[BUG] Missing reuseport directive in default-server-http.conf prevents HTTP/3 (QUIC) from working

[ellmout]

What happened?

I encountered an issue where HTTP/3 (QUIC) did not work correctly with the default Nginx configuration shipped in BunkerWeb's default-server-http.conf.

The problem was that the reuseport directive was missing in the listen directives for both TCP and UDP on port 8443. Without reuseport, Nginx cannot bind both TCP and UDP sockets on the same port, which is necessary for HTTP/3 support.

How to reproduce?

1. Use the default default-server-http.conf configuration.
2. Enable HTTP/3 in Nginx (with http3 on; and listen ... quic;).
3. Try to connect with HTTP/3 (e.g., with curl --http3).
4. HTTP/3 connection fails silently or does not establish properly.

Configuration file(s) (yaml or .env)

http3 on;
listen 0.0.0.0:8443 quic default_server;
listen [::]:8443 quic default_server;
add_header Alt-Svc 'h3=":443"; ma=86400';

Relevant log output

root@host:~# curl -v -4 --http3 https://vhost.example.com
* Host vhost.example.com:443 was resolved.
* IPv6: (none)
* IPv4: 203.0.113.42
*   Trying 203.0.113.42:443...
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* Server certificate:
*  subject: CN=*.example.com
*  start date: Jan 01 00:00:00 2025 GMT
*  expire date: Mar 31 23:59:59 2025 GMT
*  subjectAltName: host "vhost.example.com" matched cert's "*.example.com"
*  issuer: C=US; O=Test CA; CN=Test Issuer
*  SSL certificate verify ok.
*   Certificate level 0: Public key type EC/prime256v1 (256 bits), signed using ecdsa-with-SHA384
*   Certificate level 1: Public key type EC/secp384r1 (384 bits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (4096 bits), signed using sha256WithRSAEncryption
* Connected to vhost.example.com (203.0.113.42) port 443
* using HTTP/3
* [HTTP/3] [0] OPENED stream for https://vhost.example.com/
* [HTTP/3] [0] [:method: GET]
* [HTTP/3] [0] [:scheme: https]
* [HTTP/3] [0] [:authority: vhost.example.com]
* [HTTP/3] [0] [:path: /]
* [HTTP/3] [0] [user-agent: curl/8.14.1]
* [HTTP/3] [0] [accept: */*]
> GET / HTTP/3
> Host: vhost.example.com
> User-Agent: curl/8.14.1
> Accept: */*
>
* Request completely sent off
* QUIC connection has been shut down
* Connection #0 to host vhost.example.com left intact
curl: (56) QUIC connection has been shut down

BunkerWeb version

1.6.2

What integration are you using?

Docker

Linux distribution (if applicable)

Alpine Linux

Removed private data

• I have removed all private data from the configuration file and the logs

Code of Conduct

• I agree to follow this project's Code of Conduct

[ellmout]

After editing default-server-http.conf, and restarting nginx inside the container, it works great !

        http3 on;
        listen 0.0.0.0:8443 quic reuseport default_server;
        listen [::]:8443 quic reuseport default_server;
        add_header Alt-Svc 'h3=":443"; ma=86400';

[TheophileDiot]

Hi @ellmout, thank you for opening this Issue. Nice catch! And sorry for the late response!

[TheophileDiot]

Hi @ellmout, I’ve confirmed the bug and implemented the proposed fix 😄