modsecurity-crs-docker icon indicating copy to clipboard operation
modsecurity-crs-docker copied to clipboard
verified publisher icon coreruleset

Add support for QUIC and HTTP/3 to Nginx images

Open butwhoscounting opened this issue 4 months ago • 3 comments

Currently Nginx is built with support for the HTTP v3 module (--with-http_v3_module), but there are no Nginx environment variables that would enable the administrator to configure HTTP/3 and Nginx is built with an older version of OpenSSL than Nginx officially recommends for HTTP/3 deployments (Nginx is built with OpenSSL v3.3.4, Nginx docs recommend v3.5.1 or higher).

While I understand that it's possible to mount your own nginx.conf into the image and potentially enable HTTP/3 this way, then considering that HTTP/3 is becoming more widespread and gives considerable performance improvements in some scenarios, I think it would be a good idea to make it configurable via env variables. Besides, the OpenSSL dependency issue can't be solved by mounting a custom nginx.conf anyways.

butwhoscounting avatar Sep 05 '25 10:09 butwhoscounting

Hi @butwhoscounting! Thanks for creating this one. We basically use their upstream images. As long as they have support, we can use it.

fzipi avatar Sep 05 '25 13:09 fzipi

Thank you for your reply @fzipi. Inspecting the upstream images it appears that the current mainline images (Nginx v1.29.1) have been built with OpenSSL v3.5.1 (the desired version) and the stable images (Nginx v1.28.0) have been built with an older version of OpenSSL.

Since the ModSec images are based off of stable Nginx images then I guess it makes sense to shelve this idea for now and wait with introducing support for HTTP/3 until Nginx v1.29 is included in the stable images upstream.

butwhoscounting avatar Sep 06 '25 19:09 butwhoscounting

We don't need to close this one, we can just wait until upstream has the support. 😄

fzipi avatar Sep 06 '25 20:09 fzipi