Ubuntu
nginx package

Add a UFW firewall config to support QUIC

Bug #2062058 reported by Marcus Bointon
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
nginx (Ubuntu)
Triaged
Wishlist
Unassigned
Ubuntu later

Bug Description

New feature, not a bug

nginx 1.25 adds support for QUIC + HTTP/3, which is typically deployed over UDP port 443. This option is not included in the provided UFW applications, so this PR adds it. Note that it is not done as a standalone app (i.e. with only QUIC) because it's usually combined with regular HTTPS on TCP port 443 along with an Alt-Svc header to inform clients of its presence.
This is a fairly recent addition to nginx (added to mainline a year ago), not applicable to older distros, so this may be better merged into whichever of your future release branches would be more appropriate.

I submitted the same change as a PR to Debian some time ago: https://salsa.debian.org/nginx-team/nginx/-/merge_requests/73

Also this question: https://answers.launchpad.net/ubuntu/+source/nginx/+question/809215

Revision history for this message
Marcus Bointon (marcus-synchromedia) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "Patch to add QUIC UFW config" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
Mitchell Dzurick (mitchdz) wrote :

Hi Marcus,

Thanks for making this bug report!

To answer your question[0] on why we have version 1.24 instead of 1.25, we stay up to date with debian for this package. Since debian is still on 1.24 that's what we have.

I'm curious if you were able to test the patch and if it worked for you, considering we are not on version 1.25.

With that said, this is already going into Debian so hopefully 1.25 gets updated in Debian for the next Ubuntu cycle and then we can just sync the changes. I'm adding the necessary tags to wait for next cycle to try and bring this in.

tags: added: needs-merge
tags: added: packaging
Changed in nginx (Ubuntu):
milestone: none → later
status: New → Triaged
Revision history for this message
Marcus Bointon (marcus-synchromedia) wrote :

Thanks Mitchell,

Well, I'm using 1.25 ubuntu package directly from the nginx repo, and this patch works just fine with that – it's only a simple addition to a UFW config file, not complicated.

You probably know this, but nginx's versioning system is slightly weird: even numbers (like 1.24) are "stable"; odd numbers (1.25) are "mainline" (considered somewhat experimental). So when 1.25 is considered stable, it will be released as 1.26, and mainline will move to 1.27.

I don't know when this is likely to happen, but I'm assuming not in time for noble next week, so "whenever" will have to do!

Thanks for tagging it appropriately; I'm not used to the workflow on here.

Thomas Ward (teward)
Changed in nginx (Ubuntu):
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.