upstream/opnsense-plugins
1
0
Fork 0
mirror of https://github.com/opnsense/plugins.git synced 2026-02-03 20:40:37 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

nginx: add optional HTTP/3 support with dynamic Alt-Svc (#5071)

Browse source
This commit is contained in:
Jan Chlouba 2025-12-17 10:30:41 +01:00 committed by GitHub
parent 89b8cddd88
commit dcaf201b0c
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 25 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
www/nginx/src/opnsense/mvc/app/controllers/OPNsense/Nginx/forms/httpserver.xml
View file

@ -173,6 +173,13 @@
<help>Enable the HTTP/2 protocol.</help>
<advanced>true</advanced>
</field>
<field>
<id>httpserver.enable_http3</id>
<label>HTTP/3 (QUIC)</label>
<type>checkbox</type>
<help>Enable HTTP/3/QUIC for this server (adds QUIC listeners and Alt-Svc header).</help>
<advanced>true</advanced>
</field>
<field>
<id>httpserver.tls_protocols</id>
<label>TLS Protocols</label>

4
www/nginx/src/opnsense/mvc/app/models/OPNsense/Nginx/Nginx.xml
View file

@ -801,6 +801,10 @@
<Default>1</Default>
<Required>Y</Required>
</http2>
<enable_http3 type="BooleanField">
<Default>0</Default>
<Required>Y</Required>
</enable_http3>
<tls_protocols type="OptionField">
<Multiple>Y</Multiple>
<Sorted>Y</Sorted>

14
www/nginx/src/opnsense/service/templates/OPNsense/Nginx/http.conf
View file

@ -120,8 +120,19 @@ server {
{% endif %}
{% if server.listen_https_address is defined and server.listen_https_address != '' %}
{% set http3_alt_svc_ports = [] %}
{% for listen_address in server.listen_https_address.split(',') %}
listen {{ listen_address }} ssl{% if server.proxy_protocol is defined and server.proxy_protocol == '1' %} proxy_protocol{% endif %}{% if server.default_server is defined and server.default_server == '1' %} default_server{% endif %};
{% if server.enable_http3|default("0") == "1" %}
listen {{ listen_address }} quic reuseport{% if server.default_server is defined and server.default_server == '1' %} default_server{% endif %};
{% set listen_address_clean = listen_address.replace(' ', '') %}
{% if listen_address_clean != '' %}
{% set listen_port = listen_address_clean.split(':')[-1] %}
{% if listen_port not in http3_alt_svc_ports %}
{% do http3_alt_svc_ports.append(listen_port) %}
{% endif %}
{% endif %}
{% endif %}
{% endfor %}
http2 {% if server.http2|default("1") == "1" %}on{% else %}off{% endif %};
{% if server.tls_reject_handshake is defined and server.tls_reject_handshake == '1'%}
@ -155,6 +166,9 @@ server {
{% else %}
ssl_stapling off;
{% endif %}
{% if server.enable_http3|default("0") == "1" and http3_alt_svc_ports|length > 0 %}
add_header Alt-Svc '{% for listen_port in http3_alt_svc_ports %}h3=":{{ listen_port }}"; ma=86400{% if not loop.last %}, {% endif %}{% endfor %}' always;
{% endif %}
{% endif %}
{% endif %}
{% if server.resolver is defined and server.resolver != '' %}