Useful NGINX Snippets
Server Snippets
Snippets in this section belong in the server blocks.
NGINX QUIC Log Format
log_format quic '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" "$http3"';
HTTP2 Options
listen 443 ssl;
http2 on;
HTTP3 Options
listen 443 quic;
http3 on;
http3_hq on;
quic_retry on;
ssl_early_data on;
Location Snippets
Snippets in this section belong in the location blocks.
QUIC & HTTP/3 Headers
# Headers to enable HTTP3 over QUIC
add_header alt-svc 'h3=":$server_port"; ma=86400';
add_header x-quic 'h3';
# Protects against SSL Early Data Replay Attacks
# See RFC8446 or NGINX Documentation
proxy_set_header Early-Data $ssl_early_data;
Reverse Proxy: Standard Headers
# Standard proxying headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
Reverse Proxy: SSL Headers
# SSL proxying headers
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
WebSocket Related Headers
# Enable proxy websockets for the noVNC console to work
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
Buffer Disabling Headers
This snippet is particularly useful for reverse proxying interfaces like the Proxmox VE GUI.
# Disable buffering to serve data immediately to clients.
# Increase timeouts from default 60 seconds to 5 minutes for the console not to close when no data is transferred.
# Additionally the max_body_size was increased to 5 GB to allow uploads of huge ISOs.
proxy_buffering off;
# Disable request buffering to allow file uploads
# src: https://serverfault.com/questions/1098725/error-uploading-large-files-2gb-through-nginx-reverse-proxy-to-container
proxy_request_buffering off;
proxy_buffer_size 4k;
client_max_body_size 1g;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
send_timeout 300s;