From 28e0f03cd58b98b35738c0f2699a2160d6527155 Mon Sep 17 00:00:00 2001
From: Kristian Klausen <kristian@klausen.dk>
Date: Sat, 17 Aug 2024 19:36:08 +0200
Subject: [PATCH] Enable HTTP/3 for {,aur.,wiki.}archlinux.org

They are our HTTP/3 guinea pigs for now. HTTP/3 has been enabled on
archlinux.org since 2024-07-22, so I do not expect any issues.

$http_host is changed to $host for aurweb, as HTTP/3 uses the
":authority" pseudo-header instead of the "Host" header[1][2].

[1] https://trac.nginx.org/nginx/ticket/2281
[2] https://mailman.nginx.org/pipermail/nginx-devel/2024-January/LCIUMLKCM2EBMEMTU3KXMW74AP2C4FYZ.html

Ref #606
---
 host_vars/archlinux.org/misc           | 1 +
 host_vars/aur.archlinux.org/misc       | 1 +
 host_vars/wiki.archlinux.org/misc      | 1 +
 roles/aurweb/templates/nginx.d.conf.j2 | 2 +-
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/host_vars/archlinux.org/misc b/host_vars/archlinux.org/misc
index a314d594..4aa2c3dc 100644
--- a/host_vars/archlinux.org/misc
+++ b/host_vars/archlinux.org/misc
@@ -12,3 +12,4 @@ fail2ban_jails:
   nginx_limit_req: true
 wireguard_address: 10.0.0.1
 wireguard_public_key: 0Vx7jfWinpTPHKPxvmKtZlp3hcLebawz+vQM8EIEm1k=
+nginx_enable_http3: true
diff --git a/host_vars/aur.archlinux.org/misc b/host_vars/aur.archlinux.org/misc
index ad7a3de9..c30553ba 100644
--- a/host_vars/aur.archlinux.org/misc
+++ b/host_vars/aur.archlinux.org/misc
@@ -7,3 +7,4 @@ fail2ban_jails:
 memcached_socket: "/run/memcached/aurweb.sock"
 wireguard_address: 10.0.0.2
 wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
+nginx_enable_http3: true
diff --git a/host_vars/wiki.archlinux.org/misc b/host_vars/wiki.archlinux.org/misc
index 72888062..3f108500 100644
--- a/host_vars/wiki.archlinux.org/misc
+++ b/host_vars/wiki.archlinux.org/misc
@@ -4,3 +4,4 @@ wireguard_address: 10.0.0.22
 wireguard_public_key: bZeNWMLtyNDaFR7jjWr06nNZt/vV/OKNleV7XZZs+lc=
 nginx_extra_modules:
   - name: geoip2
+nginx_enable_http3: true
diff --git a/roles/aurweb/templates/nginx.d.conf.j2 b/roles/aurweb/templates/nginx.d.conf.j2
index cb883758..1f6c6405 100644
--- a/roles/aurweb/templates/nginx.d.conf.j2
+++ b/roles/aurweb/templates/nginx.d.conf.j2
@@ -140,7 +140,7 @@ server {
     location / {
         # Proxy over to aurweb's ASGI application.
         proxy_pass http://{{ aurweb_asgi_bind }};
-        proxy_set_header Host $http_host;
+        proxy_set_header Host $host;
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header X-Forwarded-Proto $scheme;
         proxy_set_header X-Forwarded-Ssl on;