Always enable HTTP2 if available (#5646)

thom · thom · commit 07301fcf1971 · 2020-06-22T23:42:55.000+02:00
diff --git a/server/conf/nginx_vhost.conf.master b/server/conf/nginx_vhost.conf.master
@@ -12,7 +12,7 @@ server {
         listen [::]:<tmpl_var name='http_port'>;
 </tmpl_if>
 <tmpl_if name='ssl_enabled'>
-        listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if};
+        listen <tmpl_var name='ip_address'>:<tmpl_var name='https_port'> ssl http2;
 <tmpl_if name='use_proxy_protocol' op='==' value='y'>
 <tmpl_if name='proxy_protocol_https' op='>' value='0'>
         listen <tmpl_var name='ip_address'>:<tmpl_var name='proxy_protocol_https'> ssl proxy_protocol;
@@ -22,10 +22,10 @@ server {
 		# ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
 		# ssl_prefer_server_ciphers on;
 <tmpl_if name='ipv6_enabled'>
-        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if};
+        listen [<tmpl_var name='ipv6_address'>]:<tmpl_var name='https_port'> ssl http2;
 </tmpl_if>
 <tmpl_if name='ipv6_wildcard'>
-        listen [::]:<tmpl_var name='https_port'> ssl{tmpl_if name='enable_http2' op='==' value='y'} http2{/tmpl_if};
+        listen [::]:<tmpl_var name='https_port'> ssl http2;
 </tmpl_if>
         ssl_certificate <tmpl_var name='ssl_crt_file'>;
         ssl_certificate_key <tmpl_var name='ssl_key_file'>;
diff --git a/server/conf/vhost.conf.master b/server/conf/vhost.conf.master
@@ -50,12 +50,10 @@
 		ServerAdmin webmaster@<tmpl_var name='domain'>
 
 <tmpl_if name='ssl_enabled'>
-<tmpl_if name='enable_http2' op='==' value='y'>
 		Protocols h2 http/1.1
 		SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
 		SSLCipherSuite 'EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS'
 </tmpl_if>
-</tmpl_if>
 
 <tmpl_if name='logging' op='==' value='anon'>
 		ErrorLog "|/usr/local/ispconfig/server/scripts/vlogger -e -n -P -t \"error.log\" /var/log/ispconfig/httpd/<tmpl_var name='domain'>"
@@ -387,7 +385,7 @@
                 Action php-fcgi /php-fcgi virtual
 				Alias /php-fcgi {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'}
 <tmpl_if name='use_tcp'>
-                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization  -pass-header Content-Type    
+                FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -host 127.0.0.1:<tmpl_var name='fpm_port'> -pass-header Authorization  -pass-header Content-Type
 </tmpl_if>
 <tmpl_if name='use_socket'>
                 FastCgiExternalServer {tmpl_var name='document_root'}/cgi-bin/php-fcgi-{tmpl_var name='ip_address'}-{tmpl_var name='port'}-{tmpl_var name='domain'} -idle-timeout 300 -socket <tmpl_var name='fpm_socket'> -pass-header Authorization  -pass-header Content-Type
@@ -513,9 +511,9 @@
 		RewriteCond %{REQUEST_URI} !^/php-fcgi/
 		RewriteCond %{REQUEST_URI} !^<tmpl_var name='rewrite_target'>
 </tmpl_if>
-		
+
 		RewriteRule   ^/(.*)$ <tmpl_var name='rewrite_target'><tmpl_if name="rewrite_add_path" op="==" value="y">$1</tmpl_if>  <tmpl_var name='rewrite_type'>
-	
+
 </tmpl_loop>
 <tmpl_if name='ssl_enabled'>
 <tmpl_else>
diff --git a/server/plugins-available/apache2_plugin.inc.php b/server/plugins-available/apache2_plugin.inc.php
@@ -1235,17 +1235,6 @@ function update($event_name, $data) {
 		// Use separate bundle file only for apache versions < 2.4.8
 		if(@is_file($bundle_file) && version_compare($app->system->getapacheversion(true), '2.4.8', '<')) $vhost_data['has_bundle_cert'] = 1;
 
-		// HTTP/2.0 ?
-		$vhost_data['enable_http2']  = 'n';
-		if($vhost_data['enable_spdy'] == 'y'){
-			// check if apache supports http_v2
-			exec("2>&1 apachectl -M | grep http2_module", $tmp_output, $tmp_retval);
-			if($tmp_retval == 0){
-				$vhost_data['enable_http2']  = 'y';
-			}
-			unset($tmp_output, $tmp_retval);
-		}
-
 		// Set SEO Redirect
 		if($data['new']['seo_redirect'] != ''){
 			$vhost_data['seo_redirect_enabled'] = 1;
diff --git a/server/plugins-available/nginx_plugin.inc.php b/server/plugins-available/nginx_plugin.inc.php
@@ -1517,18 +1517,6 @@ function update($event_name, $data) {
 			}
 		}
 
-		// http2 or spdy?
-		$vhost_data['enable_http2']  = 'n';
-		if($vhost_data['enable_spdy'] == 'y'){
-			// check if nginx support http_v2; if so, use that instead of spdy
-			exec("2>&1 nginx -V | tr -- - '\n' | grep http_v2_module", $tmp_output, $tmp_retval);
-			if($tmp_retval == 0){
-				$vhost_data['enable_http2']  = 'y';
-				$vhost_data['enable_spdy'] = 'n';
-			}
-			unset($tmp_output, $tmp_retval);
-		}
-
 		//proxy protocol settings
 		if($web_config['vhost_proxy_protocol_enabled'] == "y"){
 		    if((int)$web_config['vhost_proxy_protocol_https_port'] > 0) {
