diff options
| -rw-r--r-- | etc/nftables.conf | 2 | ||||
| -rw-r--r-- | etc/nginx/nginx.conf | 27 | 
2 files changed, 29 insertions, 0 deletions
| diff --git a/etc/nftables.conf b/etc/nftables.conf index 1fa3ce22..d10b4b2b 100644 --- a/etc/nftables.conf +++ b/etc/nftables.conf @@ -32,6 +32,8 @@ table inet my_table {  		udp dport swgp accept  		tcp dport http accept  		tcp dport https accept +		# http3 quic +		udp dport https accept  		# email related ports  		tcp dport smtp accept  		tcp dport pop3 accept diff --git a/etc/nginx/nginx.conf b/etc/nginx/nginx.conf index 7e54af48..ebfd925a 100644 --- a/etc/nginx/nginx.conf +++ b/etc/nginx/nginx.conf @@ -48,6 +48,21 @@ http {          listen 80;          # needed for ipv6          listen [::]:80; +        # needed for http3 quic +        # https://freenginx.org/en/docs/quic.html +        # https://oheng.com/enabling-http-3-under-nginx/ +        # +        # http3 quic can be testd with https://http3check.net +        # +        # Note reuseport should only be used once per address:port pair. +        # https://serverfault.com/a/1000428 points out that +        # https://freenginx.org/en/docs/http/ngx_http_core_module.html#listen +        # wrote: "The listen directive can have several additional parameters +        # specific to socket-related system calls. These parameters can be +        # specified in any listen directive, but only once for a given +        # address:port pair." Also see https://stackoverflow.com/q/76348128 +        listen 443 quic reuseport; +        listen [::]:443 quic reuseport;          # https://nginx.org/en/docs/http/configuring_https_servers.html#single_http_https_server          listen 443 ssl;          listen [::]:443 ssl; @@ -56,6 +71,10 @@ http {          ssl_certificate      /etc/postfix/flylightning.pem;          ssl_certificate_key  /etc/postfix/flylightning.key; +        # needed for http3 quic +        # https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Alt-Svc +        add_header Alt-Svc 'h3=":443"; ma=86400'; +          #charset koi8-r;          #access_log  logs/host.access.log  main; @@ -137,6 +156,8 @@ http {      server {          listen 80;          listen [::]:80; +        listen 443 quic; +        listen [::]:443 quic;          listen 443 ssl;          listen [::]:443 ssl;          server_name mirrors.flylightning.xyz; @@ -144,6 +165,8 @@ http {          ssl_certificate      /etc/postfix/flylightning.pem;          ssl_certificate_key  /etc/postfix/flylightning.key; +        add_header Alt-Svc 'h3=":443"; ma=86400'; +          location / {              root /srv/http/mirrors;              autoindex on; @@ -158,6 +181,8 @@ http {      server {          listen 80;          listen [::]:80; +        listen 443 quic; +        listen [::]:443 quic;          listen 443 ssl;          listen [::]:443 ssl;          server_name git.flylightning.xyz; @@ -166,6 +191,8 @@ http {          ssl_certificate      /etc/postfix/flylightning.pem;          ssl_certificate_key  /etc/postfix/flylightning.key; +        add_header Alt-Svc 'h3=":443"; ma=86400'; +          # about nginx location regex:          # - https://nginx.org/en/docs/http/ngx_http_core_module.html#location          # - https://stackoverflow.com/a/59846239 | 
