Skip to content

correct syntax for enabling http2 in nginx. current syntax is deprecated #7860

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
JappeHallunken wants to merge 1 commit into
base: dev
Choose a base branch
from
Open

correct syntax for enabling http2 in nginx. current syntax is deprecated #7860

JappeHallunken wants to merge 1 commit into from
+1 −1

Conversation

@JappeHallunken
Copy link
Collaborator

@JappeHallunken JappeHallunken commented Dec 12, 2025

Nginx throws a warning at startup, because

"listen ... http2" directive is deprecated, use the "http2" directive instead

Changed from

listen [::]:443 ssl http2 ipv6only=on; # managed by Certbot
listen 443 ssl http2; # managed by Certbot

to

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
http2 on;

MichaIng
MichaIng requested changes Dec 13, 2025
View reviewed changes
Copy link
Owner

@MichaIng MichaIng left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This directive appeared with Nginx 1.25.1, hence is not available on Debian Bookworm and below yet. On Trixie, we might want to add the quic parameter instead. Weirdly there is a http3 directive, which is however enabled by default, but without QUIC it seems, and the http2 directive is still off by default. So inconsistent. So:

  • Up to Bookworm: Keep things as they are
  • From Trixie on: Replace http2 argument with quic, and add http2 directive instead.

@JappeHallunken
Copy link
Collaborator Author

JappeHallunken commented Dec 13, 2025

I did a bit of testing and IDK if http3 is it worth yet.
For a working config we would need to add some more stuff:

# QUIC and HTTP/3 (UDP)
    listen 443 quic reuseport;
    listen [::]:443 quic reuseport;

    # HTTP/1.1 and HTTP/2 fallback (TCP)
    listen 443 ssl;
    listen [::]:443 ssl;
    http2 on;
# Advertise HTTP/3 availability to clients
    add_header Alt-Svc 'h3=":443"; ma=86400' always;

# optional:
# QUIC settings (http3 is on by default)
    quic_retry on;      # Address validation (DDoS protection)
    quic_gso on;        # Generic Segmentation Offload (performance)

see https://nginx-wiki.getpagespeed.com/config/http3/#full-production-configuration

But the biggest hurdle would be, that the user would need to forward port 443 on UDP too. I doubt anybody is aware of that except they really want QUIC for some specific reason.

@MichaIng
Copy link
Owner

MichaIng commented Dec 13, 2025

Oh it needs a dedicated listen directive. Hmm, I mean it is the future, and looks like syntax will remain like this to split listen by port and UDP vs TCP. And it does not hurt to enable it even if ports are not forwarded, does it? For local access anyway, and we can add QUIC info to our docs.

@MichaIng MichaIng added this to the v10.0 milestone Dec 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MichaIng MichaIng MichaIng requested changes

Assignees

No one assigned

Labels

Enhancement 💨

Projects

None yet

Milestone

v10.0

Development

Successfully merging this pull request may close these issues.

3 participants

@JappeHallunken @MichaIng