nginxinc · alessfg · Jul 5, 2023 · Jun 29, 2023 · Jul 3, 2023 · Jul 3, 2023
@@ -204,8 +204,6 @@ nginx_config_http_template:
             port: 80
             default_server: true  # Boolean
             ssl: false  # Boolean
-            http2: false  # Boolean
-            spdy: false  # Boolean
             proxy_protocol: false  # Boolean
             fastopen: 12  # Number
             backlog: 511  # Number
@@ -273,6 +271,13 @@ nginx_config_http_template:
         underscores_in_headers: false  # Boolean -- Not available in the 'location' context
         variables_hash_bucket_size: 64  # Available only in the 'http' context
         variables_hash_max_size: 1024  # Available only in the 'http' context
+      http2: # all options are for 'http' or 'server' contexts only unless noted otherwise
+        enable: false
+        body_preread_size: 64k
+        chunk_size: 8k # can be used in a 'location' context
+        max_concurrent_streams: 128
+        recv_buffer_size: 256k # 'http' level only
+        recv_timeout: 20s
       ssl:  # Configure SSL
         buffer_size: 16k
         certificate: /path/to/file  # String or a list of strings

@@ -229,6 +229,13 @@
                 underscores_in_headers: false
                 variables_hash_bucket_size: 64
                 variables_hash_max_size: 1024
+              http2:
+                enable: true
+                body_preread_size: 128k
+                chunk_size: 8k
+                max_concurrent_streams: 31
+                recv_buffer_size: 128k
+                recv_timeout: 10s
               ssl:
                 buffer_size: 16k
                 certificate: /etc/ssl/certs/molecule.crt
@@ -548,8 +555,6 @@
                         port: 80
                         default_server: true
                         ssl: false
-                        http2: false
-                        spdy: false
                         proxy_protocol: false
                         fastopen: 12
                         backlog: 511
@@ -577,6 +582,9 @@
                     try_files:
                       files: $uri
                       uri: /images/default.gif
+                  http2:
+                    enable: false
+                    chunk_size: 8k
                   auth_basic:
                     realm: false
                   log:
@@ -653,6 +661,8 @@
                       core:
                         index: frontend_index.html
                         root: /usr/share/nginx/html
+                      http2:
+                        chunk_size: 8k
                     - location: /alias
                       core:
                         alias: /usr/share/nginx/html

@@ -141,7 +141,6 @@ lingering_timeout {{ core['lingering_timeout'] }};
 listen {{ listen['address'] if listen['address'] is defined }}{{ ':' if listen['address'] is defined and listen['port'] is defined }}{{ listen['port'] if listen['port'] is defined -}}
 {{- ' default_server' if listen['default_server'] is defined and listen['default_server'] is boolean and listen['default_server'] | bool -}}
 {{- ' ssl' if listen['ssl'] is defined and listen['ssl'] is boolean and listen['ssl'] | bool -}}
-{{- ' http2' if listen['http2'] is defined and listen['http2'] is boolean and listen['http2'] | bool else ' spdy' if listen['spdy'] is defined and listen['spdy'] is boolean and listen['spdy'] | bool -}}
 {{- ' proxy_protocol' if listen['proxy_protocol'] is defined and listen['proxy_protocol'] is boolean and listen['proxy_protocol'] | bool -}}
 {{- (' setfib=' + listen['setfib'] | string) if listen['setfib'] is defined -}}
 {{- (' fastopen=' + listen['fastopen'] | string) if listen['fastopen'] is defined and listen['fastopen'] is number -}}

@@ -8,6 +8,10 @@
 {% from 'http/core.j2' import core with context %}
 {{ core(item['config']['core']) }}
 {%- endif %}
+{% if item['config']['http2'] is defined %}
+{% from 'http/modules.j2' import http2 with context %}
+{{ http2(item['config']['http2'], 'http') }}
+{%- endif %}
 {% if item['config']['ssl'] is defined %}
 {% from 'http/ssl.j2' import ssl with context %}
 {{ ssl(item['config']['ssl']) }}
@@ -124,6 +128,12 @@ server {
     {{ core(server['core']) }}
 {%- endfilter %}
 {% endif %}
+{% if server['http2'] is defined %}
+{% from 'http/modules.j2' import http2 with context %}
+{% filter indent(4) %}
+    {{ http2(server['http2'], 'server') }}
+{%- endfilter %}
+{% endif %}
 {% if server['ssl'] is defined %}
 {% from 'http/ssl.j2' import ssl with context %}
 {% filter indent(4) %}
@@ -278,6 +288,12 @@ server {
         {{ core(location['core']) }}
 {%- endfilter %}
 {% endif %}
+{% if location['http2'] is defined %}
+{% from 'http/modules.j2' import http2 with context %}
+{% filter indent(8) %}
+        {{ http2(location['http2'], 'location') }}
+{%- endfilter %}
+{% endif %}
 {% if location['app_protect_waf'] is defined %}
 {% from 'http/app_protect.j2' import app_protect_waf with context %}
 {% filter indent(8) %}

@@ -330,3 +330,26 @@ sub_filter_types {{ sub_filter['types'] if sub_filter['types'] is string else su
 {% endif %}
 
 {% endmacro %}
+
+{# NGINX HTTP v2 -- ngx_http_v2_module #}
+{% macro http2(http2, scope='http') %}
+{% if http2 is defined %}
+{% if scope != 'location' %} {# 'http' and 'server' contexts #}
+{% if http2['enabled'] is defined and http2['enabled'] is boolean %}
+http2 {{ http2['enabled'] | ternary('on', 'off') }};
+{% endif %}
+{% if http2['body_preread_size'] is defined %}
+http2_body_preread_size {{ http2['body_preread_size'] }};
+{% endif %}
+{% if http2['max_concurrent_streams'] is defined %}
+http2_max_concurrent_streams {{ http2['max_concurrent_streams'] }};
+{% endif %}
+{% endif %}
+{% if scope == 'http' and http2['recv_buffer_size'] is defined %} {# can only be in 'http' context #}
+http2_recv_buffer_size {{ http2['recv_buffer_size'] }};
+{% endif %}
+{% if http2['chunk_size'] is defined %} {# can be wherever #}
+http2_chunk_size {{ http2['chunk_size'] }};
+{% endif %}
+{% endif %}
+{% endmacro%}