fix(nginx): use legacy listen-flag http2 for older nginx

The `http2 on;` directive needs nginx 1.25.1+; older builds reject it. Move
http2 onto the listen line (`listen 443 ssl http2;`) which works on old and
new nginx alike. Applied to both vhost templates.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
2026-06-09 01:03:39 +02:00
parent 21e6080e78
commit f3c38da56c
2 changed files with 14 additions and 21 deletions

View File

@@ -40,9 +40,8 @@ server {
# caddy routes by the forwarded Host header (apex -> www, auth -> drasl, # caddy routes by the forwarded Host header (apex -> www, auth -> drasl,
# pack -> packwiz files). # pack -> packwiz files).
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
http2 on;
server_name ${BASE_DOMAIN}; server_name ${BASE_DOMAIN};
ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem; ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem;
@@ -60,9 +59,8 @@ server {
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
http2 on;
server_name auth.${BASE_DOMAIN}; server_name auth.${BASE_DOMAIN};
ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem; ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem;
@@ -80,9 +78,8 @@ server {
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
http2 on;
server_name pack.${BASE_DOMAIN}; server_name pack.${BASE_DOMAIN};
ssl_certificate ${APP_DIR}/certs/pack.${BASE_DOMAIN}/cert.pem; ssl_certificate ${APP_DIR}/certs/pack.${BASE_DOMAIN}/cert.pem;
@@ -98,9 +95,8 @@ server {
} }
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
http2 on;
server_name distribution.${BASE_DOMAIN}; server_name distribution.${BASE_DOMAIN};
ssl_certificate ${APP_DIR}/certs/distribution.${BASE_DOMAIN}/cert.pem; ssl_certificate ${APP_DIR}/certs/distribution.${BASE_DOMAIN}/cert.pem;

View File

@@ -28,9 +28,8 @@ server {
# /ca.crt from the caddy path is intentionally omitted: LE certs are publicly # /ca.crt from the caddy path is intentionally omitted: LE certs are publicly
# trusted, so guests need no CA import. # trusted, so guests need no CA import.
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
http2 on;
server_name ${BASE_DOMAIN}; server_name ${BASE_DOMAIN};
ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem; ssl_certificate ${APP_DIR}/certs/${BASE_DOMAIN}/cert.pem;
@@ -51,9 +50,8 @@ server {
# Pack — packwiz metadata (./pack) + custom jars (./custom at /custom/). # Pack — packwiz metadata (./pack) + custom jars (./custom at /custom/).
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
http2 on;
server_name pack.${BASE_DOMAIN}; server_name pack.${BASE_DOMAIN};
ssl_certificate ${APP_DIR}/certs/pack.${BASE_DOMAIN}/cert.pem; ssl_certificate ${APP_DIR}/certs/pack.${BASE_DOMAIN}/cert.pem;
@@ -73,9 +71,8 @@ server {
# Auth — reverse proxy to drasl (published on localhost by the nginx override). # Auth — reverse proxy to drasl (published on localhost by the nginx override).
server { server {
listen 443 ssl; listen 443 ssl http2;
listen [::]:443 ssl; listen [::]:443 ssl http2;
http2 on;
server_name auth.${BASE_DOMAIN}; server_name auth.${BASE_DOMAIN};
ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem; ssl_certificate ${APP_DIR}/certs/auth.${BASE_DOMAIN}/cert.pem;