Enable HTTP/3 QUIC

wo/cli/templates/22222.mustache

@@ -2,7 +2,7 @@
 
 server {
 
-  listen {{port}} default_server ssl http2;
+  listen {{port}} default_server ssl;
 
   access_log   /var/log/nginx/22222.access.log rt_cache;
   error_log    /var/log/nginx/22222.error.log;

wo/cli/templates/nginx-core.mustache

@@ -55,6 +55,9 @@ http {
 	proxy_set_header Early-Data $ssl_early_data;
 	ssl_early_data on;
 
+    # enable http/2
+    http2 on;
+
 	ssl_session_timeout 1d;
 	ssl_session_cache shared:SSL:50m;
 	ssl_session_tickets off;

wo/cli/templates/ssl.mustache

@@ -1,5 +1,19 @@
-listen 443 ssl http2;
-listen [::]:443 ssl http2;
+# display http version used in header (optional)
+more_set_headers "X-protocol : $server_protocol always";
+
+# Advertise HTTP/3 QUIC support (required)
+more_set_headers 'Alt-Svc h3=":$server_port"; ma=86400';
+
+# enable [QUIC address validation](https://datatracker.ietf.org/doc/html/rfc9000#name-address-validation)
+quic_retry on;
+
+# Listen on port 443 with HTTP/3 QUIC
+listen 443 quic;
+listen [::]:443 quic;
+
+# listen on port 443 with HTTP/2
+listen 443 ssl;
+listen [::]:443 ssl;
 ssl_certificate     {{ssl_live_path}}/{{domain}}/fullchain.pem;
 ssl_certificate_key     {{ssl_live_path}}/{{domain}}/key.pem;
 ssl_trusted_certificate {{ssl_live_path}}/{{domain}}/ca.pem;