commit db5e165a2d9ed905c1ca197fb2b80ec60e98097b
parent f668724d9190e7968967e472e84e69906d06f470
Author: Florian Dold <florian@dold.me>
Date: Mon, 30 Mar 2026 16:07:34 +0200
don't do http2/http3 yet
Diffstat:
2 files changed, 14 insertions(+), 10 deletions(-)
diff --git a/roles/webserver/files/etc/nginx/conf.d/http2-http3.conf b/roles/webserver/files/etc/nginx/conf.d/http2-http3.conf
@@ -2,11 +2,14 @@
# Sets HTTP/2 and HTTP/3 (QUIC) globally inside the http{} context.
# All per-server listen/quic directives live in listen.conf.inc.
-http2 on;
-http3 on;
-quic_retry on;
+# FIXME: We still disable http2/http3 for now,
+# due to networking issues with the taler-merchant.
-ssl_early_data on;
+http2 off;
+http3 off;
+quic_retry off;
+
+ssl_early_data off;
# FIXME: comment-in later, upgrade fails if we put this immediately,
# we need to run once without, otherwise nginx will see these
diff --git a/roles/webserver/files/etc/nginx/conf.d/listen.conf.inc b/roles/webserver/files/etc/nginx/conf.d/listen.conf.inc
@@ -1,13 +1,14 @@
listen 443 ssl;
listen [::]:443 ssl;
-listen 443 quic;
-listen [::]:443 quic;
-http2 on; # redundant with global, but explicit per spec
-http3 on;
-quic_retry on;
+#listen 443 quic;
+#listen [::]:443 quic;
+
+http2 off; # redundant with global, but explicit per spec
+http3 off;
+quic_retry off;
# Advertise support for HTTP3
-add_header Alt-Svc 'h3=":443"; ma=86400';
+#add_header Alt-Svc 'h3=":443"; ma=86400';
# Do not identify as nginx
server_tokens off;
