/firewall.yml
@@ -47,6 +47,7 @@
   with_items:
     - http
     - https
+    - http3
 
 - name: Ensure admin firewalld zone allow HTTP/HTTPS
   ansible.posix.firewalld:
@@ -58,4 +59,5 @@
   with_items:
     - http
     - https
+    - http3
   when: common_trusted_firewalld_source is defined
diff --git a/roles/nginx/templates/nginx-site.conf.j2 b/roles/nginx/templates/nginx-site.conf.j2
@@ -31,8 +31,12 @@ server {
     # https://ssl-config.mozilla.org/#server=nginx&config=modern
     # ==================================
 
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 quic reuseport;
+    listen 443 ssl;
+    listen [::]:443 quic reuseport;
+    listen [::]:443 ssl;
+    add_header Alt-Svc 'h3=":443"; ma=86400';
+    http2 on;
 
     # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
     ssl_certificate {{ _tls_crt }};