Enable http3 for a subset of domains

Wed Jun 26 14:45:52 UTC 2024

Hi,

> On 26 Jun 2024, at 6:15 PM, Riccardo Brunetti Host <riccardo.brunetti at host.it> wrote:
> 
> Hello.
> 
> I have a Nginx server which acts as a reverse proxy for a given number of different domains and I’m trying to enable http3 for a subset of them.
> 
> I placed the directives:
> 
>>     http3 on;
>>     listen xx.xx.xx.xx:443 default_server quic reuseport;
>>     quic_retry on;
> 
> in the default.conf file and then, only for those domains which I want http3 enabled I also add in the corresponding virtual host:
> 
>>         http3 on;
>>         listen xx.xx.xx.xx:443 quic;
>>         quic_retry on;
> 
> In the server section and 
> 
>> add_header Alt-Svc 'h3=":8443"; ma=86400';
> 
> Inside the location.
> 
> Now, what happens is that if I try to open the sites *with* http3 enabled, everything works as expected. If I try to open a site *without* http3 enabled, sometimes I have an SSL error because the server returns the “default virtual host” certificate.
> It seems related to the type of browser.
> 
> Is it an expected behaviour or I am doing something wrong with the server configuration?

If you use http/3 to access a virtual server that does not support http/3, the default http/3 server will be used.

Make sure the above add_header does not affect the servers which do not support http/3.
If it does, this will mislead clients by offering them to switch to unsupported http/3.

> Nginx version: nginx/1.26.1 on ubuntu 22.04
> 
> Thanks.
> Riccardo
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> https://mailman.nginx.org/mailman/listinfo/nginx

----
Roman Arutyunyan
arut at nginx.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20240626/8d4e596a/attachment.htm>