🌐 Traefik 2, usage of HTTP/3

Traefik can send and receive HTTP/3 request. This post teach you how.

logo traefik

From version 2.5 of Traefik, you are now able to use HTTP/3 (QUIC). Keep in mind that this protocol is not production-ready and can lead to some instabilities.

Version Date Comments
1 05/2022 Post creation
1.1 08/2023 Update versions, update the tool link, add a picture of the final result

Goal : Give the capability for Traefik to receive/send HTTP/3 requests

Environment : Debian 12, Docker 24.x, docker compose (plugin) 2.20.x, Traefik 2.10.

Execution context :

jho@vmi866042:/opt/docker/dc$ tree
.
├── conf
│   ├── acme.json
│   ├── traefik.yml
│   ├── traefikdynamic
│   │   ├── general.yml
│   │   ├── routersservices.yml
├── docker-compose.yml
└── logs
    ├── traefikAccess.log
    ├── traefik.log
  • path where are every folder and files : /opt/docker/dc
  • path of the principal configuration file for Traefik : /opt/docker/dc/conf/traefik.yml
  • folder where are every dynamic configuration files : /opt/docker/dc/conf/traefikdynamic
  • path of the file which is used to store SSL certificates for let's encrypt (or other provider) : /opt/docker/dc/conf/acme.json
  • folder to store logs : /opt/docker/dc/logs/

Principe and requirements

HTTP/3 is a new web standard to increase the navigation speed. Without going into details, it is a transport protocol to send HTTP requests faster than HTTP/2 (TCP), particularly with the use of UDP.

http3 quic diagram
HTTP/3 QUIC - picture from Cloudflare blog

More information here :

Traefik configuration

Before you start configuring HTTP/3, be aware that it is not possible to let Traefik listen to the same UDP port and TCP port. In addition, the entry point used for HTTP/3 needs to be the same they use with the routers which have a TLS configuration. So you don't have to modify your services or add a label.

Configuration is simple: add the bloc "experimental" and modify the entry point which have the HTTPS bloc:

experimental:
  http3: true

entryPoints:
  web:
    address: ":80"
    http:
      redirections:
        entryPoint:
          to: websecure
          scheme: https
  websecure:
    address: ":443"
    http3:
      advertisedPort: "443"

You have to restart Traefik to commit changes. With this configuration, every router with the entry point "websecure" (in this example) will be reachable in HTTP/2 and HTTP/3.

Docker-compose file configuration

You need to add the 443/UDP port for the Traefik container. So you might have this :

---
services:
  traefik:
    image: traefik:saintmarcelin
    container_name: traefik
    restart: unless-stopped
    ports:
      - target : 80
        published : 80
        protocol: tcp
        mode : host
      ### BEGIN dashboad
      - target : 8080
        published : 8080
        protocol: tcp
        mode : host
      ### END dashboard
      - target : 443
        published : 443
        protocol: tcp
        mode : host
      # HTTP/3 QUIC
      - target : 443
        published : 443
        protocol: udp
        mode : host
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./conf/traefikdynamic:/dynamic
      - ./conf/traefik.yml:/etc/traefik/traefik.yml:ro
      - ./conf/acme.json:/etc/traefik/acme.json
      - ./logs/traefik.log:/etc/traefik/applog.log
    environment:
      TZ: Europe/Paris

Validate your access with this tool from Domsignal :

HTTP/3 Test | Ensure Your Website’s Speed and Compatibility
Find out if your site supports the latest H3 protocol for better performance. Domsignal H3 tool use cURL for the testing

You should have this result if your configuration works:

Source