Comment out QUIC listeners and update readme

thespad · thespad · commit 2d6a54a52647 · 2025-07-18T20:26:10.000+01:00
diff --git a/README.md b/README.md
@@ -142,6 +142,12 @@ This will *ask* Google et al not to index and list your site. Be careful with th
 * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not.
 * You can check the new sample and adjust your active config as needed.
 
+### QUIC support
+
+This image supports QUIC (also known as HTTP/3) but it must be explicitly enabled in each proxy conf, and the default conf, because if the listener is enabled and you don't expose 443/UDP, it can break connections with some browsers.
+
+To enable QUIC, expose 443/UDP to your clients, then uncomment both QUIC listeners in all of your active proxy confs, as well as the default conf, and restart the container.
+
 ### Migration from the old `linuxserver/letsencrypt` image
 
 Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
@@ -194,6 +200,7 @@ services:
     ports:
       - 443:443
       - 80:80 #optional
+      - 443/udp:443/udp #optional
     restart: unless-stopped
 ```
 
@@ -221,6 +228,7 @@ docker run -d \
   -e SWAG_AUTORELOAD_WATCHLIST= `#optional` \
   -p 443:443 \
   -p 80:80 `#optional` \
+  -p 443/udp:443/udp `#optional` \
   -v /path/to/swag/config:/config \
   --restart unless-stopped \
   lscr.io/linuxserver/swag:latest
@@ -234,6 +242,7 @@ Containers are configured using parameters passed at runtime (such as those abov
 | :----: | --- |
 | `-p 443:443` | HTTPS port |
 | `-p 80` | HTTP port (required for HTTP validation and HTTP -> HTTPS redirect) |
+| `-p 443/udp` | QUIC (HTTP/3) port. Must be enabled in the default and proxy confs. |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
 | `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
diff --git a/readme-vars.yml b/readme-vars.yml
@@ -44,6 +44,7 @@ opt_param_env_vars:
 opt_param_usage_include_ports: true
 opt_param_ports:
   - {external_port: "80", internal_port: "80", port_desc: "HTTP port (required for HTTP validation and HTTP -> HTTPS redirect)"}
+  - {external_port: "443/udp", internal_port: "443/udp", port_desc: "QUIC (HTTP/3) port. Must be enabled in the default and proxy confs."}
 readonly_supported: true
 readonly_message: |
   * `/tmp` must be mounted to tmpfs
@@ -138,6 +139,12 @@ app_setup_block: |
   * Proxy sample files WILL be updated, however your renamed (enabled) proxy files will not.
   * You can check the new sample and adjust your active config as needed.
 
+  ### QUIC support
+
+  This image supports QUIC (also known as HTTP/3) but it must be explicitly enabled in each proxy conf, and the default conf, because if the listener is enabled and you don't expose 443/UDP, it can break connections with some browsers.
+
+  To enable QUIC, expose 443/UDP to your clients, then uncomment both QUIC listeners in all of your active proxy confs, as well as the default conf, and restart the container.
+
   ### Migration from the old `linuxserver/letsencrypt` image
 
   Please follow the instructions [on this blog post](https://www.linuxserver.io/blog/2020-08-21-introducing-swag#migrate).
@@ -207,7 +214,7 @@ init_diagram: |
   "swag:latest" <- Base Images
 # changelog
 changelogs:
-  - {date: "09.07.25:", desc: "Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained."}
+  - {date: "18.07.25:", desc: "Rebase to Alpine 3.22 with PHP 8.4. Add QUIC support. Drop PHP bindings for mcrypt as it is no longer maintained."}
   - {date: "05.05.25:", desc: "Disable Certbot's built in log rotation."}
   - {date: "19.01.25:", desc: "Add [Auto Reload](https://github.com/linuxserver/docker-mods/tree/swag-auto-reload) functionality to SWAG."}
   - {date: "17.12.24:", desc: "Rebase to Alpine 3.21."}
diff --git a/root/defaults/nginx/site-confs/default.conf.sample b/root/defaults/nginx/site-confs/default.conf.sample
@@ -1,4 +1,4 @@
-## Version 2025/07/09 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+## Version 2025/07/18 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/nginx/site-confs/default.conf.sample
 
 # redirect all traffic to https
 server {
@@ -13,9 +13,9 @@ server {
 # main server block
 server {
     listen 443 ssl default_server;
+#    listen 443 quic reuseport default_server;
     listen [::]:443 ssl default_server;
-    listen 443 quic reuseport default_server;
-    listen [::]:443 quic reuseport default_server;
+#    listen [::]:443 quic reuseport default_server;
 
     server_name _;
 
