nixos/nginx: disable automatic advertise of HTTP/3 protocol support

Automatic advertise in the `http` block about support of HTTP/3 protocol makes it difficult to automatically configure services to work with it. HTTP/3 availability must be manually advertised, preferably in each location block.
2023-12-19 22:31:46 +03:00 · 2023-12-19 22:31:46 +03:00 · 2fb0b52c50
commit 2fb0b52c50
parent 4c896726d7
3 changed files with 15 additions and 10 deletions
--- a/nixos/doc/manual/release-notes/rl-2405.section.md
+++ b/nixos/doc/manual/release-notes/rl-2405.section.md
@ -59,6 +59,18 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
 - `mkosi` was updated to v19. Parts of the user interface have changed. Consult the
  [release notes](https://github.com/systemd/mkosi/releases/tag/v19) for a list of changes.

+- `services.nginx` will no longer advertise HTTP/3 availability automatically. This must now be manually added, preferably to each location block.
+  Example:
+
+  ```nix
+    locations."/".extraConfig = ''
+      add_header Alt-Svc 'h3=":$server_port"; ma=86400';
+    '';
+    locations."^~ /assets/".extraConfig = ''
+      add_header Alt-Svc 'h3=":$server_port"; ma=86400';
+    '';
+
+  ```
 - The `kanata` package has been updated to v1.5.0, which includes [breaking changes](https://github.com/jtroo/kanata/releases/tag/v1.5.0).

 - The latest available version of Nextcloud is v28 (available as `pkgs.nextcloud28`). The installation logic is as follows:
--- a/nixos/modules/services/web-servers/nginx/default.nix
+++ b/nixos/modules/services/web-servers/nginx/default.nix
@ -408,12 +408,6 @@ let
            ssl_conf_command Options KTLS;
          ''}

-          ${optionalString (hasSSL && vhost.quic && vhost.http3)
-            # Advertise that HTTP/3 is available
-          ''
-            add_header Alt-Svc 'h3=":$server_port"; ma=86400';
-          ''}
-
          ${mkBasicAuth vhostName vhost}

          ${optionalString (vhost.root != null) "root ${vhost.root};"}
--- a/nixos/modules/services/web-servers/nginx/vhost-options.nix
+++ b/nixos/modules/services/web-servers/nginx/vhost-options.nix
@ -235,9 +235,9 @@ with lib;
        which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`
        and activate the QUIC transport protocol
        `services.nginx.virtualHosts.<name>.quic = true;`.
-        Note that HTTP/3 support is experimental and
-        *not* yet recommended for production.
+        Note that HTTP/3 support is experimental and *not* yet recommended for production.
        Read more at https://quic.nginx.org/
+        HTTP/3 availability must be manually advertised, preferably in each location block.
      '';
    };

@ -250,8 +250,7 @@ with lib;
        which can be achieved by setting `services.nginx.package = pkgs.nginxQuic;`
        and activate the QUIC transport protocol
        `services.nginx.virtualHosts.<name>.quic = true;`.
-        Note that special application protocol support is experimental and
-        *not* yet recommended for production.
+        Note that special application protocol support is experimental and *not* yet recommended for production.
        Read more at https://quic.nginx.org/
      '';
    };