nginxquichttp3

Enabling QUIC / http/3 on multiple domains with NGINX 1.25


NGINX 1.25 introduced support for http/3 (over QUIC). To enable it, one can add

listen 443 quic reuseport;

to the server block, alongside the likely existing

listen 443 ssl http2;

However, if I add the quic listen for more than one server block (which all have a different server_name set), then NGINX rejects the config with the following error:

[emerg] 2611#2611: duplicate listen options for 0.0.0.0:443 in /etc/nginx/sites-enabled/site.conf

It is possible to listen on different ports for different domains, but that doesn’t seem to be user-friendly — Firefox will display the port number in the url, even if it loaded the page over http/2 first and then got the http/3 port from an Alt-Svc header. It’s also tedious to manually allocate ports and to configure the firewall for this.

All my server blocks are using the same certificate. All domains that I have a server block for are subject alternative names in the single certificate. RFC9114 says that http/3 clients must support Server Name Indication, but even without it, because all my domains use the same certificate, it should be possible in theory to establish a connection and then decide what content to serve based on the Host header. This is not what happens though, when I send a request over QUIC, NGINX serves from the server block that the listen 443 quic is in, it seems to ignore the server name.

Is it possible with NGINX 1.25 to serve multiple domains over http/3 all on port 443?


Solution

  • Yes, nginx can serve http/3 on multiple virtual hosts, but reuseport option is supported only for 1 virtual host per the same listen IP:PORT directive.

    So, you should use different IPs for your virtual hosts or remove reuseport option.