mirror of
https://gitlab.archlinux.org/archlinux/infrastructure.git
synced 2024-09-18 14:11:48 +02:00
Enable HTTP/3 for {,aur.,wiki.}archlinux.org
They are our HTTP/3 guinea pigs for now. HTTP/3 has been enabled on archlinux.org since 2024-07-22, so I do not expect any issues. $http_host is changed to $host for aurweb, as HTTP/3 uses the ":authority" pseudo-header instead of the "Host" header[1][2]. [1] https://trac.nginx.org/nginx/ticket/2281 [2] https://mailman.nginx.org/pipermail/nginx-devel/2024-January/LCIUMLKCM2EBMEMTU3KXMW74AP2C4FYZ.html Ref #606
This commit is contained in:
parent
8dfa7e8c3e
commit
28e0f03cd5
@ -12,3 +12,4 @@ fail2ban_jails:
|
|||||||
nginx_limit_req: true
|
nginx_limit_req: true
|
||||||
wireguard_address: 10.0.0.1
|
wireguard_address: 10.0.0.1
|
||||||
wireguard_public_key: 0Vx7jfWinpTPHKPxvmKtZlp3hcLebawz+vQM8EIEm1k=
|
wireguard_public_key: 0Vx7jfWinpTPHKPxvmKtZlp3hcLebawz+vQM8EIEm1k=
|
||||||
|
nginx_enable_http3: true
|
||||||
|
@ -7,3 +7,4 @@ fail2ban_jails:
|
|||||||
memcached_socket: "/run/memcached/aurweb.sock"
|
memcached_socket: "/run/memcached/aurweb.sock"
|
||||||
wireguard_address: 10.0.0.2
|
wireguard_address: 10.0.0.2
|
||||||
wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
|
wireguard_public_key: TPLeGQ7qU6ZNtcgDbEV0SSYScvK+XS5igcPdGSXo6UA=
|
||||||
|
nginx_enable_http3: true
|
||||||
|
@ -4,3 +4,4 @@ wireguard_address: 10.0.0.22
|
|||||||
wireguard_public_key: bZeNWMLtyNDaFR7jjWr06nNZt/vV/OKNleV7XZZs+lc=
|
wireguard_public_key: bZeNWMLtyNDaFR7jjWr06nNZt/vV/OKNleV7XZZs+lc=
|
||||||
nginx_extra_modules:
|
nginx_extra_modules:
|
||||||
- name: geoip2
|
- name: geoip2
|
||||||
|
nginx_enable_http3: true
|
||||||
|
@ -140,7 +140,7 @@ server {
|
|||||||
location / {
|
location / {
|
||||||
# Proxy over to aurweb's ASGI application.
|
# Proxy over to aurweb's ASGI application.
|
||||||
proxy_pass http://{{ aurweb_asgi_bind }};
|
proxy_pass http://{{ aurweb_asgi_bind }};
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $host;
|
||||||
proxy_set_header X-Forwarded-For $remote_addr;
|
proxy_set_header X-Forwarded-For $remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
proxy_set_header X-Forwarded-Ssl on;
|
proxy_set_header X-Forwarded-Ssl on;
|
||||||
|
Loading…
Reference in New Issue
Block a user