From a0132fa7cf8772c0ca8b883aa530c9cd7035fb3d Mon Sep 17 00:00:00 2001 From: Rouven Seifert Date: Wed, 3 Apr 2024 14:59:57 +0200 Subject: [PATCH] nginx: enable http3 --- modules/core/nginx.nix | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/modules/core/nginx.nix b/modules/core/nginx.nix index b28e6cf..36e596e 100644 --- a/modules/core/nginx.nix +++ b/modules/core/nginx.nix @@ -7,10 +7,14 @@ ({ name, ... }: { enableACME = true; forceSSL = true; + # enable http3 for all hosts + quic = true; + http3 = true; # split up nginx access logs per vhost extraConfig = '' access_log /var/log/nginx/${name}_access.log; error_log /var/log/nginx/${name}_error.log; + add_header Alt-Svc 'h3=":443"; ma=86400'; ''; }) ); @@ -18,10 +22,12 @@ }; config = { - networking.firewall.allowedTCPPorts = [ 443 80 ]; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + networking.firewall.allowedUDPPorts = [ 443 ]; services.nginx = { - additionalModules = [ pkgs.nginxModules.pam ]; enable = true; + package = pkgs.nginxQuic; + additionalModules = [ pkgs.nginxModules.pam ]; recommendedProxySettings = true; recommendedGzipSettings = true; recommendedOptimisation = true;