HTTP/3#
Provides HTTP/3 protocol support for client connections, as well as for connections with proxied servers configured using the following Proxy module directives:
When building from the source code,
this module isn't built by default;
it should be enabled with the
‑‑with‑http_v3_module
build option.
In packages and images from our repositories,
the module is included in the build. Note Note that accepting HTTP/3 connections over TLS requires the TLSv1.3 protocol support, which is available since OpenSSL version 1.1.1. Also, the Enables HTTP/3 protocol negotiation. Enables HTTP/0.9 protocol negotiation used in QUIC interoperability tests. Warning Enable this mode only to run specialized tests that explicitly require it. Default http, server Initializes HTTP/3 and QUIC settings
and sets the maximum number of concurrent HTTP/3 request streams in a connection. Sets the dynamic table
capacity for server connections. Note A similar proxy_http3_max_table_capacity directive
does this for proxy connections.
To avoid errors,
dynamic table usage is disabled when proxying with caching is enabled. Sets the size of the buffer used for reading and writing of the QUIC streams. Default http, server Sets the QUIC active_connection_id_limit transport parameter value. This is the maximum number of connection IDs that can be stored on the server. Enables routing of QUIC packets using eBPF. When enabled, this allows supporting QUIC connection migration. Note The directive is only supported on Linux 5.7+. Enables sending in optimized batch mode using segmentation offloading. Note Optimized sending is supported only on Linux featuring Sets a file with the secret key used to encrypt stateless reset and address validation tokens. By default, a random key is generated on each reload. Tokens generated with old keys are not accepted. Enables the QUIC Address Validation feature. This includes sending a new token in a Retry packet or a NEW_TOKEN frame and validating a token received in the Initial packet. The http_v3 module supports the following built-in variables: negotiated protocol identifier: for HTTP/3 connections for hq connections an empty string otherwise QUIC connection serial numberConfiguration Example#
http {
log_format quic '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$http3"';
access_log logs/access.log quic;
server {
# for better compatibility it's recommended
# to use the same port for http/3 and https
listen 8443 quic reuseport;
listen 8443 ssl;
ssl_certificate certs/example.com.crt;
ssl_certificate_key certs/example.com.key;
location / {
# used to advertise the availability of HTTP/3
add_header Alt-Svc 'h3=":8443"; ma=86400';
}
}
}
reuseport option can only be specified in one of the listen ... quic directives on a server. All other listen ... quic directives must be specified without it.Directives#
http3#
http3_hq#
http3_max_concurrent_streams#
http3_max_concurrent_streams number;http3_max_concurrent_streams 128;http3_max_table_capacity#
http3_stream_buffer_size#
quic_active_connection_id_limit#
quic_active_connection_id_limit number;quic_active_connection_id_limit 2;quic_bpf#
quic_gso#
UDP_SEGMENT.quic_host_key#
quic_retry#
Built-in Variables#
$http3#h3hq""$quic_connection#
Content