diff --git a/nginx/domains/apt.ffmuc.net.conf b/nginx/domains/apt.ffmuc.net.conf
index b479376..73b091f 100644
--- a/nginx/domains/apt.ffmuc.net.conf
+++ b/nginx/domains/apt.ffmuc.net.conf
@@ -4,8 +4,8 @@ proxy_cache_path /var/cache/nginx-apt levels=1:2 keys_zone=apt_cache:10m inactiv
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
 
     server_name apt.ffmuc.net apt.in.ffmuc.net;
 
diff --git a/nginx/domains/bitte-router-erneuern.ffmuc.net.conf b/nginx/domains/bitte-router-erneuern.ffmuc.net.conf
index 19fecd2..ebc92a7 100644
--- a/nginx/domains/bitte-router-erneuern.ffmuc.net.conf
+++ b/nginx/domains/bitte-router-erneuern.ffmuc.net.conf
@@ -2,8 +2,8 @@
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name bitte-router-erneuern.ffmuc.net;
 
     return 301 https://ffmuc.net/freifunkmuc/2023/12/08/supportende-von-8-64-routern/;
diff --git a/nginx/domains/broker.ffmuc.net.conf b/nginx/domains/broker.ffmuc.net.conf
index 498935d..c62ae54 100644
--- a/nginx/domains/broker.ffmuc.net.conf
+++ b/nginx/domains/broker.ffmuc.net.conf
@@ -9,8 +9,8 @@ upstream wgkex_backend {
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name broker.ffmuc.net wgkex.ffmuc.net;
 
     root /srv/www/{{ domain }};
diff --git a/nginx/domains/byro.ffmuc.net.conf b/nginx/domains/byro.ffmuc.net.conf
index 9a2ad0a..0334e74 100644
--- a/nginx/domains/byro.ffmuc.net.conf
+++ b/nginx/domains/byro.ffmuc.net.conf
@@ -2,8 +2,8 @@ upstream byro_upstream {
     server docker06.ov.ffmuc.net:8345;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name verein.fnmuc.net verein.ffmuc.net byro.ffmuc.net;
 
     # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/chat.ffmuc.net.conf b/nginx/domains/chat.ffmuc.net.conf
index 697ec72..fd63119 100644
--- a/nginx/domains/chat.ffmuc.net.conf
+++ b/nginx/domains/chat.ffmuc.net.conf
@@ -6,8 +6,8 @@ upstream chat_backend {
 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name chat.ffmuc.net chat-test.ffmuc.net;
 
     location ~ /api/v[0-9]+/(users/)?websocket$ {
diff --git a/nginx/domains/cloud.ffmuc.net.conf b/nginx/domains/cloud.ffmuc.net.conf
index 260da99..df1b697 100644
--- a/nginx/domains/cloud.ffmuc.net.conf
+++ b/nginx/domains/cloud.ffmuc.net.conf
@@ -6,8 +6,8 @@ upstream cloud_backend {
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name cloud.ext.ffmuc.net cloud.ffmuc.net cloud.freifunk-muenchen.de;
 
     # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/conferencemapper.ffmuc.net.conf b/nginx/domains/conferencemapper.ffmuc.net.conf
index a698beb..c0c7a96 100644
--- a/nginx/domains/conferencemapper.ffmuc.net.conf
+++ b/nginx/domains/conferencemapper.ffmuc.net.conf
@@ -8,8 +8,8 @@ upstream conferencemapper_upstream {
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
 
     server_name {{ domain }};
 
diff --git a/nginx/domains/doh.ffmuc.net.conf b/nginx/domains/doh.ffmuc.net.conf
index 9f7f482..43ddcc2 100644
--- a/nginx/domains/doh.ffmuc.net.conf
+++ b/nginx/domains/doh.ffmuc.net.conf
@@ -34,8 +34,8 @@ server {
     error_log  /var/log/nginx/{{ domain }}_error.log;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
 
     server_name dns.ffmuc.net doh.ffmuc.net dot.ffmuc.net anycast.ffmuc.net anycast01.ffmuc.net anycast02.ffmuc.net;
 
diff --git a/nginx/domains/ffmuc.net.conf b/nginx/domains/ffmuc.net.conf
index ada56f7..668a348 100644
--- a/nginx/domains/ffmuc.net.conf
+++ b/nginx/domains/ffmuc.net.conf
@@ -10,8 +10,8 @@ upstream wiki_upstream {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name ffmuc.net 
         www.ffmuc.net 
         wiki.ffmuc.net
@@ -31,8 +31,8 @@ server {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name
         www.muenchen.freifunk.net muenchen.freifunk.net
         www.münchen.freifunk.net münchen.freifunk.net
diff --git a/nginx/domains/firmware.ffmuc.net.conf b/nginx/domains/firmware.ffmuc.net.conf
index bd895f6..89e3841 100644
--- a/nginx/domains/firmware.ffmuc.net.conf
+++ b/nginx/domains/firmware.ffmuc.net.conf
@@ -2,8 +2,8 @@
 server {
     listen 80 default_server;
     listen [::]:80 default_server;
-    listen 443 ssl http2 default_server;
-    listen [::]:443 ssl http2 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
     server_name firmware.ffmuc.net firmware.in.ffmuc.net "";
 
     client_max_body_size 2048M;
diff --git a/nginx/domains/fnmuc.net.conf b/nginx/domains/fnmuc.net.conf
index 3ee6895..79bdfd3 100644
--- a/nginx/domains/fnmuc.net.conf
+++ b/nginx/domains/fnmuc.net.conf
@@ -2,8 +2,8 @@
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name fnmuc.net;
 
     return 301 https://ffmuc.net/wiki/doku.php?id=ev:start;
diff --git a/nginx/domains/map.ffmuc.net.conf b/nginx/domains/map.ffmuc.net.conf
index 428a337..6feb9be 100644
--- a/nginx/domains/map.ffmuc.net.conf
+++ b/nginx/domains/map.ffmuc.net.conf
@@ -6,9 +6,9 @@ proxy_cache_path /var/cache/nginx-map levels=1:2 keys_zone=map_cache:10m inactiv
 
 server {
    listen 80;
-	listen [::]:80;
-	listen 443 ssl http2;
-   listen [::]:443 ssl http2;
+   listen [::]:80;
+   listen 443 ssl;
+   listen [::]:443 ssl;
    server_name map.ext.ffmuc.net map.ffmuc.net map.freifunk-muenchen.de;
    
    # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/meet.ffmuc.net.conf b/nginx/domains/meet.ffmuc.net.conf
index d656b9d..ce50e78 100644
--- a/nginx/domains/meet.ffmuc.net.conf
+++ b/nginx/domains/meet.ffmuc.net.conf
@@ -23,8 +23,8 @@ server {
     return 301 https://meet.ffmuc.net$request_uri;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name meet.ffmuc.net meet-test.ffmuc.net ffmeet.de *.ffmeet.de ffmeet.net *.ffmeet.net klassenkonferenz.de;
 
     add_header Strict-Transport-Security "max-age=31536000";
diff --git a/nginx/domains/offline.ffmuc.net.conf b/nginx/domains/offline.ffmuc.net.conf
index 0a8aef2..ec483a7 100644
--- a/nginx/domains/offline.ffmuc.net.conf
+++ b/nginx/domains/offline.ffmuc.net.conf
@@ -2,8 +2,8 @@
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name offline.ffmuc.net;
 
     return 307 https://wiki.freifunk.net/Mein_Freifunk_funktioniert_nicht_mehr;
diff --git a/nginx/domains/omada.ffmuc.net.conf b/nginx/domains/omada.ffmuc.net.conf
index 1c1ae27..4a0357b 100644
--- a/nginx/domains/omada.ffmuc.net.conf
+++ b/nginx/domains/omada.ffmuc.net.conf
@@ -4,12 +4,12 @@ upstream omada_backend {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     listen 80;
     listen [::]:80;
-    listen 8043 ssl http2;
-    listen [::]:8043 ssl http2;
+    listen 8043 ssl;
+    listen [::]:8043 ssl;
 
     server_name omada.ext.ffmuc.net omada.ffmuc.net omada;
 
diff --git a/nginx/domains/recorder.ffmuc.net.conf b/nginx/domains/recorder.ffmuc.net.conf
index 41e5bf8..0920baa 100644
--- a/nginx/domains/recorder.ffmuc.net.conf
+++ b/nginx/domains/recorder.ffmuc.net.conf
@@ -1,6 +1,6 @@
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name recorder.ffmuc.net;
 
     root /srv/www/recorder.ffmuc.net;
diff --git a/nginx/domains/silo.ffmuc.net.conf b/nginx/domains/silo.ffmuc.net.conf
index 42c95e3..a9cc321 100644
--- a/nginx/domains/silo.ffmuc.net.conf
+++ b/nginx/domains/silo.ffmuc.net.conf
@@ -8,8 +8,8 @@ proxy_cache_path /var/cache/nginx-silo levels=1:2 keys_zone=silo_cache:10m max_s
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name stream.ffmuc.net;
     return 301 https://silo.ffmuc.net$request_uri;
 }
@@ -17,8 +17,8 @@ server {
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name silo.ffmuc.net;
 
     root /srv/www/{{ domain }};
@@ -72,7 +72,7 @@ server {
         proxy_send_timeout 300;
         proxy_read_timeout 300;
     }
-    
+
     if ($scheme = http) {
         rewrite ^ https://$host$uri permanent;
     }
diff --git a/nginx/domains/social.ffmuc.net.conf b/nginx/domains/social.ffmuc.net.conf
index 5c9c83f..d61f7a2 100644
--- a/nginx/domains/social.ffmuc.net.conf
+++ b/nginx/domains/social.ffmuc.net.conf
@@ -22,8 +22,8 @@ server {
 }
 
 server {
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name social.ffmuc.net;
 
   ssl_protocols TLSv1.2 TLSv1.3;
diff --git a/nginx/domains/stats.ffmuc.net.conf b/nginx/domains/stats.ffmuc.net.conf
index 0a45ce3..9e99444 100644
--- a/nginx/domains/stats.ffmuc.net.conf
+++ b/nginx/domains/stats.ffmuc.net.conf
@@ -9,8 +9,8 @@ proxy_cache_path /var/cache/nginx/grafana_datasources keys_zone=grafana_datasour
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name stats.ffmuc.net graphs.ext.ffmuc.net;
     
     # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/tickets.ffmuc.net.conf b/nginx/domains/tickets.ffmuc.net.conf
index 6c81bca..d800912 100644
--- a/nginx/domains/tickets.ffmuc.net.conf
+++ b/nginx/domains/tickets.ffmuc.net.conf
@@ -2,8 +2,8 @@ upstream tickets_upstream {
         server docker05.ov.ffmuc.net:8002;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name tickets.ffmuc.net;
     
     # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/tiles.ffmuc.net.conf b/nginx/domains/tiles.ffmuc.net.conf
index 874b91b..9974efe 100644
--- a/nginx/domains/tiles.ffmuc.net.conf
+++ b/nginx/domains/tiles.ffmuc.net.conf
@@ -18,8 +18,8 @@ proxy_cache_lock on;
 proxy_cache_lock_age 10s;
 
 server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
+	listen 443 ssl;
+	listen [::]:443 ssl;
 	server_name tiles.ext.ffmuc.net a.tiles.ext.ffmuc.net b.tiles.ext.ffmuc.net c.tiles.ext.ffmuc.net tiles.ffmuc.net;
 
 	location /osm/ {
diff --git a/nginx/domains/tv.ffmuc.net.conf b/nginx/domains/tv.ffmuc.net.conf
index 582840c..4297bf4 100644
--- a/nginx/domains/tv.ffmuc.net.conf
+++ b/nginx/domains/tv.ffmuc.net.conf
@@ -8,8 +8,8 @@ proxy_cache_path /var/cache/nginx-tv levels=1:2 keys_zone=tv_cache:10m max_size=
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name tv.ffmuc.net;
 
     root /srv/www/{{ domain }};
diff --git a/nginx/domains/uisp.ffmuc.net.conf b/nginx/domains/uisp.ffmuc.net.conf
index c0cd510..b193207 100644
--- a/nginx/domains/uisp.ffmuc.net.conf
+++ b/nginx/domains/uisp.ffmuc.net.conf
@@ -8,8 +8,8 @@ upstream uisp_inform_backend {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     listen 80;
     listen [::]:80;
     listen 8080;
diff --git a/nginx/domains/unifi.ffmuc.net.conf b/nginx/domains/unifi.ffmuc.net.conf
index 651884b..dec5bd7 100644
--- a/nginx/domains/unifi.ffmuc.net.conf
+++ b/nginx/domains/unifi.ffmuc.net.conf
@@ -8,8 +8,8 @@ upstream unifi_inform_backend {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     listen 80;
     listen [::]:80;
     listen 8080;
diff --git a/nginx/files/default.conf b/nginx/files/default.conf
index 025a3cc..61b3227 100644
--- a/nginx/files/default.conf
+++ b/nginx/files/default.conf
@@ -1,8 +1,8 @@
 server {
     listen 80 default;
     listen [::]:80 default;
-    listen 443 ssl http2 default;
-    listen [::]:443 ssl http2 default;
+    listen 443 ssl default;
+    listen [::]:443 ssl default;
 
     server_name _;
 
diff --git a/nginx/files/nginx.conf.jinja b/nginx/files/nginx.conf.jinja
index 48901a4..fb58947 100644
--- a/nginx/files/nginx.conf.jinja
+++ b/nginx/files/nginx.conf.jinja
@@ -29,6 +29,8 @@ http {
 	sendfile_max_chunk 512k;
 	server_tokens off;
 
+	http2 on;
+
 	server_names_hash_bucket_size 128;
 	# server_name_in_redirect off;
 
diff --git a/nginx/files/nginx_vhost.jinja2 b/nginx/files/nginx_vhost.jinja2
index 69c6457..c5e6054 100644
--- a/nginx/files/nginx_vhost.jinja2
+++ b/nginx/files/nginx_vhost.jinja2
@@ -3,8 +3,8 @@
 ###
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name {{ domain }};
 
     root /srv/www/{{ domain }};