|
@@ -429,6 +429,7 @@ proxy_set_header Proxy "";
|
|
|
server {
|
|
server {
|
|
|
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
|
server_name _; # This is just an invalid value which will never trigger on a real hostname.
|
|
|
server_tokens off;
|
|
server_tokens off;
|
|
|
|
|
+ http2 on;
|
|
|
{{- if $fallback_http }}
|
|
{{- if $fallback_http }}
|
|
|
listen {{ $globals.external_http_port }}; {{- /* Do not add `default_server` (see comment above). */}}
|
|
listen {{ $globals.external_http_port }}; {{- /* Do not add `default_server` (see comment above). */}}
|
|
|
{{- if $globals.enable_ipv6 }}
|
|
{{- if $globals.enable_ipv6 }}
|
|
@@ -436,9 +437,9 @@ server {
|
|
|
{{- end }}
|
|
{{- end }}
|
|
|
{{- end }}
|
|
{{- end }}
|
|
|
{{- if $fallback_https }}
|
|
{{- if $fallback_https }}
|
|
|
- listen {{ $globals.external_https_port }} ssl http2; {{- /* Do not add `default_server` (see comment above). */}}
|
|
|
|
|
|
|
+ listen {{ $globals.external_https_port }} ssl; {{- /* Do not add `default_server` (see comment above). */}}
|
|
|
{{- if $globals.enable_ipv6 }}
|
|
{{- if $globals.enable_ipv6 }}
|
|
|
- listen [::]:{{ $globals.external_https_port }} ssl http2; {{- /* Do not add `default_server` (see comment above). */}}
|
|
|
|
|
|
|
+ listen [::]:{{ $globals.external_https_port }} ssl; {{- /* Do not add `default_server` (see comment above). */}}
|
|
|
{{- end }}
|
|
{{- end }}
|
|
|
ssl_session_cache shared:SSL:50m;
|
|
ssl_session_cache shared:SSL:50m;
|
|
|
ssl_session_tickets off;
|
|
ssl_session_tickets off;
|
|
@@ -548,6 +549,7 @@ server {
|
|
|
{{- if $server_tokens }}
|
|
{{- if $server_tokens }}
|
|
|
server_tokens {{ $server_tokens }};
|
|
server_tokens {{ $server_tokens }};
|
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
|
+ http2 on;
|
|
|
{{ $globals.access_log }}
|
|
{{ $globals.access_log }}
|
|
|
{{- if or (eq $https_method "nohttps") (not $cert_ok) (eq $https_method "noredirect") }}
|
|
{{- if or (eq $https_method "nohttps") (not $cert_ok) (eq $https_method "noredirect") }}
|
|
|
listen {{ $globals.external_http_port }} {{ $default_server }};
|
|
listen {{ $globals.external_http_port }} {{ $default_server }};
|
|
@@ -556,9 +558,9 @@ server {
|
|
|
{{- end }}
|
|
{{- end }}
|
|
|
{{- end }}
|
|
{{- end }}
|
|
|
{{- if ne $https_method "nohttps" }}
|
|
{{- if ne $https_method "nohttps" }}
|
|
|
- listen {{ $globals.external_https_port }} ssl http2 {{ $default_server }};
|
|
|
|
|
|
|
+ listen {{ $globals.external_https_port }} ssl {{ $default_server }};
|
|
|
{{- if $globals.enable_ipv6 }}
|
|
{{- if $globals.enable_ipv6 }}
|
|
|
- listen [::]:{{ $globals.external_https_port }} ssl http2 {{ $default_server }};
|
|
|
|
|
|
|
+ listen [::]:{{ $globals.external_https_port }} ssl {{ $default_server }};
|
|
|
{{- end }}
|
|
{{- end }}
|
|
|
|
|
|
|
|
{{- if $cert_ok }}
|
|
{{- if $cert_ok }}
|
Nicolas Duchon