From 2d6a54a5264773cf17efe3971c6f2fe8b5c898c1 Mon Sep 17 00:00:00 2001 From: thespad Date: Fri, 18 Jul 2025 20:26:10 +0100 Subject: [PATCH] Comment out QUIC listeners and update readme --- README.md | 9 +++++++++ readme-vars.yml | 9 ++++++++- root/defaults/nginx/site-confs/default.conf.sample | 6 +++--- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 795ef28..374ca57 100644 --- a/README.md +++ b/README.md @@ -142,6 +142,12 @@ This will *ask* Google et al not to index and list your site. Be careful with th * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not. * You can check the new sample and adjust your active config as needed. +### QUIC support + +This image supports QUIC (also known as HTTP/3) but it must be explicitly enabled in each proxy conf, and the default conf, because if the listener is enabled and you don't expose 443/UDP, it can break connections with some browsers. + +To enable QUIC, expose 443/UDP to your clients, then uncomment both QUIC listeners in all of your active proxy confs, as well as the default conf, and restart the container. + ### Migration from the old `linuxserver/letsencrypt` image Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate). @@ -194,6 +200,7 @@ services: ports: - 443:443 - 80:80 #optional + - 443/udp:443/udp #optional restart: unless-stopped ``` @@ -221,6 +228,7 @@ docker run -d \ -e SWAG_AUTORELOAD_WATCHLIST= `#optional` \ -p 443:443 \ -p 80:80 `#optional` \ + -p 443/udp:443/udp `#optional` \ -v /path/to/swag/config:/config \ --restart unless-stopped \ lscr.io/linuxserver/swag:latest @@ -234,6 +242,7 @@ Containers are configured using parameters passed at runtime (such as those abov | :----: | --- | | `-p 443:443` | HTTPS port | | `-p 80` | HTTP port (required for HTTP validation and HTTP -> HTTPS redirect) | +| `-p 443/udp` | QUIC (HTTP/3) port. Must be enabled in the default and proxy confs. | | `-e PUID=1000` | for UserID - see below for explanation | | `-e PGID=1000` | for GroupID - see below for explanation | | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). | diff --git a/readme-vars.yml b/readme-vars.yml index ae511fa..fd3ea66 100644 --- a/readme-vars.yml +++ b/readme-vars.yml @@ -44,6 +44,7 @@ opt_param_env_vars: opt_param_usage_include_ports: true opt_param_ports: - {external_port: "80", internal_port: "80", port_desc: "HTTP port (required for HTTP validation and HTTP -> HTTPS redirect)"} + - {external_port: "443/udp", internal_port: "443/udp", port_desc: "QUIC (HTTP/3) port. Must be enabled in the default and proxy confs."} readonly_supported: true readonly_message: | * `/tmp` must be mounted to tmpfs @@ -138,6 +139,12 @@ app_setup_block: | * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not. * You can check the new sample and adjust your active config as needed. + ### QUIC support + + This image supports QUIC (also known as HTTP/3) but it must be explicitly enabled in each proxy conf, and the default conf, because if the listener is enabled and you don't expose 443/UDP, it can break connections with some browsers. + + To enable QUIC, expose 443/UDP to your clients, then uncomment both QUIC listeners in all of your active proxy confs, as well as the default conf, and restart the container. + ### Migration from the old `linuxserver/letsencrypt` image Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate). @@ -207,7 +214,7 @@ init_diagram: | "swag:latest" <- Base Images # changelog changelogs: - - {date: "09.07.25:", desc: "Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained."} + - {date: "18.07.25:", desc: "Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained."} - {date: "05.05.25:", desc: "Disable Certbot's built in log rotation."} - {date: "19.01.25:", desc: "Add [Auto Reload](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload) functionality to SWAG."} - {date: "17.12.24:", desc: "Rebase to Alpine 3.21."} diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample index ad71294..e240496 100644 --- a/root/defaults/nginx/site-confs/default.conf.sample +++ b/root/defaults/nginx/site-confs/default.conf.sample @@ -1,4 +1,4 @@ -## Version 2025/07/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample +## Version 2025/07/18 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample # redirect all traffic to https server { @@ -13,9 +13,9 @@ server { # main server block server { listen 443 ssl default_server; +# listen 443 quic reuseport default_server; listen [::]:443 ssl default_server; - listen 443 quic reuseport default_server; - listen [::]:443 quic reuseport default_server; +# listen [::]:443 quic reuseport default_server; server_name _;