Changes between Initial Version and Version 1 of Ticket #2619, comment 2


Ignore:
Timestamp:
03/31/24 13:07:09 (5 weeks ago)
Author:
desaisoftwaree@…

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #2619, comment 2

    initial v1  
    11Replying to [comment:1 Roman Arutyunyan]:
    2 > > Only one server block can successfully use listen 443 quic reuseport; without encountering configuration errors.
    3 >
    4 > That's the expected behavior. You are only allowed to specify `reuseport` socket option for one listen. Please use `listen 443 quic` for others.
    5 >
    6 > >When listen 443 quic reuseport; is enabled in any server block, Nginx does not serve the content from the requested server block for specific subdomains. Instead, it serves content from a different block, indicating an issue with routing or server block selection when QUIC is enabled.
    7 > nginx should serve content from the server block where the `listen` directive for the port is specified. If it's not the case please provide more details.
     2If I have two servers with subdomains your answer becomes irrelevant. I would like to request you to suggest the solution for the below-given configuration
     3server {
     4    listen 443 ssl;
     5    listen 443 quic reuseport;
     6    server_name myapp.app www.myapp.app app.myapp.app;
    87
     8    http3 on;
     9    http2 on;
    910
    10 Dear Roman Arutyunyan,
     11    quic_retry on;
     12    ssl_early_data on;
     13    add_header Alt-Svc 'h3=":$server_port"; ma=86400';
     14    proxy_intercept_errors on;
    1115
    12 I wanted to extend my sincere gratitude for your insightful comment on the Nginx ticket regarding the listen 443 quic reuseport; directive. Your clarification on the expected behavior and guidance on using listen 443 quic was incredibly helpful. It not only resolved my confusion but also steered me in the right direction for configuring my server blocks more effectively. Your expertise and willingness to share knowledge are greatly appreciated. Thank you for your valuable contribution to the community.
     16    ssl_certificate /etc/letsencrypt/live/myapp.app/fullchain.pem;
     17    ssl_certificate_key /etc/letsencrypt/live/myapp.app/privkey.pem;
    1318
    14 Best regards
     19    location / {
     20        root /home/usr/Ecosystem-App/main-server/public/;
     21        index index.html;
     22        try_files $uri $uri.html /index.html =404;
     23    }
     24
     25    error_page 500 502 503 504 /50x.html;
     26
     27    location = /50x.html {
     28        root html;
     29    }
     30}
     31
     32server {
     33    listen 443 quic;
     34    server_name *.myapp.app;
     35
     36    http3 on;
     37    http2 on;
     38
     39    quic_retry on;
     40    ssl_early_data on;
     41    add_header Alt-Svc 'h3=":$server_port"; ma=86400';
     42    proxy_intercept_errors on;
     43
     44    ssl_certificate /etc/letsencrypt/live/myapp.app/fullchain.pem;
     45    ssl_certificate_key /etc/letsencrypt/live/myapp.app/privkey.pem;
     46
     47    location / {
     48        root /home/usr/Ecosystem-App/d2c-server/public/;
     49        index index.html;
     50        try_files $uri $uri.html /index.html =404;
     51    }
     52   
     53    error_page 500 502 503 504 /50x.html;
     54
     55    location = /50x.html {
     56        root html;
     57    }
     58}
     59
     60server {
     61    listen 443 quic;
     62    server_name myapptwo.app www.myapptwo.app app.myapptwo.app;
     63
     64    http3 on;
     65    http2 on;
     66
     67    quic_retry on;
     68    ssl_early_data on;
     69    add_header Alt-Svc 'h3=":$server_port"; ma=86400';
     70    proxy_intercept_errors on;
     71
     72    ssl_certificate /etc/letsencrypt/live/myapptwo.app/fullchain.pem;
     73    ssl_certificate_key /etc/letsencrypt/live/myapptwo.app/privkey.pem;
     74
     75    location / {
     76        root /home/usr/Ecosystem-App/main-server/public/;
     77        index index.html;
     78        try_files $uri $uri.html /index.html =404;
     79    }
     80
     81    error_page 500 502 503 504 /50x.html;
     82
     83    location = /50x.html {
     84        root html;
     85    }
     86}
     87
     88server {
     89    listen 443 quic;
     90    server_name *.myapptwo.app;
     91
     92    http3 on;
     93    http2 on;
     94
     95    quic_retry on;
     96    ssl_early_data on;
     97    add_header Alt-Svc 'h3=":$server_port"; ma=86400';
     98    proxy_intercept_errors on;
     99
     100    ssl_certificate /etc/letsencrypt/live/myapptwo.app/fullchain.pem;
     101    ssl_certificate_key /etc/letsencrypt/live/myapptwo.app/privkey.pem;
     102
     103    location / {
     104        root /home/usr/Ecosystem-App/d2c-server/public/;
     105        index index.html;
     106        try_files $uri $uri.html /index.html =404;
     107    }
     108   
     109    error_page 500 502 503 504 /50x.html;
     110
     111    location = /50x.html {
     112        root html;
     113    }
     114}
     115
     116How to have two domains myapp.app and myapptwo.app both use different ssl certificate?