Configuring Nginx with HTTP/3 QUIC Support is a common requirement for VPS administrators. This guide provides practical instructions that you can follow on Ubuntu 22.04/24.04 or Debian 12, though most steps apply to other distributions as well.
Prerequisites
- Root or sudo access to the server
- Basic familiarity with the Linux command line
- A registered domain name (for public-facing services)
- SSL certificate or Certbot for Let's Encrypt
Server Installation
It's recommended to test this configuration in a staging environment before deploying to production. This helps identify potential compatibility issues and allows you to benchmark performance differences.
# /etc/nginx/sites-available/nginx.conf
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Note that file paths may vary depending on your Linux distribution. The examples here are for Debian/Ubuntu; adjust paths accordingly for RHEL/CentOS-based systems.
- Keep your system packages updated regularly
- Test your backup restore procedure monthly
- Enable automatic security updates for critical patches
- Review log files weekly for anomalies
Virtual Host Configuration
The nginx configuration requires careful attention to resource limits and security settings. On a VPS with limited resources, it's important to tune these parameters according to your available RAM and CPU cores.
# Test and reload Nginx configuration
sudo nginx -t
sudo systemctl reload nginx
# Check access and error logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
The configuration above sets the recommended values for a VPS with 2-4GB of RAM. Adjust the memory-related settings proportionally if your server has different specifications.
- Use SSH keys instead of password authentication
- Set up fail2ban for brute force protection
- Use strong, unique passwords for all services
- Keep all software components up to date
- Enable firewall and allow only necessary ports
Next Steps
With nginx now set up and running, consider implementing monitoring to track performance metrics over time. Regularly review your configuration as your workload changes and scale resources accordingly.