diff --git a/roles/archive_web/templates/nginx.d.conf.j2 b/roles/archive_web/templates/nginx.d.conf.j2
index 4d37bd460728b05dcb429e1a88175ea98fcee49d..17e2beabc8e411e39dd41e0bcc25e482a12d898c 100644
--- a/roles/archive_web/templates/nginx.d.conf.j2
+++ b/roles/archive_web/templates/nginx.d.conf.j2
@@ -16,8 +16,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ archive_domain }};
access_log /var/log/nginx/{{ archive_domain }}/access.log reduced;
diff --git a/roles/archmanweb/templates/nginx.d.conf.j2 b/roles/archmanweb/templates/nginx.d.conf.j2
index 35058a181cde8edefe85d7f9e45aa185f7512eb0..275f38162b0c6565b0e91b18ac4603c4fe980ce0 100644
--- a/roles/archmanweb/templates/nginx.d.conf.j2
+++ b/roles/archmanweb/templates/nginx.d.conf.j2
@@ -23,8 +23,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ archmanweb_domain }};
access_log /var/log/nginx/{{ archmanweb_domain }}/access.log reduced;
diff --git a/roles/archweb/templates/ipxe.archlinux.org.j2 b/roles/archweb/templates/ipxe.archlinux.org.j2
index 5fbeac4e060608eb6cdb837bf6250104446d558a..721b8e3c393b7f8afbf57891cb52806078bdb68e 100644
--- a/roles/archweb/templates/ipxe.archlinux.org.j2
+++ b/roles/archweb/templates/ipxe.archlinux.org.j2
@@ -16,8 +16,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ domain['domain_name'] }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
diff --git a/roles/archweb/templates/maintenance-nginx.d.conf.j2 b/roles/archweb/templates/maintenance-nginx.d.conf.j2
index ad112acf36dae0de1200eac6b349ce02e657f87f..4ce5ca758378321dc9484e5e8591d33426eaa108 100644
--- a/roles/archweb/templates/maintenance-nginx.d.conf.j2
+++ b/roles/archweb/templates/maintenance-nginx.d.conf.j2
@@ -23,8 +23,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
@@ -64,8 +65,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ service_domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
diff --git a/roles/archweb/templates/nginx.d.conf.j2 b/roles/archweb/templates/nginx.d.conf.j2
index a2366d96043a35d3c5603449f6f08c0ae11c4de6..d23c418e2ecf68fd0010ad99822db19f36a1b2eb 100644
--- a/roles/archweb/templates/nginx.d.conf.j2
+++ b/roles/archweb/templates/nginx.d.conf.j2
@@ -50,8 +50,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ domain['domain'] }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
@@ -96,8 +97,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ archweb_domain }};
access_log /var/log/nginx/{{ archweb_domain }}/access.log reduced;
diff --git a/roles/archwiki/templates/nginx.d.conf.j2 b/roles/archwiki/templates/nginx.d.conf.j2
index 00c992b68c5147c4e988563787322b20a9919095..6003fd3210eb10b6cb4253dd547c4cfbada10452 100644
--- a/roles/archwiki/templates/nginx.d.conf.j2
+++ b/roles/archwiki/templates/nginx.d.conf.j2
@@ -31,8 +31,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ archwiki_domain }};
access_log /var/log/nginx/{{ archwiki_domain }}/access.log reduced;
diff --git a/roles/aurweb/templates/nginx.d.conf.j2 b/roles/aurweb/templates/nginx.d.conf.j2
index 487a6fad5d29e551b0f9dfa7dbf917871462d538..547fe49a3f448a09eb2229a59c83142acee3bd33 100644
--- a/roles/aurweb/templates/nginx.d.conf.j2
+++ b/roles/aurweb/templates/nginx.d.conf.j2
@@ -35,8 +35,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ aurweb_domain }};
access_log /var/log/nginx/{{ aurweb_domain }}/access.log main;
diff --git a/roles/dbscripts/templates/nginx.d.conf.j2 b/roles/dbscripts/templates/nginx.d.conf.j2
index 604495ad79bcd194fc374a5011c5249b46b9b0b1..eaee1c67e5defe594e606242d12bbeafa8b04517 100644
--- a/roles/dbscripts/templates/nginx.d.conf.j2
+++ b/roles/dbscripts/templates/nginx.d.conf.j2
@@ -3,8 +3,9 @@ proxy_cache_path /var/lib/nginx/cache levels=1:2 keys_zone=auth_cache:5m inacti
server {
listen 80;
listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ repos_domain }} {{repos_rsync_domain}};
root /srv/ftp;
diff --git a/roles/debuginfod/templates/nginx.d.conf.j2 b/roles/debuginfod/templates/nginx.d.conf.j2
index 5922ddd2ead326001e9b06a66d63fa89942a1227..b9396f0867cb575cc95bb918c500cb128bcf3941 100644
--- a/roles/debuginfod/templates/nginx.d.conf.j2
+++ b/roles/debuginfod/templates/nginx.d.conf.j2
@@ -16,8 +16,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ debuginfod_domain }};
access_log /var/log/nginx/{{ debuginfod_domain }}/access.log reduced;
diff --git a/roles/fluxbb/templates/nginx.conf.j2 b/roles/fluxbb/templates/nginx.conf.j2
index fdbeabfe5cf3f5c85d92775739b59198ee9b61d5..f4678cf833fa64b6c539b340e578ce7e97b95478 100644
--- a/roles/fluxbb/templates/nginx.conf.j2
+++ b/roles/fluxbb/templates/nginx.conf.j2
@@ -23,8 +23,9 @@ limit_req_zone $binary_remote_addr zone=bbslimit:10m rate=10r/s;
limit_req_status 429;
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ fluxbb_domain }};
root {{ fluxbb_dir }};
index index.php;
diff --git a/roles/grafana/templates/nginx.d.conf.j2 b/roles/grafana/templates/nginx.d.conf.j2
index ec628efd056156300e745f28bcae4b8ca6873b65..7a8583a0f27d0a2dabed37abbef5e7485aeb5ac1 100644
--- a/roles/grafana/templates/nginx.d.conf.j2
+++ b/roles/grafana/templates/nginx.d.conf.j2
@@ -25,8 +25,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ grafana_domain }};
access_log /var/log/nginx/{{ grafana_domain }}/access.log main;
diff --git a/roles/hedgedoc/templates/nginx.d.conf.j2 b/roles/hedgedoc/templates/nginx.d.conf.j2
index 7680bdacae65fff4a144bcc07fc9a4062a59bba8..d1257ce2a06ae1f20691714eb14f3c9b2698dddf 100644
--- a/roles/hedgedoc/templates/nginx.d.conf.j2
+++ b/roles/hedgedoc/templates/nginx.d.conf.j2
@@ -24,8 +24,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ hedgedoc_domain }};
access_log /var/log/nginx/{{ hedgedoc_domain }}/access.log main;
diff --git a/roles/keycloak/templates/nginx.d.conf.j2 b/roles/keycloak/templates/nginx.d.conf.j2
index 02cc2b3c1239b56d06b779a0e7af60530d0f473d..622e396c302004f581b7bfa4d3dd88f33823ff5a 100644
--- a/roles/keycloak/templates/nginx.d.conf.j2
+++ b/roles/keycloak/templates/nginx.d.conf.j2
@@ -16,8 +16,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ keycloak_domain }};
access_log /var/log/nginx/{{ keycloak_domain }}/access.log reduced;
diff --git a/roles/mailman/templates/nginx.d.conf.j2 b/roles/mailman/templates/nginx.d.conf.j2
index 3f2408e428ffbd5e5526431afe81facd83ff8360..eceb66e002ae67e2c7864f5299e1aab942ef14a4 100644
--- a/roles/mailman/templates/nginx.d.conf.j2
+++ b/roles/mailman/templates/nginx.d.conf.j2
@@ -35,8 +35,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ lists_domain }};
access_log /var/log/nginx/{{ lists_domain }}/access.log main;
diff --git a/roles/maintenance/templates/nginx-maintenance.conf.j2 b/roles/maintenance/templates/nginx-maintenance.conf.j2
index 9e746261ada82d562950f9e0ca3a806d04dafd64..640c9504b0ae235a16e96ded304fb11b14d6c63d 100644
--- a/roles/maintenance/templates/nginx-maintenance.conf.j2
+++ b/roles/maintenance/templates/nginx-maintenance.conf.j2
@@ -19,8 +19,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
@@ -60,8 +61,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ service_domain }};
access_log {{ maintenance_logs_dir }}/{{ service_domain }}-access.log reduced;
diff --git a/roles/matrix/templates/nginx.d.conf.j2 b/roles/matrix/templates/nginx.d.conf.j2
index 90161990f7315276212274eccc972830ee32d9e7..a353415c317ec21e46cf25761fdeedf916f8d800 100644
--- a/roles/matrix/templates/nginx.d.conf.j2
+++ b/roles/matrix/templates/nginx.d.conf.j2
@@ -22,8 +22,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ matrix_domain }};
access_log /var/log/nginx/{{ matrix_domain }}/access.log reduced;
diff --git a/roles/mirrorsync/templates/nginx.d.conf.j2 b/roles/mirrorsync/templates/nginx.d.conf.j2
index e0b85dd945b9b6295c49f9457bc2f391e21a56d0..22604eb5718d766a42dd8ea847fb333bd937de2d 100644
--- a/roles/mirrorsync/templates/nginx.d.conf.j2
+++ b/roles/mirrorsync/templates/nginx.d.conf.j2
@@ -1,8 +1,9 @@
server {
listen 80;
listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ item.value.mirror_domain }};
root {{ item.value.target }};
diff --git a/roles/mta_sts/templates/nginx.d.conf.j2 b/roles/mta_sts/templates/nginx.d.conf.j2
index cb7bb041693fa38a943a018a266d81305e574972..abdced5403433f8cc54c83827c82f3db3573f6c0 100644
--- a/roles/mta_sts/templates/nginx.d.conf.j2
+++ b/roles/mta_sts/templates/nginx.d.conf.j2
@@ -18,8 +18,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name mta-sts.{{ config.domains | join(' mta-sts.') }};
access_log /var/log/nginx/{{ domain }}/access.log reduced;
diff --git a/roles/ping/templates/nginx.d.conf.j2 b/roles/ping/templates/nginx.d.conf.j2
index fdef8a14d19bb04da9778b58ff696a0bba94b42d..0149561ca94dce43b9f2a73d1002f3b21ae6611f 100644
--- a/roles/ping/templates/nginx.d.conf.j2
+++ b/roles/ping/templates/nginx.d.conf.j2
@@ -2,8 +2,9 @@ server {
# We don't redirect to HTTPS because a redirect is considered a captive portal.
listen 80;
listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ ping_domain }};
access_log /var/log/nginx/{{ ping_domain }}/access.log reduced;
diff --git a/roles/public_html/templates/nginx.d.conf.j2 b/roles/public_html/templates/nginx.d.conf.j2
index 610292044af35179385234303cc5a1477f0360de..619ad61e357c04623cd1fee306f3c2171383164d 100644
--- a/roles/public_html/templates/nginx.d.conf.j2
+++ b/roles/public_html/templates/nginx.d.conf.j2
@@ -17,8 +17,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ public_domain }} www.{{ public_domain }};
root /srv/public_html;
diff --git a/roles/rebuilderd/templates/nginx.d.conf.j2 b/roles/rebuilderd/templates/nginx.d.conf.j2
index a1066fe64e3ed4d437d76998e1e55af1a42182a6..54ec638903ff40a34b3d44cf7afd41efd274e91f 100644
--- a/roles/rebuilderd/templates/nginx.d.conf.j2
+++ b/roles/rebuilderd/templates/nginx.d.conf.j2
@@ -16,8 +16,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ rebuilderd_domain }};
access_log /var/log/nginx/{{ rebuilderd_domain }}/access.log reduced;
diff --git a/roles/redirects/templates/nginx.d.conf.j2 b/roles/redirects/templates/nginx.d.conf.j2
index dca0cf059b5f4bf360311f4b0ad84f5392e36664..99bd9db9dbd1cb782914cb85e7d3379d338ad0a4 100644
--- a/roles/redirects/templates/nginx.d.conf.j2
+++ b/roles/redirects/templates/nginx.d.conf.j2
@@ -9,8 +9,9 @@ map $uri ${{ redirect.map | hash('md5') }} {
server {
listen 80;
listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ redirect.domain }};
access_log /var/log/nginx/{{ redirect.domain }}/access.log reduced;
diff --git a/roles/repo_archive_split_temp/templates/nginx.d.conf.j2 b/roles/repo_archive_split_temp/templates/nginx.d.conf.j2
index f7cd56ea658f8e7a46116bacd3c18f0283a4128f..0418761bae093ed9fef7573be7c9e82aa89f7ac3 100644
--- a/roles/repo_archive_split_temp/templates/nginx.d.conf.j2
+++ b/roles/repo_archive_split_temp/templates/nginx.d.conf.j2
@@ -1,8 +1,9 @@
server {
listen 80;
listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ repos_rsync_domain }};
root /srv/ftp;
diff --git a/roles/security_tracker/templates/nginx.d.conf.j2 b/roles/security_tracker/templates/nginx.d.conf.j2
index fead9206dc1f4552d7415eea3ebd65c1b2832dc9..d96a29a245a0723112b2ae7444647db1e2efcf80 100644
--- a/roles/security_tracker/templates/nginx.d.conf.j2
+++ b/roles/security_tracker/templates/nginx.d.conf.j2
@@ -29,8 +29,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ security_tracker_domain }};
access_log /var/log/nginx/{{ security_tracker_domain }}/access.log reduced;
diff --git a/roles/sources/templates/nginx.d.conf.j2 b/roles/sources/templates/nginx.d.conf.j2
index 0547095337f6c243e7b3ddf37645f1c7d2e9c1d8..4420e20792ceee3d5183db59f3be73586a8cd9ed 100644
--- a/roles/sources/templates/nginx.d.conf.j2
+++ b/roles/sources/templates/nginx.d.conf.j2
@@ -16,8 +16,9 @@ server {
}
server {
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ sources_domain }};
access_log /var/log/nginx/{{ sources_domain }}/access.log reduced;
diff --git a/roles/syncrepo/templates/nginx.d.conf.j2 b/roles/syncrepo/templates/nginx.d.conf.j2
index 182d623dbdc1d54b096db7553be337b6ee782575..e5925f8372dd52c5b4d2f87165e233be71ff27db 100644
--- a/roles/syncrepo/templates/nginx.d.conf.j2
+++ b/roles/syncrepo/templates/nginx.d.conf.j2
@@ -2,8 +2,9 @@
server {
listen 80;
listen [::]:80;
- listen 443 ssl http2;
- listen [::]:443 ssl http2;
+ listen 443 ssl;
+ listen [::]:443 ssl;
+ http2 on;
server_name {{ domain }};
root /srv/ftp;