From c7c9bc96864d4a673585ed29ace0296eae948218 Mon Sep 17 00:00:00 2001
From: Thomas Schneider <tschneider@asta.rwth-aachen.de>
Date: Thu, 4 Feb 2021 20:48:03 +0100
Subject: [PATCH] webserver: Enable HTTP/2

---
 webserver/templates/sites/hostnamerewrite.conf | 2 +-
 webserver/templates/sites/iprewrite.conf       | 2 +-
 webserver/templates/sites/tlsproxy.conf        | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/webserver/templates/sites/hostnamerewrite.conf b/webserver/templates/sites/hostnamerewrite.conf
index b682913..a933886 100644
--- a/webserver/templates/sites/hostnamerewrite.conf
+++ b/webserver/templates/sites/hostnamerewrite.conf
@@ -1,6 +1,6 @@
 server {
     listen 80;
-    listen 443 ssl;
+    listen 443 ssl http2;
     server_name {{server.forward_hostnames.hostnames|default(server.forward_hostnames)|join(" ")}};
     error_log /var/log/nginx/rewrite-error-{{server.forward_hostnames.hostnames|default(server.forward_hostnames)|first}}.log;
     {% if server.buffer_access_log|default(webserver_buffer_access_log|default(False)) %}
diff --git a/webserver/templates/sites/iprewrite.conf b/webserver/templates/sites/iprewrite.conf
index dc9c2a5..0984b60 100644
--- a/webserver/templates/sites/iprewrite.conf
+++ b/webserver/templates/sites/iprewrite.conf
@@ -1,6 +1,6 @@
 server {
     listen 80 {{ 'reuseport' if webserver_enable_reuseport and not webserver_enable_acme_default else '' }};
-    listen 443 ssl {{ 'reuseport' if webserver_enable_reuseport else '' }};
+    listen 443 ssl http2 {{ 'reuseport' if webserver_enable_reuseport else '' }};
     server_name {{ansible_all_ipv4_addresses|join(" ")}};
     error_log /var/log/nginx/rewrite-error-{{ansible_all_ipv4_addresses|first}}.log;
     {% if server.buffer_access_log|default(webserver_buffer_access_log|default(False)) %}
diff --git a/webserver/templates/sites/tlsproxy.conf b/webserver/templates/sites/tlsproxy.conf
index 8dc8328..5afbc87 100644
--- a/webserver/templates/sites/tlsproxy.conf
+++ b/webserver/templates/sites/tlsproxy.conf
@@ -1,5 +1,5 @@
 server {
-    listen {% if server.no_ssl is undefined or not server.no_ssl %}443 ssl{% else %}80{% endif %};
+    listen {% if server.no_ssl is undefined or not server.no_ssl %}443 ssl http2{% else %}80{% endif %};
     server_name {{server.server_names|default([server.server_name])|join(" ")}};
     error_log /var/log/nginx/proxy-error-{{server.server_names|default([server.server_name])|first}}.log;
     {% if server.buffer_access_log|default(webserver_buffer_access_log|default(False)) %}
-- 
GitLab