From 02f075b615c186a55a33b1bf87df5a56540ed330 Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 3 Apr 2024 00:01:40 +0200 Subject: [PATCH] nginx: enable http3 --- hosts/falkenstein/modules/nginx/default.nix | 1 + hosts/nuc/modules/nginx/default.nix | 9 +++++++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/hosts/falkenstein/modules/nginx/default.nix b/hosts/falkenstein/modules/nginx/default.nix index 25c6c8d..a763ed5 100644 --- a/hosts/falkenstein/modules/nginx/default.nix +++ b/hosts/falkenstein/modules/nginx/default.nix @@ -14,6 +14,7 @@ extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }) ); diff --git a/hosts/nuc/modules/nginx/default.nix b/hosts/nuc/modules/nginx/default.nix index fda795c..6719eb6 100644 --- a/hosts/nuc/modules/nginx/default.nix +++ b/hosts/nuc/modules/nginx/default.nix @@ -1,4 +1,4 @@ -{ lib, config, ... }: +{ pkgs, lib, config, ... }: { # set default options for virtualHosts options = with lib; { @@ -8,9 +8,13 @@ # split up nginx access logs per vhost enableACME = true; forceSSL = true; + # enable http3 for all hosts + quic = true; + http3 = true; extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }) ); @@ -18,13 +22,14 @@ }; config = { networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ 443 ]; services.nginx = { enable = true; + package = pkgs.nginxQuic; recommendedTlsSettings = true; recommendedProxySettings = true; recommendedGzipSettings = true; recommendedOptimisation = true; - # virtualHosts = lib.genAttrs v (name: { extraConfig = " lohustuff goes ith ${name}"; }); }; security.acme = { acceptTerms = true;