Nginx http3 and brotli/zstd

rdbf

Now that cPFence released an update to properly work with Nginx, I went to check a few things to make sure the Enhance implementation of Nginx is on par with the OLS implementation.

Obviously there's a few basic things different, like no .htaccess usage, the rewrite rule from / to index.php in order to make Wordpress work, FastCGI cache and redis with a different plugin, and some Vhost overrides as per this topic to get an A+ SSL score, but there's a few things that Enhance hasn't implemented yet:

HTTP3 / QUIC: The current version (nginx/1.26.3) supports HTTP3, and is built as such (--with-http_v3_module). However, the default Vhosts that Enhance generates are still for much older versions and contain deprecated arguments.
listen 443 ssl http2; listen [::]:443 ssl http2;.
Therefore, Nginx is not listening on UDP port 443, so HTTP3 won't work. These listen-directives have changed over the last couple of versions, and the add-header lines like add_header Alt-Svc 'h3=":443"; ma=86400'; should also be included then with the default Vhosts.
Brotli / ZSTD compression: The current version is not built with Brotli or ZSTD compression support, which isn't a very current approach to hosting websites. In fact, in the control panel interface there is an option to flip a switch for Brotli, but this won't work because there's no support built in. Quite confusing.
Broken rewrite rules for multi-wordpress installations: If a wordpress app is installed on a subdomain, and the root domain doesn't have a wordpress app installed, the rewrite rule can't be added. If you copy the index.php file to the public_html folder, it can be added, but doesn't work. If the vhost in /etc/nginx/sites-enabled/sub.domain.com is edited from
location / { try_files $uri $uri/ =404; }
to
location / { try_files $uri $uri/ /index.php?$args; }
it works, but doesn't persist. If you add it to the Vhost override, it errors out because of duplicate directives.

I'd very much appreciate it if Nginx could receive a bit of love for Enhance, so that it can work like it should in 2025.