HTTP/3 add new configuration variables

Author: marcel2012

build/dev-env.sh

@@ -89,6 +89,7 @@ controller:
     digest:
   config:
     worker-processes: "1"
+    use-http3: "true"
   podLabels:
     deploy-date: "$(date +%s)"
   updateStrategy:

build/kind.yaml

@@ -16,3 +16,6 @@ nodes:
       - containerPort: 443
         hostPort: 443
         protocol: TCP
+      - containerPort: 443
+        hostPort: 443
+        protocol: UDP

cmd/nginx/main_test.go

@@ -98,7 +98,7 @@ func TestHandleSigterm(t *testing.T) {
 		os.Args = oldArgs
 	}()
 
-	os.Args = []string{"cmd", "--default-backend-service", "ingress-nginx/default-backend-http", "--http-port", "0", "--https-port", "0"}
+	os.Args = []string{"cmd", "--default-backend-service", "ingress-nginx/default-backend-http", "--http-port", "0", "--https-port", "0", "--quic-port", "0"}
 	_, conf, err := ingressflags.ParseFlags()
 	if err != nil {
 		t.Errorf("Unexpected error creating NGINX controller: %v", err)

docs/user-guide/cli-arguments.md

@@ -36,6 +36,7 @@ They are set in the container spec of the `ingress-nginx-controller` Deployment
 | `--healthz-host`                   | Address to bind the healthz endpoint. |
 | `--http-port`                      | Port to use for servicing HTTP traffic. (default 80) |
 | `--https-port`                     | Port to use for servicing HTTPS traffic. (default 443) |
+| `--quic-port`                      | Port to use for servicing QUIC traffic. (default 443) |
 | `--ingress-class`                  | Name of the ingress class this controller satisfies. The class of an Ingress object is set using the field IngressClassName in Kubernetes clusters version v1.18.0 or higher or the annotation "kubernetes.io/ingress.class" (deprecated). If this parameter is not set, or set to the default value of "nginx", it will handle ingresses with either an empty or "nginx" class name. |
 | `--ingress-class-by-name`          | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. (default false). |
 | `--internal-logger-address`        | Address to be used when binding internal syslogger. (default 127.0.0.1:11514) |

docs/user-guide/nginx-configuration/configmap.md

@@ -59,6 +59,8 @@ The following table shows a configuration option's name, type, and the default v
 | [http2-max-header-size](#http2-max-header-size)                                 | string       | ""                                                                                                                                                                                                                                                                                                                                                           | DEPRECATED in favour of [large_client_header_buffers](#large-client-header-buffers) |
 | [http2-max-requests](#http2-max-requests)                                       | int          | 0                                                                                                                                                                                                                                                                                                                                                            | DEPRECATED in favour of [keepalive_requests](#keepalive-requests)                   |
 | [http2-max-concurrent-streams](#http2-max-concurrent-streams)                   | int          | 128                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [http3-max-concurrent-streams](#http3-max-concurrent-streams)                   | int          | 128                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
+| [http3-stream-buffer-size](#http3-stream-buffer-size)                           | string       | "64k"                                                                                                                                                                                                                                                                                                                                                        |                                                                                     |
 | [hsts](#hsts)                                                                   | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
 | [hsts-include-subdomains](#hsts-include-subdomains)                             | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
 | [hsts-max-age](#hsts-max-age)                                                   | string       | "31536000"                                                                                                                                                                                                                                                                                                                                                   |                                                                                     |
@@ -106,6 +108,7 @@ The following table shows a configuration option's name, type, and the default v
 | [brotli-min-length](#brotli-min-length)                                         | int          | 20                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
 | [brotli-types](#brotli-types)                                                   | string       | "application/xml+rss application/atom+xml application/javascript application/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/javascript text/plain text/x-component" |                                                                                     |
 | [use-http2](#use-http2)                                                         | bool         | "true"                                                                                                                                                                                                                                                                                                                                                       |                                                                                     |
+| [use-http3](#use-http3)                                                         | bool         | "false"                                                                                                                                                                                                                                                                                                                                                      |                                                                                     |
 | [gzip-disable](#gzip-disable)                                                   | string       | ""                                                                                                                                                                                                                                                                                                                                                           |                                                                                     |
 | [gzip-level](#gzip-level)                                                       | int          | 1                                                                                                                                                                                                                                                                                                                                                            |                                                                                     |
 | [gzip-min-length](#gzip-min-length)                                             | int          | 256                                                                                                                                                                                                                                                                                                                                                          |                                                                                     |
@@ -441,6 +444,20 @@ Sets the maximum number of concurrent HTTP/2 streams in a connection.
 _References:_
 [https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams](https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2_max_concurrent_streams)
 
+## http3-max-concurrent-streams
+
+Sets the maximum number of concurrent HTTP/3 request streams in a connection.
+
+_References:_
+[https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams](https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams)
+
+## http3-stream-buffer-size
+
+Sets the size of the buffer used for reading and writing of the QUIC streams.
+
+_References:_
+[https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_stream_buffer_size](https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_stream_buffer_size)
+
 ## hsts
 
 Enables or disables the header HSTS in servers running SSL.
@@ -753,6 +770,10 @@ _**default:**_ `application/xml+rss application/atom+xml application/javascript
 
 Enables or disables [HTTP/2](https://nginx.org/en/docs/http/ngx_http_v2_module.html) support in secure connections.
 
+## use-http3
+
+Enables or disables [HTTP/3](https://nginx.org/en/docs/http/ngx_http_v3_module.html) support in secure connections.
+
 ## gzip-disable
 
 Disables [gzipping](http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable) of responses for requests with "User-Agent" header fields matching any of the specified regular expressions.

internal/ingress/controller/config/config.go

@@ -244,6 +244,14 @@ type Configuration struct {
 	// Sets the maximum number of concurrent HTTP/2 streams in a connection.
 	HTTP2MaxConcurrentStreams int `json:"http2-max-concurrent-streams,omitempty"`
 
+	// https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_max_concurrent_streams
+	// Sets the maximum number of concurrent HTTP/3 request streams in a connection.
+	HTTP3MaxConcurrentStreams int `json:"http3-max-concurrent-streams,omitempty"`
+
+	// https://nginx.org/en/docs/http/ngx_http_v3_module.html#http3_stream_buffer_size
+	// Sets the size of the buffer used for reading and writing of the QUIC streams.
+	HTTP3StreamBufferSize string `json:"http3-stream-buffer-size,omitempty"`
+
 	// Enables or disables the header HSTS in servers running SSL
 	HSTS bool `json:"hsts,omitempty"`
 
@@ -450,6 +458,11 @@ type Configuration struct {
 	// Default: true
 	UseHTTP2 bool `json:"use-http2,omitempty"`
 
+	// Enables or disables the HTTP/3 support in secure connections
+	// https://nginx.org/en/docs/http/ngx_http_v3_module.html
+	// Default: false
+	UseHTTP3 bool `json:"use-http3,omitempty"`
+
 	// Disables gzipping of responses for requests with "User-Agent" header fields matching any of
 	// the specified regular expressions.
 	// http://nginx.org/en/docs/http/ngx_http_gzip_module.html#gzip_disable
@@ -797,6 +810,8 @@ func NewDefault() Configuration {
 		HTTP2MaxHeaderSize:               "",
 		HTTP2MaxRequests:                 0,
 		HTTP2MaxConcurrentStreams:        128,
+		HTTP3MaxConcurrentStreams:        128,
+		HTTP3StreamBufferSize:            "64k",
 		HTTPRedirectCode:                 308,
 		HSTS:                             true,
 		HSTSIncludeSubdomains:            true,
@@ -847,6 +862,7 @@ func NewDefault() Configuration {
 		VariablesHashBucketSize:          256,
 		VariablesHashMaxSize:             2048,
 		UseHTTP2:                         true,
+		UseHTTP3:                         false,
 		DisableProxyInterceptErrors:      false,
 		RelativeRedirects:                false,
 		ProxyStreamTimeout:               "600s",
@@ -956,6 +972,7 @@ type TemplateConfig struct {
 type ListenPorts struct {
 	HTTP     int `json:"HTTP"`
 	HTTPS    int `json:"HTTPS"`
+	QUIC     int `json:"QUIC"`
 	Health   int `json:"Health"`
 	Default  int `json:"Default"`
 	SSLProxy int `json:"SSLProxy"`

internal/ingress/controller/controller.go

@@ -471,6 +471,7 @@ func (n *NGINXController) getStreamServices(configmapName string, proto apiv1.Pr
 	rp := []int{
 		n.cfg.ListenPorts.HTTP,
 		n.cfg.ListenPorts.HTTPS,
+		n.cfg.ListenPorts.QUIC,
 		n.cfg.ListenPorts.SSLProxy,
 		n.cfg.ListenPorts.Health,
 		n.cfg.ListenPorts.Default,

pkg/flags/flags.go

@@ -193,6 +193,7 @@ Requires the update-status parameter.`)
 
 		httpPort  = flags.Int("http-port", 80, `Port to use for servicing HTTP traffic.`)
 		httpsPort = flags.Int("https-port", 443, `Port to use for servicing HTTPS traffic.`)
+		quicPort  = flags.Int("quic-port", 443, `Port to use for servicing QUIC traffic.`)
 
 		sslProxyPort  = flags.Int("ssl-passthrough-proxy-port", 442, `Port to use internally for SSL Passthrough.`)
 		defServerPort = flags.Int("default-server-port", 8181, `Port to use for exposing the default server (catch-all).`)
@@ -274,6 +275,10 @@ https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geol
 		return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --https-port", *httpsPort)
 	}
 
+	if !ing_net.IsPortAvailable(*quicPort) {
+		return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --quic-port", *quicPort)
+	}
+
 	if !ing_net.IsPortAvailable(*defServerPort) {
 		return false, nil, fmt.Errorf("port %v is already in use. Please check the flag --default-server-port", *defServerPort)
 	}
@@ -382,6 +387,7 @@ https://blog.maxmind.com/2019/12/significant-changes-to-accessing-and-using-geol
 			Health:   *healthzPort,
 			HTTP:     *httpPort,
 			HTTPS:    *httpsPort,
+			QUIC:     *quicPort,
 			SSLProxy: *sslProxyPort,
 		},
 		IngressClassConfiguration: &ingressclass.Configuration{