itepechi/akkoma
1
0
Fork 0
Code Issues Pull requests Releases Activity

Update nginx config for HTTP/3 support

Browse source 
Overall fairly minor changes, but most importantly the Host header passed to the backend is set to `$host` instead of `$http_host` as HTTP/3 no longer uses the Host header, leaving it unset. `$host` will fallback to the `server_name` value in that situation while `$http_host` doesn't.

Ref: https://community.nginx.org/t/proxy-params-by-default-blocks-reverse-proxy-for-http-3/6792
This commit is contained in:
norm 2025-09-15 17:44:26 +00:00 committed by Norm
parent 23dfbd491e
commit da340fd46c
1 changed files with 16 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
installation/nginx/akkoma.nginx
View file

@ -40,6 +40,12 @@ server {
# for nginx versions < 1.25.1, you need to use a listen paramter instead
http2 on;
# Uncomment to enable HTTP/3 suppport (only do this after getting a valid certificate)
# Requires nginx 1.25.0+ and ngx_http_v3_module enabled at build time
#listen 443 quic reuseport;
#listen [::]:443 quic reuseport;
#add_header Alt-Svc 'h3=":443"; ma=86400';
# If you are not using Certbot, comment out the above and uncomment/edit the following
# listen 443 ssl http2;
# listen [::]:443 ssl http2;
@ -73,7 +79,7 @@ server {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/(media|proxy) {
@ -97,6 +103,14 @@ server {
# for nginx versions < 1.25.1, you need to use a listen paramter instead
http2 on;
# Uncomment to enable HTTP/3 suppport (only do this after getting a valid certificate)
# Note: reuseport is not specified here as it's already used in the first server block,
# and can only be used once per ip/port pair.
# Requires nginx 1.25.0+ and ngx_http_v3_module enabled at build time
#listen 443 quic;
#listen [::]:443 quic;
#add_header Alt-Svc 'h3=":443"; ma=86400';
# If you are not using certbot, comment the above and copy all the ssl
# stuff from above into here.
@ -114,7 +128,7 @@ server {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location ~ ^/(media|proxy) {