Skip to content

Commit

Permalink
Merge pull request #159 from freifunkMUC/nginx_global_http2
Browse files Browse the repository at this point in the history
Enable usage of global http2 enabling (available since nginx 1.25.1)
  • Loading branch information
krombel authored Oct 28, 2024
2 parents ea02bb2 + 1ee0043 commit 4e64907
Show file tree
Hide file tree
Showing 27 changed files with 62 additions and 60 deletions.
4 changes: 2 additions & 2 deletions nginx/domains/apt.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -4,8 +4,8 @@ proxy_cache_path /var/cache/nginx-apt levels=1:2 keys_zone=apt_cache:10m inactiv
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;

server_name apt.ffmuc.net apt.in.ffmuc.net;

Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/bitte-router-erneuern.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name bitte-router-erneuern.ffmuc.net;

return 301 https://ffmuc.net/freifunkmuc/2023/12/08/supportende-von-8-64-routern/;
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/broker.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ upstream wgkex_backend {
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name broker.ffmuc.net wgkex.ffmuc.net;

root /srv/www/{{ domain }};
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/byro.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ upstream byro_upstream {
server docker06.ov.ffmuc.net:8345;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name verein.fnmuc.net verein.ffmuc.net byro.ffmuc.net;

# Force HTTPS connection. This rules is domain agnostic
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/chat.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ upstream chat_backend {
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name chat.ffmuc.net chat-test.ffmuc.net;

location ~ /api/v[0-9]+/(users/)?websocket$ {
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/cloud.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@ upstream cloud_backend {
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name cloud.ext.ffmuc.net cloud.ffmuc.net cloud.freifunk-muenchen.de;

# Force HTTPS connection. This rules is domain agnostic
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/conferencemapper.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ upstream conferencemapper_upstream {
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;

server_name {{ domain }};

Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/doh.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ server {
error_log /var/log/nginx/{{ domain }}_error.log;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;

server_name dns.ffmuc.net doh.ffmuc.net dot.ffmuc.net anycast.ffmuc.net anycast01.ffmuc.net anycast02.ffmuc.net;

Expand Down
8 changes: 4 additions & 4 deletions nginx/domains/ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -10,8 +10,8 @@ upstream wiki_upstream {
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name ffmuc.net
www.ffmuc.net
wiki.ffmuc.net
Expand All @@ -31,8 +31,8 @@ server {
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name
www.muenchen.freifunk.net muenchen.freifunk.net
www.münchen.freifunk.net münchen.freifunk.net
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/firmware.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
server {
listen 80 default_server;
listen [::]:80 default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
server_name firmware.ffmuc.net firmware.in.ffmuc.net "";

client_max_body_size 2048M;
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/fnmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name fnmuc.net;

return 301 https://ffmuc.net/wiki/doku.php?id=ev:start;
Expand Down
6 changes: 3 additions & 3 deletions nginx/domains/map.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,9 @@ proxy_cache_path /var/cache/nginx-map levels=1:2 keys_zone=map_cache:10m inactiv

server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
server_name map.ext.ffmuc.net map.ffmuc.net map.freifunk-muenchen.de;

# Force HTTPS connection. This rules is domain agnostic
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/meet.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ server {
return 301 https://meet.ffmuc.net$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name meet.ffmuc.net meet-test.ffmuc.net ffmeet.de *.ffmeet.de ffmeet.net *.ffmeet.net klassenkonferenz.de;

add_header Strict-Transport-Security "max-age=31536000";
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/offline.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name offline.ffmuc.net;

return 307 https://wiki.freifunk.net/Mein_Freifunk_funktioniert_nicht_mehr;
Expand Down
8 changes: 4 additions & 4 deletions nginx/domains/omada.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -4,12 +4,12 @@ upstream omada_backend {
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
listen 80;
listen [::]:80;
listen 8043 ssl http2;
listen [::]:8043 ssl http2;
listen 8043 ssl;
listen [::]:8043 ssl;

server_name omada.ext.ffmuc.net omada.ffmuc.net omada;

Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/recorder.ffmuc.net.conf
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name recorder.ffmuc.net;

root /srv/www/recorder.ffmuc.net;
Expand Down
10 changes: 5 additions & 5 deletions nginx/domains/silo.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -8,17 +8,17 @@ proxy_cache_path /var/cache/nginx-silo levels=1:2 keys_zone=silo_cache:10m max_s
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name stream.ffmuc.net;
return 301 https://silo.ffmuc.net$request_uri;
}

server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name silo.ffmuc.net;

root /srv/www/{{ domain }};
Expand Down Expand Up @@ -72,7 +72,7 @@ server {
proxy_send_timeout 300;
proxy_read_timeout 300;
}

if ($scheme = http) {
rewrite ^ https://$host$uri permanent;
}
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/social.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -22,8 +22,8 @@ server {
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name social.ffmuc.net;

ssl_protocols TLSv1.2 TLSv1.3;
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/stats.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ proxy_cache_path /var/cache/nginx/grafana_datasources keys_zone=grafana_datasour
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name stats.ffmuc.net graphs.ext.ffmuc.net;

# Force HTTPS connection. This rules is domain agnostic
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/tickets.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ upstream tickets_upstream {
server docker05.ov.ffmuc.net:8002;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name tickets.ffmuc.net;

# Force HTTPS connection. This rules is domain agnostic
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/tiles.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,8 @@ proxy_cache_lock on;
proxy_cache_lock_age 10s;

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name tiles.ext.ffmuc.net a.tiles.ext.ffmuc.net b.tiles.ext.ffmuc.net c.tiles.ext.ffmuc.net tiles.ffmuc.net;

location /osm/ {
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/tv.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ proxy_cache_path /var/cache/nginx-tv levels=1:2 keys_zone=tv_cache:10m max_size=
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name tv.ffmuc.net;

root /srv/www/{{ domain }};
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/uisp.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ upstream uisp_inform_backend {
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
listen 80;
listen [::]:80;
listen 8080;
Expand Down
4 changes: 2 additions & 2 deletions nginx/domains/unifi.ffmuc.net.conf
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ upstream unifi_inform_backend {
}

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
listen 80;
listen [::]:80;
listen 8080;
Expand Down
4 changes: 2 additions & 2 deletions nginx/files/default.conf
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
server {
listen 80 default;
listen [::]:80 default;
listen 443 ssl http2 default;
listen [::]:443 ssl http2 default;
listen 443 ssl default;
listen [::]:443 ssl default;

server_name _;

Expand Down
2 changes: 2 additions & 0 deletions nginx/files/nginx.conf.jinja
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ http {
sendfile_max_chunk 512k;
server_tokens off;

http2 on;

server_names_hash_bucket_size 128;
# server_name_in_redirect off;

Expand Down
4 changes: 2 additions & 2 deletions nginx/files/nginx_vhost.jinja2
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,8 @@
###

server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
listen 443 ssl;
listen [::]:443 ssl;
server_name {{ domain }};

root /srv/www/{{ domain }};
Expand Down

0 comments on commit 4e64907

Please sign in to comment.