Upgrade Nginx for http3

I would like to enable h3 & TLS1.3 on my server but the last “stable” nginx version is 1.18 which is a little bit outdated.
Cleavr handle perfectly the nginx config and I’m not sure that upgrading nginx to 1.25 will pass without any issue, as I have already some customers websites on the server.
What do you recommanded to me ?
I could upgrade manually following some tutorial like that and prey Get the Latest Version of Nginx on Ubuntu 22.04. :slight_smile:, or provisionning a new server instead and then migrate my websites on it ?

1 Like

Hi @Jerem,

We don’t currently have an upgrade path for NGINX mainly due to the unknowns that can happen that can take sites down and that’d be difficult to back out of.

We’ve been on a path working towards site migrations from one server to another. Ultimately, we feel better about that path for major services/system updates, especially for something like NGINX, since it’ll let you to build up the other server and verify before making the switch.

We’re not completely there in terms of server migration functionality, but we do have the database migration portion available.

Hello @amiedema,

Thank you for your feedback. Sound good to hear that you guys are working on site migration between server !

For h3 I tried those past days to enable it on my server but it was a fail :slight_smile:
I get pretty easily updated nginx to 1.25.3 and managed enabling brotli with a custom build from source.
Everything worked great, just some warning about the http2 directive that should be removed on the listen 443 & ssl lines in profit to juste a http2 on;
Basically with the last nginx version, cleavr should just update the default site configuration from this :

listen 443 ssl http2;
listen [::]:443 ssl http2;

To this :

listen 443 ssl;
listen [::]:443 ssl;
http2 on;

For h3 we normally have to enable quic directive too & add a header info, but none of them worked for me, but it seems that even if the 1.25.* nginx versions should be compatible with the last current openSSL, there should be an issue about the current implementation.

Assuming you are all more devops than me (I’m a frontend dev), do you think you could maybe make some tests on that part to enable by default the last version of nginx on new server provision ? h3 is not a mandatory for now but it will probably be fully compatible in the next months so we could enable it for free if new servers is provisionned by nginx last version.