diff --git a/.gitignore b/.gitignore index 4e4a6e1c..f91cf7c4 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,4 @@ conf.d/*.conf !conf.d/.default.conf !conf.d/no-ssl.default.conf test/* -!test/vhosts/ +!test/vhosts diff --git a/README.md b/README.md index f15e1c63..d9c16cc3 100644 --- a/README.md +++ b/README.md @@ -172,7 +172,7 @@ nginx -s reload ## Support - * Nginx v**1.8.0**+ + * Nginx v**1.25.0**+ ## Contributing diff --git a/conf.d/.default.conf b/conf.d/.default.conf index 9c509943..f0faa2c2 100644 --- a/conf.d/.default.conf +++ b/conf.d/.default.conf @@ -10,8 +10,13 @@ # returning 444 "No Response". server { - listen [::]:443 ssl http2 default_server; - listen 443 ssl http2 default_server; + listen [::]:443 quic reuseport; + listen 443 quic reuseport; + listen [::]:443 ssl default_server; + listen 443 ssl default_server; + + http2 on; + http3 on; server_name _; diff --git a/conf.d/templates/example.com.conf b/conf.d/templates/example.com.conf index 1b55babb..7d2e376a 100644 --- a/conf.d/templates/example.com.conf +++ b/conf.d/templates/example.com.conf @@ -10,8 +10,10 @@ # the right one. # https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/#server-name-if server { - listen [::]:443 ssl http2; - listen 443 ssl http2; + listen [::]:443 quic reuseport; + listen 443 quic reuseport; + listen [::]:443 ssl; + listen 443 ssl; server_name www.example.com; @@ -24,10 +26,12 @@ server { server { - # listen [::]:443 ssl http2 accept_filter=dataready; # for FreeBSD - # listen 443 ssl http2 accept_filter=dataready; # for FreeBSD - listen [::]:443 ssl http2; - listen 443 ssl http2; + listen [::]:443 quic reuseport; + listen 443 quic reuseport; + # listen [::]:443 ssl accept_filter=dataready; # for FreeBSD + # listen 443 ssl accept_filter=dataready; # for FreeBSD + listen [::]:443 ssl; + listen 443 ssl; # The host name to respond to server_name example.com; diff --git a/h5bp/protocol/http2.conf b/h5bp/protocol/http2.conf new file mode 100644 index 00000000..431aeea7 --- /dev/null +++ b/h5bp/protocol/http2.conf @@ -0,0 +1,7 @@ +# ---------------------------------------------------------------------- +# | HTTP/2 Support | +# ---------------------------------------------------------------------- + +# https://nginx.org/en/docs/http/ngx_http_v2_module.html + +http2 on; diff --git a/h5bp/protocol/http3.conf b/h5bp/protocol/http3.conf new file mode 100644 index 00000000..39f3269f --- /dev/null +++ b/h5bp/protocol/http3.conf @@ -0,0 +1,7 @@ +# ---------------------------------------------------------------------- +# | HTTP/3 Support | +# ---------------------------------------------------------------------- + +# https://nginx.org/en/docs/http/ngx_http_v3_module.html + +http3 on; diff --git a/test/vhosts/default.conf b/test/vhosts/default.conf index 782c88e3..cf7c509c 100644 --- a/test/vhosts/default.conf +++ b/test/vhosts/default.conf @@ -9,8 +9,10 @@ server { server { - listen [::]:443 ssl http2 default_server; - listen 443 ssl http2 default_server; + listen [::]:443 quic reuseport; + listen 443 quic reuseport; + listen [::]:443 ssl default_server; + listen 443 ssl default_server; server_name _; diff --git a/test/vhosts/secure.server.localhost.conf b/test/vhosts/secure.server.localhost.conf index 9faa8336..1645ae87 100644 --- a/test/vhosts/secure.server.localhost.conf +++ b/test/vhosts/secure.server.localhost.conf @@ -1,6 +1,8 @@ server { - listen [::]:443 ssl http2; - listen 443 ssl http2; + listen [::]:443 quic reuseport; + listen 443 quic reuseport; + listen [::]:443 ssl; + listen 443 ssl; server_name www.secure.server.localhost; @@ -12,8 +14,10 @@ server { } server { - listen [::]:443 ssl http2; - listen 443 ssl http2; + listen [::]:443 quic reuseport; + listen 443 quic reuseport; + listen [::]:443 ssl; + listen 443 ssl; server_name secure.server.localhost;