diff --git a/manifests/config.pp b/manifests/config.pp index e631872..37631b3 100644 --- a/manifests/config.pp +++ b/manifests/config.pp @@ -93,6 +93,7 @@ class nginx::config( $sendfile = 'on', $server_tokens = 'on', $spdy = 'off', + $http2 = 'off', $ssl_stapling = 'off', $types_hash_bucket_size = '512', $types_hash_max_size = '1024', diff --git a/manifests/resource/vhost.pp b/manifests/resource/vhost.pp index 6653cc1..dd4a7c8 100644 --- a/manifests/resource/vhost.pp +++ b/manifests/resource/vhost.pp @@ -75,6 +75,7 @@ # certificates in the PEM format used to verify client certificates and # OCSP responses if ssl_stapling is enabled. # [*spdy*] - Toggles SPDY protocol. +# [*http2*] - Toggles HTTP/2 protocol. # [*server_name*] - List of vhostnames for which this vhost will # respond. Default [$name]. # [*www_root*] - Specifies the location on disk for files to be @@ -193,6 +194,7 @@ define nginx::resource::vhost ( $ssl_session_timeout = '5m', $ssl_trusted_cert = undef, $spdy = $::nginx::config::spdy, + $http2 = $::nginx::config::http2, $proxy = undef, $proxy_redirect = undef, $proxy_read_timeout = $::nginx::config::proxy_read_timeout, diff --git a/spec/defines/resource_vhost_spec.rb b/spec/defines/resource_vhost_spec.rb index 1cc0c34..a932177 100644 --- a/spec/defines/resource_vhost_spec.rb +++ b/spec/defines/resource_vhost_spec.rb @@ -374,6 +374,18 @@ describe 'nginx::resource::vhost' do :value => 'off', :match => %r'\s+listen\s+\*:443 ssl;', }, + { + :title => 'should set HTTP2', + :attr => 'http2', + :value => 'on', + :match => %r'\s+listen\s+\*:443 ssl http2;', + }, + { + :title => 'should not set HTTP2', + :attr => 'http2', + :value => 'off', + :match => %r'\s+listen\s+\*:443 ssl;', + }, { :title => 'should set the IPv4 listen options', :attr => 'listen_options', diff --git a/templates/vhost/vhost_ssl_header.erb b/templates/vhost/vhost_ssl_header.erb index 86db328..5e4ae2b 100644 --- a/templates/vhost/vhost_ssl_header.erb +++ b/templates/vhost/vhost_ssl_header.erb @@ -3,19 +3,19 @@ server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> - listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> - listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> <%- if @ipv6_enable && (defined? @ipaddress6) -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; + listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; <%- end -%> <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; + listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; <%- end -%> <%- end -%> server_name www.<%= s.gsub(/^www\./, '') %>; @@ -30,19 +30,19 @@ server { server { <%- if @listen_ip.is_a?(Array) then -%> <%- @listen_ip.each do |ip| -%> - listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%- else -%> - listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; + listen <%= @listen_ip %>:<%= @ssl_port %> <% if @ssl_listen_option %>ssl<% end %><% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @listen_options %> <%= @listen_options %><% end %>; <%- end -%> <%# check to see if ipv6 support exists in the kernel before applying -%> <%- if @ipv6_enable && (defined? @ipaddress6) -%> <%- if @ipv6_listen_ip.is_a?(Array) then -%> <%- @ipv6_listen_ip.each do |ipv6| -%> - listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; + listen [<%= ipv6 %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; <%- end -%> <%- else -%> - listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; + listen [<%= @ipv6_listen_ip %>]:<%= @ssl_port %> ssl<% if @http2 == 'on' %> http2<% end %><% if @spdy == 'on' %> spdy<% end %><% if @ipv6_listen_options %> <%= @ipv6_listen_options %><% end %>; <%- end -%> <%- end -%> server_name <%= @rewrite_www_to_non_www ? @server_name.join(" ").gsub(/(^| )(www\.)?(?=[a-z0-9])/, '') : @server_name.join(" ") %>;