<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">Forgot to add, here are the HTTPS [1] records in DNS<div><br></div><div><br></div><div><div> IN HTTPS 100 . no-default-alpn alpn="h3"</div><div> IN HTTPS 200 . no-default-alpn alpn="h2"</div></div><div><br></div><div>They 100/200 are weights, much like MX records, where the lowest one wins</div><div><br></div><div>[1] <a href="https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-11.txt">https://www.ietf.org/archive/id/draft-ietf-dnsop-svcb-https-11.txt</a></div><div><br></div><div><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); font-variant-caps: normal; letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><br></div></div></div></div><br class="Apple-interchange-newline"></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<div><br><blockquote type="cite"><div>On Mar 9, 2023, at 01:56, Eric Germann <ekgermann@semperen.com> wrote:</div><br class="Apple-interchange-newline"><div><div class="content-isolator__container"><meta http-equiv="content-type" content="text/html; charset=utf-8"><div style="overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;">I’m having an issue where I (think I) have enabled HTTP3 correctly on my nginx server. When I connect to the server the first time, it indicates HTTP/2 in the logs. If I hit refresh it indicates HTTP/3 from then on. So something is wrong with the configuration of the server to offer headers to negotiate it. I’ve even added HTTPS DNS records to indicate the preferred connection schemes. Bonus points if you can help me get QUIC working too.<div><br></div><div>The result of <a href="http://http3check.net/">http3check.net</a> is "<span style="color: rgb(149, 149, 149); font-family: -apple-system, system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-size: 16px; orphans: 2; text-align: justify; widows: 2;">HTTP/3 Check could not get the server's advertised QUIC versions due to the error given below.</span><div class="uk-margin" style="font-size: 16px; margin-bottom: 0px; color: rgb(136, 136, 136); font-family: -apple-system, system-ui, "Segoe UI", Roboto, "Helvetica Neue", Arial, "Noto Sans", sans-serif, "Apple Color Emoji", "Segoe UI Emoji", "Segoe UI Symbol", "Noto Color Emoji"; font-variant-ligatures: normal; orphans: 2; widows: 2; margin-top: 20px !important;"><div class="ls-table uk-margin-auto uk-width-expand uk-alert-danger uk-alert" uk-alert="" style="position: relative; margin-bottom: 20px; padding: 8px 16px; background-color: rgb(254, 244, 246); color: rgb(240, 80, 110); box-sizing: border-box; width: 640px; max-width: 100%; flex: 1 1 0%; min-width: 1px; border-radius: 5px; margin-left: auto !important; margin-right: auto !important;"><table class="uk-table uk-margin-auto" style="border-collapse: collapse; border-spacing: 0px; width: 608px; margin-bottom: 0px; font-size: 0.85em; margin-top: 0px; margin-left: auto !important; margin-right: auto !important;"><tbody><tr style="transition: background-color 0.1s linear 0s;"><td style="padding: 0px 12px; vertical-align: text-bottom; word-break: break-word;">Bad status code from server.</td></tr></tbody></table></div></div><div>
<meta charset="UTF-8"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div dir="auto" style="text-align: start; text-indent: 0px; overflow-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;"><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;">Thanks in advance for any pointers</span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;"><br></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;">Eric</span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;"><br></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;">Source code was pulled 2023-02-27</span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;"><br></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;"><br></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;">Build information is:</span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular;"><br></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; text-align: start; text-indent: 0px;"><div><font face="Courier New"><span style="font-style: normal;">nginx version: nginx/1.23.4</span></font></div><div><font face="Courier New"><span style="font-style: normal;">built by gcc 7.3.1 20180712 (Red Hat 7.3.1-15) (GCC) </span></font></div><div><font face="Courier New"><span style="font-style: normal;">built with OpenSSL 3.0.8+quic 7 Feb 2023</span></font></div><div><font face="Courier New"><span style="font-style: normal;">TLS SNI support enabled</span></font></div><div><font face="Courier New"><span style="font-style: normal;">configure arguments: --with-threads --with-cc-opt='-static -static-libgcc' --with-ld-opt=-static --with-debug --with-compat --with-file-aio --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-http_realip_module --with-http_secure_link_module --with-http_random_index_module --with-http_geoip_module --with-http_ssl_module --with-http_v2_module --with-http_v3_module --with-stream_quic_module --with-http_sub_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-cc-opt=-I/usr/local/include --with-ld-opt=-L/usr/local/lib --with-openssl=../quictls --with-openssl-opt=enable-tls1_3 --add-module=/source/ngx_brotli</span></font></div><div style="font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px;"><br></div><div style="font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px;"><br></div><div style="font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px;">Pertinent config for the server block is</div><div style="font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px;"><br></div><div><div><font face="Courier New"><span style="font-style: normal;"> upstream httpd_backend {</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> server 172.28.10.91:443;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> keepalive 120;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> }</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> log_format quic '$remote_addr - $remote_user [$time_local] '</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> '"$request" $status $body_bytes_sent '</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> '"$http_referer" "$http_user_agent" "$http3"';</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> access_log logs/access.log quic;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> # NON-SSL</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> server {</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> listen 80;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> listen [::]:80;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> server_name www.example.com;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> location / {</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> rewrite ^ https://www.example.com$request_uri?/ permanent;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> }</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> }</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> # SSL</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> server {</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> listen 443 ssl http2;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> listen [::]:443 ssl http2;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> listen 443 http3 reuseport;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> listen [::]:443 http3 reuseport;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> quic_retry on;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> server_name noc2.semperen.com;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> # Set up your cert paths</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_trusted_certificate /etc/letsencrypt/live/www.example.com/chain.pem;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_dhparam SSLKeys/dhparam.pem;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_protocols TLSv1.3;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_prefer_server_ciphers On;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_ciphers TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES-256-GCM-SHA384:AES256+EECDH:AES256+EDH:!aNULL:!CBC;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_ecdh_curve secp384r1;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_early_data on;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> # enable ocsp stapling</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_stapling on;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> ssl_stapling_verify on;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> resolver 8.8.4.4 8.8.8.8 valid=86400s;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> resolver_timeout 10s;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> # upgrade to HTTP3 and HTTP2</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> add_header alt-svc 'h3=":443"; ma=86400, h2=":443"; ma=86400';</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> add_header alt-svc 'h2=":443"; ma=86400; persist=1';</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> add_header alt-svc 'h2=":443"; ma=86400;';</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> add_header X-Frame-Options "SAMEORIGIN";</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> # tell users to go to SSL version next time</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> add_header Strict-Transport-Security "max-age=31104000; includeSubdomains" always;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> # handle brotli compression</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> brotli on;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> brotli_static on;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"><span class="Apple-tab-span" style="white-space:pre"> </span># Note this is one line, even if it wraps and renders as two</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> brotli_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> brotli_buffers 16 8k;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> brotli_comp_level 9;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> client_max_body_size 32M;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> error_page 502 /custom_502.html;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> location = /custom_502.html {</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> root /usr/local/nginx/html;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> internal;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> }</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> location / {</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_pass https://httpd_backend;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_http_version 1.1;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_buffering on;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_set_header X-Forwarded-For $remote_addr;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_set_header X-Real-IP $remote_addr;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_set_header Host $host;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_pass_header Authorization;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"># proxy_set_header X-Scheme $scheme;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"># proxy_set_header Upgrade $http_upgrade;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"># proxy_set_header Connection "upgrade";</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> }</span></font></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div><div><font face="Courier New"><span style="font-style: normal;"> location /roundcube {</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_pass https://172.28.10.100;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_http_version 1.1;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_buffering on;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_set_header X-Forwarded-For $remote_addr;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_set_header X-Real-IP $remote_addr;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_set_header Host $host;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> proxy_pass_header Authorization;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"># proxy_set_header X-Scheme $scheme;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"># proxy_set_header Upgrade $http_upgrade;</span></font></div><div><font face="Courier New"><span style="font-style: normal;"># proxy_set_header Connection "upgrade";</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> }</span></font></div><div><font face="Courier New"><span style="font-style: normal;"> }</span></font></div></div><div><font face="Courier New"><span style="font-style: normal;"><br></span></font></div></div><div style="text-align: start; text-indent: 0px;"><font face="InputMono-Regular"><span style="caret-color: rgb(0, 0, 0);"><br></span></font></div><div style="text-align: start; text-indent: 0px;"><font face="InputMono-Regular"><span style="caret-color: rgb(0, 0, 0);"><br></span></font></div><div style="text-align: start; text-indent: 0px;"><font face="InputMono-Regular"><span style="caret-color: rgb(0, 0, 0);"><br></span></font></div><div style="text-align: start; text-indent: 0px;"><font face="InputMono-Regular"><span style="caret-color: rgb(0, 0, 0);">--</span></font></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><font face="Arial">Eric Germann</font></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-style: normal; font-weight: normal; text-align: start; text-indent: 0px;"><span style="font-size: 11px;"><font face="Arial">ekgermann {at} semperen {dot} com || ekgermann {at} gmail {dot} com</font></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; text-align: start; text-indent: 0px;"><span style="font-size: 11px;"><font face="Arial"><font style="font-style: normal; font-weight: normal;">LinkedIn: </font><span style="font-style: normal;"><a href="https://www.linkedin.com/in/ericgermann">https://www.linkedin.com/in/ericgermann</a></span></font></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; text-align: start; text-indent: 0px;"><span style="font-size: 11px;"><font face="Arial">Medium:<span class="Apple-converted-space"> </span><a href="https://ekgermann.medium.com/">https://ekgermann.medium.com</a> </font></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-size: 12px;"><font face="Arial">Twitter: @ekgermann</font></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-size: 11px;"><font face="Arial">Telegram || Signal || Skype || WhatsApp || Phone +1 {dash} 419 {dash} 513 {dash} 0712</font></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px; text-align: start; text-indent: 0px;"><span style="font-family: InputMono-Regular; font-size: 11px;"><br></span></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; text-align: start; text-indent: 0px;"><font face="InputMono-Regular" style="font-family: Helvetica; font-style: normal; font-weight: normal; font-size: 15px;"><span style="font-size: 12px;">GPG Fingerprint:<span class="Apple-converted-space"> </span></span></font><font face="Arial"><span style="font-style: normal; font-size: 11px;">89ED 36B3 515A 211B 6390 60A9 E30D 9B9B 3EBF F1A1</span></font></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal; text-align: start; text-indent: 0px;"><br></div><div style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal;"><font face="InputMono-Regular"><span style="font-style: normal; font-size: 11px;"><br></span></font></div></div><font face="InputMono-Regular" style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal;"><span style="font-style: normal; font-size: 11px;"><br class="Apple-interchange-newline"></span></font></div><font face="InputMono-Regular" style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px; font-variant-caps: normal;"><span style="font-style: normal; font-size: 11px;"><br class="Apple-interchange-newline"></span></font></div><font face="InputMono-Regular" style="caret-color: rgb(0, 0, 0); letter-spacing: normal; text-transform: none; white-space: normal; word-spacing: 0px; text-decoration: none; -webkit-text-stroke-width: 0px;"><span style="font-style: normal; font-size: 11px;"><br class="Apple-interchange-newline" style="caret-color: rgb(0, 0, 0); font-variant-caps: normal; letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none;"></span></font><br class="Apple-interchange-newline"></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div></div>
</div>
<br></div></div></div></div></blockquote></div><br></body></html>