Matomo Analytics

Why HTTP/3?

HTTP/3 represents a significant improvement in web protocol technology, offering:

  • Improved performance on unreliable networks

  • Reduced latency through connection migration

  • Better multiplexing without head-of-line blocking

  • Enhanced mobile performance

  • Improved security by default (QUIC is encrypted by design)

Prerequisites

  • Ubuntu 24.04 or newer

  • NGINX version 1.25 or newer

  • Valid SSL certificate

  • Root or sudo privileges

Installation

  1. Add the NGINX repository

sudo apt update 
sudo apt install curl gnupg2 ca-certificates lsb-release ubuntu-keyring 
curl https://nginx.org/keys/nginx_signing.key | gpg --dearmor | sudo tee /usr/share/keyrings/nginx-archive-keyring.gpg >/dev/null 
echo "deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] http://nginx.org/packages/mainline/ubuntu `lsb_release -cs` nginx" | sudo tee /etc/apt/sources.list.d/nginx.list
  1. Install NGINX:

sudo apt update
sudo apt install nginx
  1. Verify NGINX version (should be 1.25.0 or higher):

nginx -v

Configuration

  1. Create or modify your site configuration (/etc/nginx/conf.d/example.com.conf):

 server {
    listen 443 ssl http3 reuseport;
    listen [::]:443 ssl http3 reuseport;
    listen 443 ssl;
    listen [::]:443 ssl;
    
    server_name example.com;
    
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    
    # Enable HTTP/3
    add_header Alt-Svc 'h3=":443"; ma=86400';
    
    # SSL Configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    
    location / {
        root /var/www/html;
        index index.html;
    }
}

  1. Test and reload NGINX:

sudo nginx -t sudo systemctl reload nginx

  1. Open the port in your Firewall

HTTP/3 runs over UDP (specifically port 443/UDP) rather than TCP, so you need to ensure this port is open in your firewall. Many servers by default only have TCP/443 open for HTTPS, which won't be sufficient for HTTP/3.

Here's what needs to be allowed:

  • TCP port 443 (for regular HTTPS fallback)

  • UDP port 443 (for HTTP/3/QUIC)

Using Ploi

With Ploi, you can easily 1-click enable HTTP/3. There are requirements though, as stated above, your OS needs to be Ubuntu 24.04 or newer, and you need NGINX 1.25 or newer. Ploi will check if your server has been created after May 2024, if it's created before, it won't allow you to automatically use the HTTP/3 version.

When Ploi see's your server is supported, it will show this checkbox:

HTTP/3 Ploi

Verify HTTP/3

  1. Using curl:

curl --http3 https://example.com

  1. Using Chrome DevTools:

  • Open DevTools (F12)

  • Check Network tab

  • Look for "h3" in Protocol column

Do I need to request a new SSL certificate?

You can keep using your existing SSL certificate. HTTP/3 doesn't require any special type of SSL certificate - any valid SSL/TLS certificate that works for HTTPS will work fine for HTTP/3.

This is because HTTP/3 uses QUIC, which still relies on TLS 1.3 for encryption. The certificate requirements are the same as those for HTTP/2 and regular HTTPS.

Just make sure your certificate is:

  1. Valid (not expired)

  2. Properly installed on your server

  3. Trusted by major browsers

Troubleshooting

  • Check NGINX error logs: tail -f /var/log/nginx/error.log

  • Ensure port 443/UDP is open in your firewall

  • Verify NGINX is running: systemctl status nginx

19 November 2024 (last updated 1 week ago)

141 views

Written by Dennis

Dennis brings over 6 years of hands-on experience in server management, specializing in optimizing web services for scalability and security.

Back to Server


Start free trial