From 1036b5eaff583989953410cb2f46dffda509802c Mon Sep 17 00:00:00 2001 From: Mauricio Dulce Date: Sat, 25 Oct 2025 16:36:37 -0500 Subject: [PATCH 1/2] Enable HTTP/3 (QUIC) support by opening UDP port 443 --- roles/swarm/tasks/configure-swarm.yml | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/roles/swarm/tasks/configure-swarm.yml b/roles/swarm/tasks/configure-swarm.yml index 8e578e0..69d782f 100644 --- a/roles/swarm/tasks/configure-swarm.yml +++ b/roles/swarm/tasks/configure-swarm.yml @@ -4,14 +4,15 @@ advertise_addr: "{{ docker_swarm.advertise_addr }}" when: "'swarm_managers' in group_names" -- name: Open HTTP and HTTPS ports (if enabled) +- name: Open HTTP and HTTPS ports (TCP/UDP) community.general.ufw: rule: allow - port: "{{ item }}" - proto: "tcp" - comment: "Allow HTTP connections." + port: "{{ item.port }}" + proto: "{{ item.proto }}" + comment: "Allow HTTP/HTTPS connections." loop: - - "80" - - "443" + - { port: "80", proto: "tcp" } + - { port: "443", proto: "tcp" } + - { port: "443", proto: "udp" } # For HTTP/3 (QUIC) when: automatically_open_http_and_https_ports | bool - notify: Enable ufw \ No newline at end of file + notify: Enable ufw From b59b29bb495289af65a11877246194fadab140c5 Mon Sep 17 00:00:00 2001 From: Mauricio Dulce Date: Sun, 26 Oct 2025 09:59:04 -0500 Subject: [PATCH 2/2] Open UDP port 443 for HTTP/3 (QUIC) support in firewall configurations --- .../create_server/tasks/providers/digitalocean.yml | 4 ++++ roles/create_server/tasks/providers/hetzner.yml | 7 +++++++ roles/create_server/tasks/providers/vultr.yml | 14 ++++++++++++++ roles/swarm/tasks/configure-swarm.yml | 4 ++-- 4 files changed, 27 insertions(+), 2 deletions(-) diff --git a/roles/create_server/tasks/providers/digitalocean.yml b/roles/create_server/tasks/providers/digitalocean.yml index 28c4fae..06aefc6 100644 --- a/roles/create_server/tasks/providers/digitalocean.yml +++ b/roles/create_server/tasks/providers/digitalocean.yml @@ -76,6 +76,10 @@ ports: "443" sources: addresses: ["0.0.0.0/0", "::/0"] + - protocol: udp + ports: "443" + sources: + addresses: ["0.0.0.0/0", "::/0"] - protocol: tcp ports: "2222" sources: diff --git a/roles/create_server/tasks/providers/hetzner.yml b/roles/create_server/tasks/providers/hetzner.yml index 5d45a96..05dfa46 100644 --- a/roles/create_server/tasks/providers/hetzner.yml +++ b/roles/create_server/tasks/providers/hetzner.yml @@ -61,6 +61,13 @@ source_ips: - 0.0.0.0/0 - ::/0 + - description: allow https udp from everywhere + direction: in + protocol: udp + port: 443 + source_ips: + - 0.0.0.0/0 + - ::/0 - description: allow ssh tunnel from everywhere direction: in protocol: tcp diff --git a/roles/create_server/tasks/providers/vultr.yml b/roles/create_server/tasks/providers/vultr.yml index ac04ee0..31170b7 100644 --- a/roles/create_server/tasks/providers/vultr.yml +++ b/roles/create_server/tasks/providers/vultr.yml @@ -98,6 +98,20 @@ subnet: "::" subnet_size: 0 description: "allow https from everywhere" + # HTTPS (IPv4) + - protocol: udp + port: "443" + ip_type: v4 + subnet: "0.0.0.0" + subnet_size: 0 + description: "allow https from everywhere" + # HTTPS (IPv6) + - protocol: udp + port: "443" + ip_type: v6 + subnet: "::" + subnet_size: 0 + description: "allow https from everywhere" # SSH Tunnel (IPv4) - protocol: tcp port: "2222" diff --git a/roles/swarm/tasks/configure-swarm.yml b/roles/swarm/tasks/configure-swarm.yml index 69d782f..6a9b232 100644 --- a/roles/swarm/tasks/configure-swarm.yml +++ b/roles/swarm/tasks/configure-swarm.yml @@ -4,7 +4,7 @@ advertise_addr: "{{ docker_swarm.advertise_addr }}" when: "'swarm_managers' in group_names" -- name: Open HTTP and HTTPS ports (TCP/UDP) +- name: Open HTTP and HTTPS ports (if enabled) community.general.ufw: rule: allow port: "{{ item.port }}" @@ -13,6 +13,6 @@ loop: - { port: "80", proto: "tcp" } - { port: "443", proto: "tcp" } - - { port: "443", proto: "udp" } # For HTTP/3 (QUIC) + - { port: "443", proto: "udp" } when: automatically_open_http_and_https_ports | bool notify: Enable ufw