http_v3 module#
Provides support for HTTP/3.
Attention
An SSL library that provides HTTP/3 support is recommended to build and run this module.
Use the following command to configure Angie with BoringSSL:
./configure
--with-debug
--with-http_v3_module
--with-cc-opt="-I../boringssl/include"
--with-ld-opt="-L../boringssl/build/ssl
-L../boringssl/build/crypto"
with a modern version of LibreSSL:
./configure
--with-debug
--with-http_v3_module
--with-cc-opt="-I../libressl/build/include"
--with-ld-opt="-L../libressl/build/lib"
with QuicTLS:
./configure
--with-debug
--with-http_v3_module
--with-cc-opt="-I../quictls/build/include"
--with-ld-opt="-L../quictls/build/lib"
Otherwise, if using the OpenSSL library, OpenSSL compatibility layer will be used that does not support QUIC early data.
This module is not built by default, it should be enabled with the ‑‑with‑http_v3_module configuration parameter.
Module was enabled on build package for our repository.
Example Configuration#
http {
log_format quic '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$http3"';
access_log logs/access.log quic;
server {
# for better compatibility it's recommended
# to use the same port for http/3 and https
listen 8443 quic reuseport;
listen 8443 ssl;
ssl_certificate certs/example.com.crt;
ssl_certificate_key certs/example.com.key;
location / {
# used to advertise the availability of HTTP/3
add_header Alt-Svc 'h3=":8443"; ma=86400';
}
}
}
Important
Note that accepting HTTP/3 connections over TLS requires the TLSv1.3 protocol support, which is available since OpenSSL version 1.1.1.
Directives#
http3#
- Syntax:
http3on | off;- Default:
http3 on;- Context:
http, server
Enables HTTP/3 protocol negotiation.
http3_hq#
- Syntax:
http3_hqon | off;- Default:
http3_hq off;- Context:
http, server
Enables HTTP/0.9 protocol negotiation used in QUIC interoperability tests.
http3_max_concurrent_streams#
- Syntax:
http3_max_concurrent_streamsnumber;- Default:
http3_max_concurrent_streams 128;- Context:
http, server
Sets the maximum number of concurrent HTTP/3 request streams in a connection.
http3_stream_buffer_size#
- Syntax:
http3_stream_buffer_sizesize;- Default:
http3_stream_buffer_size 64k;- Context:
http, server
Sets the size of the buffer used for reading and writing of the QUIC streams.
quic_active_connection_id_limit#
- Syntax:
quic_active_connection_id_limitnumber;- Default:
quic_active_connection_id_limit 2;- Context:
http, server
Sets the QUIC active_connection_id_limit transport parameter value. This is the maximum number of client connection IDs which can be stored on the server.
quic_bpf#
- Syntax:
quic_bpfon | off;- Default:
quic_bpf off;- Context:
main
Enables routing of QUIC packets using eBPF. When enabled, this allows supporting QUIC connection migration.
Important
The directive is only supported on Linux 5.7+.
quic_gso#
- Syntax:
quic_gsoon | off;- Default:
quic_gso off;- Context:
http, server
Enables sending in optimized batch mode using segmentation offloading.
Important
Optimized sending is supported only on Linux featuring UDP_SEGMENT.
quic_host_key#
- Syntax:
quic_host_keyfile;- Default:
—
- Context:
http, server
Sets a file with the secret key used to encrypt stateless reset and address validation tokens. By default, a random key is generated on each reload. Tokens generated with old keys are not accepted.
quic_retry#
- Syntax:
quic_retryon | off;- Default:
quic_retry off;- Context:
http, server
Enables the QUIC Address Validation feature. This includes sending a new token in a Retry packet or a NEW_TOKEN frame and validating a token received in the Initial packet.
Embedded Variables#
The http_v3 module supports the following embedded variables:
$http3#
negotiated protocol identifier:
|
for HTTP/3 connections |
|
for hq connections |
|
an empty string otherwise |