From d5414a2eef61676caf085443bc1ad1849a992e93 Mon Sep 17 00:00:00 2001 From: Ng Chin Kiong Date: Tue, 6 Sep 2016 12:12:11 +0800 Subject: [PATCH] added support for http/2 --- defaults/main.yml | 3 ++- templates/sites-available/drupal-site.j2 | 16 ++++++++++++---- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 851a311..50e3f22 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -12,6 +12,7 @@ nginx_drupal_use_boost: false nginx_drupal_use_drush: true nginx_drupal_allow_install: false nginx_drupal_use_spdy: false +nginx_drupal_use_http2: false nginx_drupal_php_fpm_status_allowed_hosts: ["127.0.0.1", "192.168.1.0/24"] nginx_drupal_nginx_status_allowed_hosts: ["127.0.0.1", "192.168.1.0/24"] nginx_drupal_hotlinking_protection: false @@ -26,7 +27,7 @@ nginx_drupal_http_core: client_max_body_size: "10m" ssl_session_cache: true nginx_drupal_ssl_protocols: [ "SSLv3", "TLSv1", "TLSv1.1", "TLSv1.2" ] -nginx_drupal_ssl_ecdh_curve: "secp521r1" +nginx_drupal_ssl_ecdh_curve: "secp521r1" nginx_drupal_ssl_ciphers: "ECDH+aRSA+AESGCM:ECDH+aRSA+SHA384:ECDH+aRSA+SHA256:ECDH:EDH+CAMELLIA:EDH+aRSA:+CAMELLIA256:+AES256:+CAMELLIA128:+AES128:+SSLv3:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS:!RC4:!SEED:!ECDSA:CAMELLIA256-SHA:AES256-SHA:CAMELLIA128-SHA:AES128-SHA" nginx_drupal_upstream_servers: ["unix:/var/run/php-fpm.sock", "php-fpm-zwei.sock"] nginx_drupal_upstream_backup_servers: ["unix:/var/run/php-fpm-bkp.sock"] diff --git a/templates/sites-available/drupal-site.j2 b/templates/sites-available/drupal-site.j2 index 556dd87..5a88920 100644 --- a/templates/sites-available/drupal-site.j2 +++ b/templates/sites-available/drupal-site.j2 @@ -156,14 +156,18 @@ server { server { ## This is to avoid the spurious if for sub-domain name ## "rewriting". - {% if nginx_drupal_use_spdy %} + {% if nginx_drupal_use_http2 %} + listen {{item.https.port}} ssl http2; # IPv4 + {% elif nginx_drupal_use_spdy %} listen {{item.https.port}} ssl spdy; # IPv4 {% else %} listen {{item.https.port}} ssl; # IPv4 {% endif %} {% if item.ipv6 is defined %} - {% if nginx_drupal_use_spdy %} + {% if nginx_drupal_use_http2 %} + listen [{{item.ipv6}}]:{{item.https.port}} ssl http2 ipv6only=on; + {% elif nginx_drupal_use_spdy %} listen [{{item.ipv6}}]:{{item.https.port}} ssl spdy ipv6only=on; {% else %} listen [{{item.ipv6}}]:{{item.https.port}} ssl ipv6only=on; @@ -187,14 +191,18 @@ server { ## HTTPS server. server { - {% if nginx_drupal_use_spdy %} + {% if nginx_drupal_use_http2 %} + listen {{item.https.port}} ssl http2; # IPv4 + {% elif nginx_drupal_use_spdy %} listen {{item.https.port}} ssl spdy; # IPv4 {% else %} listen {{item.https.port}} ssl; # IPv4 {% endif %} {% if item.ipv6 is defined %} - {% if nginx_drupal_use_spdy %} + {% if nginx_drupal_use_http2 %} + listen [{{item.ipv6}}]:{{item.https.port}} ssl http2 ipv6only=on; + {% elif nginx_drupal_use_spdy %} listen [{{item.ipv6}}]:{{item.https.port}} ssl spdy ipv6only=on; {% else %} listen [{{item.ipv6}}]:{{item.https.port}} ssl ipv6only=on;