Enable HTTP/3 QUIC

2024-06-08 11:59:18 +02:00
parent cb18d970bd
commit c641f1eaa1
6 changed files with 27 additions and 5 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,7 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

 #### Added

- Ubuntu 24.04 LTS support
+- Ubuntu 24.04 LTS compatibility (some required php packages are not available yet) so not officially supported by WordOps
 - New Nginx package with HTTP/3 QUIC support
 - `wo stack install/remove --brotli` to enable/disable brotli compression

@@ -21,6 +21,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 - All APT repositories are properly signed with gpg keys
 - Netdata is installed from debian packages when available
 - Less logs in acme.sh operation
+- Migrate all repositories in /etc/apt/sources.list.d/wo-repo.list in indivual files like mariadb.list, redis.list, wordops.list

 #### Fixed

--- a/README.md
+++ b/README.md
@@ -71,6 +71,10 @@
 - Raspbian 10 (Buster)
 - Raspbian 11 (Bullseye)

+#### Not fully compatible yet
+
+- Ubuntu 24.04 LTS (Noble)
+
 ## Getting Started

 ```bash
--- a/wo/cli/templates/22222.mustache
+++ b/wo/cli/templates/22222.mustache
@@ -2,7 +2,7 @@

 server {

-  listen {{port}} default_server ssl http2;
+  listen {{port}} default_server ssl;

  access_log   /var/log/nginx/22222.access.log rt_cache;
  error_log    /var/log/nginx/22222.error.log;
--- a/wo/cli/templates/nginx-core.mustache
+++ b/wo/cli/templates/nginx-core.mustache
@@ -55,6 +55,9 @@ http {
 	proxy_set_header Early-Data $ssl_early_data;
 	ssl_early_data on;

+    # enable http/2
+    http2 on;
+
 	ssl_session_timeout 1d;
 	ssl_session_cache shared:SSL:50m;
 	ssl_session_tickets off;
--- a/wo/cli/templates/ssl.mustache
+++ b/wo/cli/templates/ssl.mustache
@@ -1,5 +1,19 @@
-listen 443 ssl http2;
-listen [::]:443 ssl http2;
+# display http version used in header (optional)
+more_set_headers "X-protocol : $server_protocol always";
+
+# Advertise HTTP/3 QUIC support (required)
+more_set_headers 'Alt-Svc h3=":$server_port"; ma=86400';
+
+# enable [QUIC address validation](https://datatracker.ietf.org/doc/html/rfc9000#name-address-validation)
+quic_retry on;
+
+# Listen on port 443 with HTTP/3 QUIC
+listen 443 quic;
+listen [::]:443 quic;
+
+# listen on port 443 with HTTP/2
+listen 443 ssl;
+listen [::]:443 ssl;
 ssl_certificate     {{ssl_live_path}}/{{domain}}/fullchain.pem;
 ssl_certificate_key     {{ssl_live_path}}/{{domain}}/key.pem;
 ssl_trusted_certificate {{ssl_live_path}}/{{domain}}/ca.pem;
--- a/wo/core/variables.py
+++ b/wo/core/variables.py
@@ -117,7 +117,7 @@ class WOVar():
    # WordOps stack installation variables
    # Nginx repo and packages
    if wo_distro == 'ubuntu':
-        wo_nginx_repo = "ppa:wordops/nginx-wo"
+        wo_nginx_repo = "ppa:virtubox/nginx"

    else:
        if wo_distro == 'debian':