I've got quic working (verified by https://http3check.net/), but found that my site's upload speed was crippled as a result.
I've since added http3_stream_buffer_size 1m; (default is 64k) and speeds have improved hugely, at least an order of magnitude.
Which is great, "problem solved". But no-where told me to do this when setting quic up. I wonder what other pitfalls I might be currently unaware of, or what other default settings should be changed for most people's use case.
Thank you.
I have the following config related to HTTP3 / Quic only.
In nginx.conf:
http {
...
# Increase max number of concurrenty HTTP/3 request streams in a connection
http3_max_concurrent_streams 1024;
# Increase the size of the buffer used for reading and writing of the QUIC streams
http3_stream_buffer_size 1024k;
# Enable sending in optimized batch mode using segmentation offloading
quic_gso on;
# Enable QUIC Address Validation feature
quic_retry on;
}
And on virtual server block level (supporting both SSL and Quic):
server {
listen 443 quic;
listen 443 ssl;
http2 on;
# Add quic headers
add_header Alt-Svc 'h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400' always;
add_header x-quic 'h3' always;
...
}
And finally in my default server block with reuseport (only listen on IPv4, feel free to uncomment the IPv6 interfaces as well):
server {
listen 80 reuseport default_server;
#listen [::]:80 default_server;
# Enable http/3
listen 443 quic reuseport default_server;
#listen [::]:443 quic reuseport default_server;
listen 443 ssl reuseport default_server;
#listen [::]:443 ssl default_server;
server_name _;
...
}
Do NOT forget to open port 443 on BOTH TCP & UDP in your firewall(s). After all Quic is using UDP to establish a connection, only allowing TCP will therefor not work.
Last but not least, you can now validate your connection via for example: https://http3check.net/
