From f3c38da56cf4da34cf8df6237dae879afa08bf1a Mon Sep 17 00:00:00 2001 From: Oier Bravo Urtasun Date: Tue, 9 Jun 2026 01:03:39 +0200 Subject: [PATCH] fix(nginx): use legacy listen-flag http2 for older nginx The `http2 on;` directive needs nginx 1.25.1+; older builds reject it. Move http2 onto the listen line (`listen 443 ssl http2;`) which works on old and new nginx alike. Applied to both vhost templates. Co-Authored-By: Claude Opus 4.8 (1M context) --- nginx/ulicraft-caddy.conf.tmpl | 20 ++++++++------------ nginx/ulicraft.conf.tmpl | 15 ++++++--------- 2 files changed, 14 insertions(+), 21 deletions(-) diff --git a/nginx/ulicraft-caddy.conf.tmpl b/nginx/ulicraft-caddy.conf.tmpl index 731db89..5e3681e 100644 --- a/nginx/ulicraft-caddy.conf.tmpl +++ b/nginx/ulicraft-caddy.conf.tmpl @@ -40,9 +40,8 @@ server { # caddy routes by the forwarded Host header (apex -> www, auth -> drasl, # pack -> packwiz files). server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name ${BASE_DOMAIN}; ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem; @@ -60,9 +59,8 @@ server { } server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name auth.${BASE_DOMAIN}; ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem; @@ -80,9 +78,8 @@ server { } server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name pack.${BASE_DOMAIN}; ssl_certificate ${APP_DIR}/certs/pack.${BASE_DOMAIN}/cert.pem; @@ -98,9 +95,8 @@ server { } server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name distribution.${BASE_DOMAIN}; ssl_certificate ${APP_DIR}/certs/distribution.${BASE_DOMAIN}/cert.pem; diff --git a/nginx/ulicraft.conf.tmpl b/nginx/ulicraft.conf.tmpl index b21de2d..1539a36 100644 --- a/nginx/ulicraft.conf.tmpl +++ b/nginx/ulicraft.conf.tmpl @@ -28,9 +28,8 @@ server { # /ca.crt from the caddy path is intentionally omitted: LE certs are publicly # trusted, so guests need no CA import. server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name ${BASE_DOMAIN}; ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem; @@ -51,9 +50,8 @@ server { # Pack — packwiz metadata (./pack) + custom jars (./custom at /custom/). server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name pack.${BASE_DOMAIN}; ssl_certificate ${APP_DIR}/certs/pack.${BASE_DOMAIN}/cert.pem; @@ -73,9 +71,8 @@ server { # Auth — reverse proxy to drasl (published on localhost by the nginx override). server { - listen 443 ssl; - listen [::]:443 ssl; - http2 on; + listen 443 ssl http2; + listen [::]:443 ssl http2; server_name auth.${BASE_DOMAIN}; ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem;