diff --git a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf index cc316538a..64c2b305d 100644 --- a/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf +++ b/www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf @@ -97,6 +97,7 @@ if cache_path.use_temp_path is defined and cache_path.use_temp_path == '1' include opnsense_http_vhost_plugins/*.conf; {% set listen_list = [] %} +{% set http3_reuseport_list = [] %} {% if OPNsense.Nginx.general.enabled is defined and OPNsense.Nginx.general.enabled == '1' %} {% for server in helpers.toList('OPNsense.Nginx.http_server') %} {% set single_servername = server.servername.split(",")[0] %} @@ -124,8 +125,14 @@ server { {% for listen_address in server.listen_https_address.split(',') %} listen {{ listen_address }} ssl{% if server.proxy_protocol is defined and server.proxy_protocol == '1' %} proxy_protocol{% endif %}{% if server.default_server is defined and server.default_server == '1' %} default_server{% endif %}; {% if server.enable_http3|default("0") == "1" %} - listen {{ listen_address }} quic reuseport{% if server.default_server is defined and server.default_server == '1' %} default_server{% endif %}; -{% set listen_address_clean = listen_address.replace(' ', '') %} +{% set listen_address_key = listen_address.replace(' ', '') %} +{% set http3_reuseport = false %} +{% if listen_address_key != '' and listen_address_key not in http3_reuseport_list %} +{% set http3_reuseport = true %} +{% do http3_reuseport_list.append(listen_address_key) %} +{% endif %} + listen {{ listen_address }} quic{% if http3_reuseport %} reuseport{% endif %}{% if server.default_server is defined and server.default_server == '1' %} default_server{% endif %}; +{% set listen_address_clean = listen_address_key %} {% if listen_address_clean != '' %} {% set listen_port = listen_address_clean.split(':')[-1] %} {% if listen_port not in http3_alt_svc_ports %}