Skip to content

Commit 0d2548c

Browse files
marcel2012marcel2012
committed
HTTP/3 add new configuration variables
1 parent 0b0f49b commit 0d2548c

File tree

15 files changed

+70
-11
lines changed

15 files changed

+70
-11
lines changed

build/dev-env.sh

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -89,6 +89,7 @@ controller:
8989
digest:
9090
config:
9191
worker-processes: "1"
92+
use-http3: "true"
9293
podLabels:
9394
deploy-date: "$(date +%s)"
9495
updateStrategy:

build/kind.yaml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,3 +16,6 @@ nodes:
1616
- containerPort: 443
1717
hostPort: 443
1818
protocol: TCP
19+
- containerPort: 443
20+
hostPort: 443
21+
protocol: UDP

cmd/nginx/main_test.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,7 +98,7 @@ func TestHandleSigterm(t *testing.T) {
9898
os.Args = oldArgs
9999
}()
100100

101-
os.Args = []string{"cmd", "--default-backend-service", "ingress-nginx/default-backend-http", "--http-port", "0", "--https-port", "0"}
101+
os.Args = []string{"cmd", "--default-backend-service", "ingress-nginx/default-backend-http", "--http-port", "0", "--https-port", "0", "--quic-port", "0"}
102102
_, conf, err := ingressflags.ParseFlags()
103103
if err != nil {
104104
t.Errorf("Unexpected error creating NGINX controller: %v", err)

docs/user-guide/cli-arguments.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment
3636
| `--healthz-host` | Address to bind the healthz endpoint. |
3737
| `--http-port` | Port to use for servicing HTTP traffic. (default 80) |
3838
| `--https-port` | Port to use for servicing HTTPS traffic. (default 443) |
39+
| `--quic-port` | Port to use for servicing QUIC traffic. (default 443) |
3940
| `--ingress-class` | Name of the ingress class this controller satisfies. The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.18.0 or higher or the annotation "kubernetes.io/ingress.class" (deprecated). If this parameter is not set, or set to the default value of "nginx", it will handle ingresses with either an empty or "nginx" class name. |
4041
| `--ingress-class-by-name` | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false). |
4142
| `--internal-logger-address` | Address to be used when binding internal syslogger. (default 127.0.0.1:11514) |

docs/user-guide/nginx-configuration/configmap.md

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,8 @@ The following table shows a configuration option's name, type, and the default v
5959
| [http2-max-header-size](#http2-max-header-size) | string | "" | DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers) |
6060
| [http2-max-requests](#http2-max-requests) | int | 0 | DEPRECATED in favour of [keepalive_requests](#keepalive-requests) |
6161
| [http2-max-concurrent-streams](#http2-max-concurrent-streams) | int | 128 | |
62+
| [http3-max-concurrent-streams](#http3-max-concurrent-streams) | int | 128 | |
63+
| [http3-stream-buffer-size](#http3-stream-buffer-size) | string | "64k" | |
6264
| [hsts](#hsts) | bool | "true" | |
6365
| [hsts-include-subdomains](#hsts-include-subdomains) | bool | "true" | |
6466
| [hsts-max-age](#hsts-max-age) | string | "31536000" | |
@@ -106,6 +108,7 @@ The following table shows a configuration option's name, type, and the default v
106108
| [brotli-min-length](#brotli-min-length) | int | 20 | |
107109
| [brotli-types](#brotli-types) | string | "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" | |
108110
| [use-http2](#use-http2) | bool | "true" | |
111+
| [use-http3](#use-http3) | bool | "false" | |
109112
| [gzip-disable](#gzip-disable) | string | "" | |
110113
| [gzip-level](#gzip-level) | int | 1 | |
111114
| [gzip-min-length](#gzip-min-length) | int | 256 | |
@@ -441,6 +444,20 @@ Sets the maximum number of concurrent HTTP/2 streams in a connection.
441444
_References:_
442445
[https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams)
443446

447+
## http3-max-concurrent-streams
448+
449+
Sets the maximum number of concurrent HTTP/3 request streams in a connection.
450+
451+
_References:_
452+
[https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams](https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams)
453+
454+
## http3-stream-buffer-size
455+
456+
Sets the size of the buffer used for reading and writing of the QUIC streams.
457+
458+
_References:_
459+
[https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_stream_buffer_size](https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_stream_buffer_size)
460+
444461
## hsts
445462

446463
Enables or disables the header HSTS in servers running SSL.
@@ -753,6 +770,10 @@ _**default:**_ `application/xml+rss application/atom+xml application/javascript
753770

754771
Enables or disables [HTTP/2](https://nginx.org/en/docs/http/ngx_http_v2_module.html) support in secure connections.
755772

773+
## use-http3
774+
775+
Enables or disables [HTTP/3](https://nginx.org/en/docs/http/ngx_http_v3_module.html) support in secure connections.
776+
756777
## gzip-disable
757778

758779
Disables [gzipping](http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable) of responses for requests with "User-Agent" header fields matching any of the specified regular expressions.

internal/ingress/controller/config/config.go

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -244,6 +244,14 @@ type Configuration struct {
244244
// Sets the maximum number of concurrent HTTP/2 streams in a connection.
245245
HTTP2MaxConcurrentStreams int `json:"http2-max-concurrent-streams,omitempty"`
246246

247+
// https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams
248+
// Sets the maximum number of concurrent HTTP/3 request streams in a connection.
249+
HTTP3MaxConcurrentStreams int `json:"http3-max-concurrent-streams,omitempty"`
250+
251+
// https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_stream_buffer_size
252+
// Sets the size of the buffer used for reading and writing of the QUIC streams.
253+
HTTP3StreamBufferSize string `json:"http3-stream-buffer-size,omitempty"`
254+
247255
// Enables or disables the header HSTS in servers running SSL
248256
HSTS bool `json:"hsts,omitempty"`
249257

@@ -450,6 +458,11 @@ type Configuration struct {
450458
// Default: true
451459
UseHTTP2 bool `json:"use-http2,omitempty"`
452460

461+
// Enables or disables the HTTP/3 support in secure connections
462+
// https://nginx.org/en/docs/http/ngx_http_v3_module.html
463+
// Default: false
464+
UseHTTP3 bool `json:"use-http3,omitempty"`
465+
453466
// Disables gzipping of responses for requests with "User-Agent" header fields matching any of
454467
// the specified regular expressions.
455468
// http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable
@@ -797,6 +810,8 @@ func NewDefault() Configuration {
797810
HTTP2MaxHeaderSize: "",
798811
HTTP2MaxRequests: 0,
799812
HTTP2MaxConcurrentStreams: 128,
813+
HTTP3MaxConcurrentStreams: 128,
814+
HTTP3StreamBufferSize: "64k",
800815
HTTPRedirectCode: 308,
801816
HSTS: true,
802817
HSTSIncludeSubdomains: true,
@@ -847,6 +862,7 @@ func NewDefault() Configuration {
847862
VariablesHashBucketSize: 256,
848863
VariablesHashMaxSize: 2048,
849864
UseHTTP2: true,
865+
UseHTTP3: false,
850866
DisableProxyInterceptErrors: false,
851867
RelativeRedirects: false,
852868
ProxyStreamTimeout: "600s",
@@ -956,6 +972,7 @@ type TemplateConfig struct {
956972
type ListenPorts struct {
957973
HTTP int `json:"HTTP"`
958974
HTTPS int `json:"HTTPS"`
975+
QUIC int `json:"QUIC"`
959976
Health int `json:"Health"`
960977
Default int `json:"Default"`
961978
SSLProxy int `json:"SSLProxy"`

internal/ingress/controller/controller.go

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -471,6 +471,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr
471471
rp := []int{
472472
n.cfg.ListenPorts.HTTP,
473473
n.cfg.ListenPorts.HTTPS,
474+
n.cfg.ListenPorts.QUIC,
474475
n.cfg.ListenPorts.SSLProxy,
475476
n.cfg.ListenPorts.Health,
476477
n.cfg.ListenPorts.Default,

pkg/flags/flags.go

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -193,6 +193,7 @@ Requires the update-status parameter.`)
193193

194194
httpPort = flags.Int("http-port", 80, `Port to use for servicing HTTP traffic.`)
195195
httpsPort = flags.Int("https-port", 443, `Port to use for servicing HTTPS traffic.`)
196+
quicPort = flags.Int("quic-port", 443, `Port to use for servicing QUIC traffic.`)
196197

197198
sslProxyPort = flags.Int("ssl-passthrough-proxy-port", 442, `Port to use internally for SSL Passthrough.`)
198199
defServerPort = flags.Int("default-server-port", 8181, `Port to use for exposing the default server (catch-all).`)
@@ -274,6 +275,10 @@ https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geol
274275
return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --https-port", *httpsPort)
275276
}
276277

278+
if !ing_net.IsPortAvailable(*quicPort) {
279+
return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --quic-port", *quicPort)
280+
}
281+
277282
if !ing_net.IsPortAvailable(*defServerPort) {
278283
return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --default-server-port", *defServerPort)
279284
}
@@ -382,6 +387,7 @@ https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geol
382387
Health: *healthzPort,
383388
HTTP: *httpPort,
384389
HTTPS: *httpsPort,
390+
QUIC: *quicPort,
385391
SSLProxy: *sslProxyPort,
386392
},
387393
IngressClassConfiguration: &ingressclass.Configuration{

0 commit comments

Comments
 (0)