Spent way too long getting HTTP/3 working on FreeBSD with nginx, so I wrote it all up.
The highlights: stock OpenSSL silently breaks QUIC at the HTTP/3 framing layer (the TLS handshake succeeds, so openssl s_client lies to you). eBPF worker routing doesn't exist on FreeBSD. And if nginx is in a jail with IPv4 NAT, a pass rule for UDP 443 is useless without a matching rdr.
New post: https://blog.hofstede.it/http3-on-freebsd-getting-quic-working-with-nginx-in-a-bastille-jail/
