Minimum Nginx Version
You have to have a recent version of nginx ( greater than 1.25.0) so default Ubuntu 24.04LTS (nginx 1.24.0) won't cut it. You have to enable the nginx.org repo to get nginx 1.30.3 (however this version doesn't come with brotli compression)
Brotli Compression
To run brotli compression you have to either compile nginx yourself (ewww) or upgrade from Ubuntu 24.04LTS to Ubuntu 26.04LTS (nginx 1.28.3) and then you can apt install libnginx-mod-http-brotli-filter libnginx-mod-http-brotli-static
Network / Firewall
Allow UDP/TCP on port 443 to your webserver instead of just TCP
Make sure if you are running NAT you have both TCP / UDP port forwarding to and outbound NAT from your webserver
Nginx Configuration
In one server config only specify reuseport
# in exactly one server { } config section
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# HTTP/3 QUIC listeners
listen 443 quic reuseport;
listen [::]:443 quic reuseport;
quic_retry on;
# Advertise HTTP/3 availability
add_header Alt-Svc 'h3=":443"; ma=86400' always;
In every other site specify quic without reuseport
# in server config section
listen 443 ssl;
listen [::]:443 ssl;
http2 on;
# HTTP/3 QUIC listeners
listen 443 quic;
listen [::]:443 quic;
quic_retry on;
# Advertise HTTP/3 availability
add_header Alt-Svc 'h3=":443"; ma=86400' always;
Check for HTTP3 / quic
nginx -V 2>&1 | tr -- - '\n' | grep _module
http_addition_module
http_auth_request_module
http_dav_module
http_flv_module
http_gunzip_module
http_gzip_static_module
http_mp4_module
http_random_index_module
http_realip_module
http_secure_link_module
http_slice_module
http_ssl_module
http_stub_status_module
http_sub_module
http_v2_module
# quic / HTTP3
http_v3_module
mail_ssl_module
stream_realip_module
stream_ssl_module
stream_ssl_preread_module
0 Comments