NGINX 1.25 introduced support for http/3 (over QUIC). To enable it, one can add
listen 443 quic reuseport;
to the server
block, alongside the likely existing
listen 443 ssl http2;
However, if I add the quic
listen for more than one server block (which all have a different server_name
set), then NGINX rejects the config with the following error:
[emerg] 2611#2611: duplicate listen options for 0.0.0.0:443 in /etc/nginx/sites-enabled/site.conf
It is possible to listen on different ports for different domains, but that doesn’t seem to be user-friendly — Firefox will display the port number in the url, even if it loaded the page over http/2 first and then got the http/3 port from an Alt-Svc
header. It’s also tedious to manually allocate ports and to configure the firewall for this.
All my server
blocks are using the same certificate. All domains that I have a server
block for are subject alternative names in the single certificate. RFC9114 says that http/3 clients must support Server Name Indication, but even without it, because all my domains use the same certificate, it should be possible in theory to establish a connection and then decide what content to serve based on the Host
header. This is not what happens though, when I send a request over QUIC, NGINX serves from the server
block that the listen 443 quic
is in, it seems to ignore the server name.
Is it possible with NGINX 1.25 to serve multiple domains over http/3 all on port 443?
Yes, nginx can serve http/3 on multiple virtual hosts, but reuseport
option is supported only for 1 virtual host per the same listen IP:PORT
directive.
So, you should use different IPs for your virtual hosts or remove reuseport
option.