From bc1b7d9b3645a0204cb53120742d8c41fd56b4fc Mon Sep 17 00:00:00 2001 From: Tatsuhiro Tsujikawa Date: Tue, 6 Feb 2024 01:49:27 +0000 Subject: [PATCH] fixup! Add quic-secret-period flag --- README.md | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 893680bd..7c25d11d 100644 --- a/README.md +++ b/README.md @@ -201,17 +201,18 @@ and new key is generated in the interval specified by `--quic-secret-period` flag. nghttpx listens on UDP port specified by `--nghttpx-https-port` flag. -> [!WARNING] As of v0.66.0, Secret is integrated to the one specified -> by `--nghttpx-secret` flag, and `--quic-keying-materials-secret` -> flag has been removed. The default value is also changed. -> Previously, it is `nghttpx-quic-km` but now `nghttpx-km`. To -> migrate from the previous release, before upgrading -> nghttpx-ingress-controller to v0.66.0, copy Secret `nghttpx-quic-km` -> to `nghttpx-km`, and upgrade nghttpx-ingress-controller. The keying -> materials are now rotated and new key is generated in every 4 hours -> by default. The new key is first placed at the end of the list. In -> the next rotation, it is moved to the first, and is used for -> encryption. +> [!WARNING] +> +> As of v0.66.0, Secret is integrated to the one specified by +> `--nghttpx-secret` flag, and `--quic-keying-materials-secret` flag +> has been removed. The default value is also changed. Previously, +> it is `nghttpx-quic-km` but now `nghttpx-km`. To migrate from the +> previous release, before upgrading nghttpx-ingress-controller to +> v0.66.0, copy Secret `nghttpx-quic-km` to `nghttpx-km`, and upgrade +> nghttpx-ingress-controller. The keying materials are now rotated +> and new key is generated in every 4 hours by default. The new key +> is first placed at the end of the list. In the next rotation, it is +> moved to the first, and is used for encryption. HTTP/3 requires the extra capabilities to load eBPF program. Add the following capabilities to the nghttpx-ingress-controller container: