Snippets de NGINX

log_format quic '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" "$http3"';

listen 443 ssl;
http2 on;

listen 443 quic;
http3 on;
http3_hq on;
quic_retry on;
ssl_early_data on;

# Headers para habilitar HTTP3 sobre QUIC
add_header alt-svc 'h3=":$server_port"; ma=86400';
add_header x-quic 'h3';

# Proteje contra Replay Attacks de SSL Early Data
# Ver RFC8446 o Documentación de NGINX
proxy_set_header Early-Data $ssl_early_data;

# Headers de Proxy Estándar
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Headers de Proxy SSL
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;

# Habilitar Websockets en Proxy para consola noVNC
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

# Des-habilitar el buffering para servir datos actuales a los clientes.
# Incrementar los timeouts de 60 a 5 min para evitar que se cierre la consola cuando no hay transferencia de datos.
# Adicionalmente se incrementa el max_body_size a 5GB para permitir subir ISOs.
proxy_buffering off;

# Deshabilitar buffering de requests para permitir subida de archivos.
# src: https://serverfault.com/questions/1098725/error-uploading-large-files-2gb-through-nginx-reverse-proxy-to-container
proxy_request_buffering off;

proxy_buffer_size 4k;
client_max_body_size 1g;
proxy_connect_timeout 300s;
proxy_read_timeout 300s;
proxy_send_timeout 300s;
send_timeout 300s;