`http_v3` module#

Enables HTTP/3 support for client connections, as well as for connections with proxied servers configured using the following http_proxy directives:

Example Configuration#

http {
    log_format quic '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http3"';

    access_log logs/access.log quic;

    server {
        # for better compatibility it's recommended
        # to use the same port for http/3 and https
        listen 8443 quic reuseport;
        listen 8443 ssl;

        ssl_certificate     certs/example.com.crt;
        ssl_certificate_key certs/example.com.key;

        location / {
            # used to advertise the availability of HTTP/3
            add_header Alt-Svc 'h3=":8443"; ma=86400';
        }
    }
}

Important

Note that accepting HTTP/3 connections over TLS requires the TLSv1.3 protocol support, which is available since OpenSSL version 1.1.1.

Directives#

http3#

Syntax:: http3 on | off;
Default:: http3 on;
Context:: http, server

Enables HTTP/3 protocol negotiation.

http3_hq#

Syntax:: http3_hq on | off;
Default:: http3_hq off;
Context:: http, server

Enables HTTP/0.9 protocol negotiation used in QUIC interoperability tests.

http3_max_concurrent_streams#

Syntax:: http3_max_concurrent_streams number;
Default:: http3_max_concurrent_streams 128;
Context:: http, server

Sets the maximum number of concurrent HTTP/3 request streams in a connection.

http3_stream_buffer_size#

Syntax:: http3_stream_buffer_size size;
Default:: http3_stream_buffer_size 64k;
Context:: http, server

Sets the size of the buffer used for reading and writing of the QUIC streams.

quic_active_connection_id_limit#

Syntax:: quic_active_connection_id_limit number;
Default:: quic_active_connection_id_limit 2;
Context:: http, server

Sets the QUIC active_connection_id_limit transport parameter value. This is the maximum number of client connection IDs which can be stored on the server.

quic_bpf#

Syntax:: quic_bpf on | off;
Default:: quic_bpf off;
Context:: main

Enables routing of QUIC packets using eBPF. When enabled, this allows supporting QUIC connection migration.

Important

The directive is only supported on Linux 5.7+.

quic_gso#

Syntax:: quic_gso on | off;
Default:: quic_gso off;
Context:: http, server

Enables sending in optimized batch mode using segmentation offloading.

Important

Optimized sending is supported only on Linux featuring UDP_SEGMENT.

quic_host_key#

Syntax:: quic_host_key file;
Default:: —
Context:: http, server

Sets a file with the secret key used to encrypt stateless reset and address validation tokens. By default, a random key is generated on each reload. Tokens generated with old keys are not accepted.

quic_retry#

Syntax:: quic_retry on | off;
Default:: quic_retry off;
Context:: http, server

Enables the QUIC Address Validation feature. This includes sending a new token in a Retry packet or a NEW_TOKEN frame and validating a token received in the Initial packet.

Built-in Variables#

The http_v3 module supports the following Built-in variables:

`$http3`#

negotiated protocol identifier:

`h3`	for HTTP/3 connections
`hq`	for hq connections
`""`	an empty string otherwise

`$quic_connection`#

QUIC connection serial number

http_v3 module

Contents

http_v3 module#

Example Configuration#

Directives#

http3#

http3_hq#

http3_max_concurrent_streams#

http3_stream_buffer_size#

quic_active_connection_id_limit#

quic_bpf#

quic_gso#

quic_host_key#

quic_retry#

Built-in Variables#

$http3#

$quic_connection#

`http_v3` module#

`$http3`#

`$quic_connection`#