nixos/nginx: fix http3 configuration

This commit is contained in:
Izorkin 2021-11-20 19:51:04 +03:00 committed by Yuka
parent b1cdb609b0
commit 660a36f173

View File

@ -255,20 +255,19 @@ let
else defaultListen; else defaultListen;
listenString = { addr, port, ssl, extraParameters ? [], ... }: listenString = { addr, port, ssl, extraParameters ? [], ... }:
"listen ${addr}:${toString port} " (if ssl && vhost.http3 then "
+ optionalString ssl "ssl " # UDP listener for **QUIC+HTTP/3
listen ${addr}:${toString port} http3 "
+ optionalString vhost.default "default_server "
+ ";" else "")
+ "
listen ${addr}:${toString port} "
+ optionalString (ssl && vhost.http2) "http2 " + optionalString (ssl && vhost.http2) "http2 "
+ optionalString ssl "ssl "
+ optionalString vhost.default "default_server " + optionalString vhost.default "default_server "
+ optionalString (extraParameters != []) (concatStringsSep " " extraParameters) + optionalString (extraParameters != []) (concatStringsSep " " extraParameters)
+ ";" + ";";
+ (if ssl && vhost.http3 then ''
# UDP listener for **QUIC+HTTP/3
listen ${addr}:${toString port} http3 reuseport;
# Advertise that HTTP/3 is available
add_header Alt-Svc 'h3=":443"';
# Sent when QUIC was used
add_header QUIC-Status $quic;
'' else "");
redirectListen = filter (x: !x.ssl) defaultListen; redirectListen = filter (x: !x.ssl) defaultListen;
@ -321,6 +320,11 @@ let
ssl_conf_command Options KTLS; ssl_conf_command Options KTLS;
''} ''}
${optionalString (hasSSL && vhost.http3) ''
# Advertise that HTTP/3 is available
add_header Alt-Svc 'h3=":443"; ma=86400' always;
''}
${mkBasicAuth vhostName vhost} ${mkBasicAuth vhostName vhost}
${mkLocations vhost.locations} ${mkLocations vhost.locations}