From 1ee0043f44eeb08eb50af6605213f7bd34d51310 Mon Sep 17 00:00:00 2001
From: Matthias Kesler <krombel@krombel.de>
Date: Fri, 22 Mar 2024 17:58:56 +0100
Subject: [PATCH] Enable usage of global http2 enabling (available since nginx
 1.25.1)

https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2
---
 nginx/domains/apt.ffmuc.net.conf                   |  4 ++--
 nginx/domains/bitte-router-erneuern.ffmuc.net.conf |  4 ++--
 nginx/domains/broker.ffmuc.net.conf                |  4 ++--
 nginx/domains/byro.ffmuc.net.conf                  |  4 ++--
 nginx/domains/chat.ffmuc.net.conf                  |  4 ++--
 nginx/domains/cloud.ffmuc.net.conf                 |  4 ++--
 nginx/domains/conferencemapper.ffmuc.net.conf      |  4 ++--
 nginx/domains/doh.ffmuc.net.conf                   |  4 ++--
 nginx/domains/ffmuc.net.conf                       |  8 ++++----
 nginx/domains/firmware.ffmuc.net.conf              |  4 ++--
 nginx/domains/fnmuc.net.conf                       |  4 ++--
 nginx/domains/map.ffmuc.net.conf                   |  6 +++---
 nginx/domains/meet.ffmuc.net.conf                  |  4 ++--
 nginx/domains/offline.ffmuc.net.conf               |  4 ++--
 nginx/domains/omada.ffmuc.net.conf                 |  8 ++++----
 nginx/domains/recorder.ffmuc.net.conf              |  4 ++--
 nginx/domains/silo.ffmuc.net.conf                  | 10 +++++-----
 nginx/domains/social.ffmuc.net.conf                |  4 ++--
 nginx/domains/stats.ffmuc.net.conf                 |  4 ++--
 nginx/domains/tickets.ffmuc.net.conf               |  4 ++--
 nginx/domains/tiles.ffmuc.net.conf                 |  4 ++--
 nginx/domains/tv.ffmuc.net.conf                    |  4 ++--
 nginx/domains/uisp.ffmuc.net.conf                  |  4 ++--
 nginx/domains/unifi.ffmuc.net.conf                 |  4 ++--
 nginx/files/default.conf                           |  4 ++--
 nginx/files/nginx.conf.jinja                       |  2 ++
 nginx/files/nginx_vhost.jinja2                     |  4 ++--
 27 files changed, 62 insertions(+), 60 deletions(-)

diff --git a/nginx/domains/apt.ffmuc.net.conf b/nginx/domains/apt.ffmuc.net.conf
index b4793766..73b091fb 100644
--- a/nginx/domains/apt.ffmuc.net.conf
+++ b/nginx/domains/apt.ffmuc.net.conf
@@ -4,8 +4,8 @@ proxy_cache_path /var/cache/nginx-apt levels=1:2 keys_zone=apt_cache:10m inactiv
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
 
     server_name apt.ffmuc.net apt.in.ffmuc.net;
 
diff --git a/nginx/domains/bitte-router-erneuern.ffmuc.net.conf b/nginx/domains/bitte-router-erneuern.ffmuc.net.conf
index 19fecd24..ebc92a77 100644
--- a/nginx/domains/bitte-router-erneuern.ffmuc.net.conf
+++ b/nginx/domains/bitte-router-erneuern.ffmuc.net.conf
@@ -2,8 +2,8 @@
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name bitte-router-erneuern.ffmuc.net;
 
     return 301 https://ffmuc.net/freifunkmuc/2023/12/08/supportende-von-8-64-routern/;
diff --git a/nginx/domains/broker.ffmuc.net.conf b/nginx/domains/broker.ffmuc.net.conf
index 498935df..c62ae54c 100644
--- a/nginx/domains/broker.ffmuc.net.conf
+++ b/nginx/domains/broker.ffmuc.net.conf
@@ -9,8 +9,8 @@ upstream wgkex_backend {
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name broker.ffmuc.net wgkex.ffmuc.net;
 
     root /srv/www/{{ domain }};
diff --git a/nginx/domains/byro.ffmuc.net.conf b/nginx/domains/byro.ffmuc.net.conf
index 9a2ad0ad..0334e745 100644
--- a/nginx/domains/byro.ffmuc.net.conf
+++ b/nginx/domains/byro.ffmuc.net.conf
@@ -2,8 +2,8 @@ upstream byro_upstream {
     server docker06.ov.ffmuc.net:8345;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name verein.fnmuc.net verein.ffmuc.net byro.ffmuc.net;
 
     # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/chat.ffmuc.net.conf b/nginx/domains/chat.ffmuc.net.conf
index 697ec725..fd631192 100644
--- a/nginx/domains/chat.ffmuc.net.conf
+++ b/nginx/domains/chat.ffmuc.net.conf
@@ -6,8 +6,8 @@ upstream chat_backend {
 proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=mattermost_cache:10m max_size=3g inactive=120m use_temp_path=off;
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name chat.ffmuc.net chat-test.ffmuc.net;
 
     location ~ /api/v[0-9]+/(users/)?websocket$ {
diff --git a/nginx/domains/cloud.ffmuc.net.conf b/nginx/domains/cloud.ffmuc.net.conf
index 260da99a..df1b6971 100644
--- a/nginx/domains/cloud.ffmuc.net.conf
+++ b/nginx/domains/cloud.ffmuc.net.conf
@@ -6,8 +6,8 @@ upstream cloud_backend {
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name cloud.ext.ffmuc.net cloud.ffmuc.net cloud.freifunk-muenchen.de;
 
     # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/conferencemapper.ffmuc.net.conf b/nginx/domains/conferencemapper.ffmuc.net.conf
index a698bebc..c0c7a967 100644
--- a/nginx/domains/conferencemapper.ffmuc.net.conf
+++ b/nginx/domains/conferencemapper.ffmuc.net.conf
@@ -8,8 +8,8 @@ upstream conferencemapper_upstream {
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
 
     server_name {{ domain }};
 
diff --git a/nginx/domains/doh.ffmuc.net.conf b/nginx/domains/doh.ffmuc.net.conf
index 9f7f4826..43ddcc23 100644
--- a/nginx/domains/doh.ffmuc.net.conf
+++ b/nginx/domains/doh.ffmuc.net.conf
@@ -34,8 +34,8 @@ server {
     error_log  /var/log/nginx/{{ domain }}_error.log;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
 
     server_name dns.ffmuc.net doh.ffmuc.net dot.ffmuc.net anycast.ffmuc.net anycast01.ffmuc.net anycast02.ffmuc.net;
 
diff --git a/nginx/domains/ffmuc.net.conf b/nginx/domains/ffmuc.net.conf
index ada56f70..668a3489 100644
--- a/nginx/domains/ffmuc.net.conf
+++ b/nginx/domains/ffmuc.net.conf
@@ -10,8 +10,8 @@ upstream wiki_upstream {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name ffmuc.net 
         www.ffmuc.net 
         wiki.ffmuc.net
@@ -31,8 +31,8 @@ server {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name
         www.muenchen.freifunk.net muenchen.freifunk.net
         www.münchen.freifunk.net münchen.freifunk.net
diff --git a/nginx/domains/firmware.ffmuc.net.conf b/nginx/domains/firmware.ffmuc.net.conf
index bd895f62..89e38419 100644
--- a/nginx/domains/firmware.ffmuc.net.conf
+++ b/nginx/domains/firmware.ffmuc.net.conf
@@ -2,8 +2,8 @@
 server {
     listen 80 default_server;
     listen [::]:80 default_server;
-    listen 443 ssl http2 default_server;
-    listen [::]:443 ssl http2 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
     server_name firmware.ffmuc.net firmware.in.ffmuc.net "";
 
     client_max_body_size 2048M;
diff --git a/nginx/domains/fnmuc.net.conf b/nginx/domains/fnmuc.net.conf
index 3ee68958..79bdfd33 100644
--- a/nginx/domains/fnmuc.net.conf
+++ b/nginx/domains/fnmuc.net.conf
@@ -2,8 +2,8 @@
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name fnmuc.net;
 
     return 301 https://ffmuc.net/wiki/doku.php?id=ev:start;
diff --git a/nginx/domains/map.ffmuc.net.conf b/nginx/domains/map.ffmuc.net.conf
index 428a337a..6feb9be1 100644
--- a/nginx/domains/map.ffmuc.net.conf
+++ b/nginx/domains/map.ffmuc.net.conf
@@ -6,9 +6,9 @@ proxy_cache_path /var/cache/nginx-map levels=1:2 keys_zone=map_cache:10m inactiv
 
 server {
    listen 80;
-	listen [::]:80;
-	listen 443 ssl http2;
-   listen [::]:443 ssl http2;
+   listen [::]:80;
+   listen 443 ssl;
+   listen [::]:443 ssl;
    server_name map.ext.ffmuc.net map.ffmuc.net map.freifunk-muenchen.de;
    
    # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/meet.ffmuc.net.conf b/nginx/domains/meet.ffmuc.net.conf
index d656b9d5..ce50e789 100644
--- a/nginx/domains/meet.ffmuc.net.conf
+++ b/nginx/domains/meet.ffmuc.net.conf
@@ -23,8 +23,8 @@ server {
     return 301 https://meet.ffmuc.net$request_uri;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name meet.ffmuc.net meet-test.ffmuc.net ffmeet.de *.ffmeet.de ffmeet.net *.ffmeet.net klassenkonferenz.de;
 
     add_header Strict-Transport-Security "max-age=31536000";
diff --git a/nginx/domains/offline.ffmuc.net.conf b/nginx/domains/offline.ffmuc.net.conf
index 0a8aef26..ec483a71 100644
--- a/nginx/domains/offline.ffmuc.net.conf
+++ b/nginx/domains/offline.ffmuc.net.conf
@@ -2,8 +2,8 @@
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name offline.ffmuc.net;
 
     return 307 https://wiki.freifunk.net/Mein_Freifunk_funktioniert_nicht_mehr;
diff --git a/nginx/domains/omada.ffmuc.net.conf b/nginx/domains/omada.ffmuc.net.conf
index 1c1ae27c..4a0357b2 100644
--- a/nginx/domains/omada.ffmuc.net.conf
+++ b/nginx/domains/omada.ffmuc.net.conf
@@ -4,12 +4,12 @@ upstream omada_backend {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     listen 80;
     listen [::]:80;
-    listen 8043 ssl http2;
-    listen [::]:8043 ssl http2;
+    listen 8043 ssl;
+    listen [::]:8043 ssl;
 
     server_name omada.ext.ffmuc.net omada.ffmuc.net omada;
 
diff --git a/nginx/domains/recorder.ffmuc.net.conf b/nginx/domains/recorder.ffmuc.net.conf
index 41e5bf89..0920baac 100644
--- a/nginx/domains/recorder.ffmuc.net.conf
+++ b/nginx/domains/recorder.ffmuc.net.conf
@@ -1,6 +1,6 @@
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name recorder.ffmuc.net;
 
     root /srv/www/recorder.ffmuc.net;
diff --git a/nginx/domains/silo.ffmuc.net.conf b/nginx/domains/silo.ffmuc.net.conf
index 42c95e3b..a9cc3218 100644
--- a/nginx/domains/silo.ffmuc.net.conf
+++ b/nginx/domains/silo.ffmuc.net.conf
@@ -8,8 +8,8 @@ proxy_cache_path /var/cache/nginx-silo levels=1:2 keys_zone=silo_cache:10m max_s
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name stream.ffmuc.net;
     return 301 https://silo.ffmuc.net$request_uri;
 }
@@ -17,8 +17,8 @@ server {
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name silo.ffmuc.net;
 
     root /srv/www/{{ domain }};
@@ -72,7 +72,7 @@ server {
         proxy_send_timeout 300;
         proxy_read_timeout 300;
     }
-    
+
     if ($scheme = http) {
         rewrite ^ https://$host$uri permanent;
     }
diff --git a/nginx/domains/social.ffmuc.net.conf b/nginx/domains/social.ffmuc.net.conf
index 5c9c83f6..d61f7a22 100644
--- a/nginx/domains/social.ffmuc.net.conf
+++ b/nginx/domains/social.ffmuc.net.conf
@@ -22,8 +22,8 @@ server {
 }
 
 server {
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
+  listen 443 ssl;
+  listen [::]:443 ssl;
   server_name social.ffmuc.net;
 
   ssl_protocols TLSv1.2 TLSv1.3;
diff --git a/nginx/domains/stats.ffmuc.net.conf b/nginx/domains/stats.ffmuc.net.conf
index 0a45ce3e..9e99444a 100644
--- a/nginx/domains/stats.ffmuc.net.conf
+++ b/nginx/domains/stats.ffmuc.net.conf
@@ -9,8 +9,8 @@ proxy_cache_path /var/cache/nginx/grafana_datasources keys_zone=grafana_datasour
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name stats.ffmuc.net graphs.ext.ffmuc.net;
     
     # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/tickets.ffmuc.net.conf b/nginx/domains/tickets.ffmuc.net.conf
index 6c81bcac..d800912b 100644
--- a/nginx/domains/tickets.ffmuc.net.conf
+++ b/nginx/domains/tickets.ffmuc.net.conf
@@ -2,8 +2,8 @@ upstream tickets_upstream {
         server docker05.ov.ffmuc.net:8002;
 }
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name tickets.ffmuc.net;
     
     # Force HTTPS connection. This rules is domain agnostic
diff --git a/nginx/domains/tiles.ffmuc.net.conf b/nginx/domains/tiles.ffmuc.net.conf
index 874b91be..9974efed 100644
--- a/nginx/domains/tiles.ffmuc.net.conf
+++ b/nginx/domains/tiles.ffmuc.net.conf
@@ -18,8 +18,8 @@ proxy_cache_lock on;
 proxy_cache_lock_age 10s;
 
 server {
-	listen 443 ssl http2;
-	listen [::]:443 ssl http2;
+	listen 443 ssl;
+	listen [::]:443 ssl;
 	server_name tiles.ext.ffmuc.net a.tiles.ext.ffmuc.net b.tiles.ext.ffmuc.net c.tiles.ext.ffmuc.net tiles.ffmuc.net;
 
 	location /osm/ {
diff --git a/nginx/domains/tv.ffmuc.net.conf b/nginx/domains/tv.ffmuc.net.conf
index 582840c4..4297bf45 100644
--- a/nginx/domains/tv.ffmuc.net.conf
+++ b/nginx/domains/tv.ffmuc.net.conf
@@ -8,8 +8,8 @@ proxy_cache_path /var/cache/nginx-tv levels=1:2 keys_zone=tv_cache:10m max_size=
 server {
     listen 80;
     listen [::]:80;
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name tv.ffmuc.net;
 
     root /srv/www/{{ domain }};
diff --git a/nginx/domains/uisp.ffmuc.net.conf b/nginx/domains/uisp.ffmuc.net.conf
index c0cd5109..b1932072 100644
--- a/nginx/domains/uisp.ffmuc.net.conf
+++ b/nginx/domains/uisp.ffmuc.net.conf
@@ -8,8 +8,8 @@ upstream uisp_inform_backend {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     listen 80;
     listen [::]:80;
     listen 8080;
diff --git a/nginx/domains/unifi.ffmuc.net.conf b/nginx/domains/unifi.ffmuc.net.conf
index 651884b7..dec5bd77 100644
--- a/nginx/domains/unifi.ffmuc.net.conf
+++ b/nginx/domains/unifi.ffmuc.net.conf
@@ -8,8 +8,8 @@ upstream unifi_inform_backend {
 }
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     listen 80;
     listen [::]:80;
     listen 8080;
diff --git a/nginx/files/default.conf b/nginx/files/default.conf
index 025a3ccc..61b32270 100644
--- a/nginx/files/default.conf
+++ b/nginx/files/default.conf
@@ -1,8 +1,8 @@
 server {
     listen 80 default;
     listen [::]:80 default;
-    listen 443 ssl http2 default;
-    listen [::]:443 ssl http2 default;
+    listen 443 ssl default;
+    listen [::]:443 ssl default;
 
     server_name _;
 
diff --git a/nginx/files/nginx.conf.jinja b/nginx/files/nginx.conf.jinja
index 48901a47..fb589472 100644
--- a/nginx/files/nginx.conf.jinja
+++ b/nginx/files/nginx.conf.jinja
@@ -29,6 +29,8 @@ http {
 	sendfile_max_chunk 512k;
 	server_tokens off;
 
+	http2 on;
+
 	server_names_hash_bucket_size 128;
 	# server_name_in_redirect off;
 
diff --git a/nginx/files/nginx_vhost.jinja2 b/nginx/files/nginx_vhost.jinja2
index 69c64575..c5e6054b 100644
--- a/nginx/files/nginx_vhost.jinja2
+++ b/nginx/files/nginx_vhost.jinja2
@@ -3,8 +3,8 @@
 ###
 
 server {
-    listen 443 ssl http2;
-    listen [::]:443 ssl http2;
+    listen 443 ssl;
+    listen [::]:443 ssl;
     server_name {{ domain }};
 
     root /srv/www/{{ domain }};