From 9ea3a30b9f63bfe9c63a8e172e8bafe6029be0d2 Mon Sep 17 00:00:00 2001
From: Andrea Dell'Amico <andrea.dellamico@isti.cnr.it>
Date: Tue, 21 Jul 2020 15:59:24 +0200
Subject: [PATCH] nginx: enable http2 when the OS supports it.

---
 defaults/main.yml           | 2 --
 templates/nginx-virthost.j2 | 6 +-----
 2 files changed, 1 insertion(+), 7 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index 3eb137c..79ce2b5 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -87,8 +87,6 @@ nginx_basic_auth_users: []
 nginx_webroot: /usr/share/nginx/html
 nginx_letsencrypt_managed: True
 nginx_websockets_support: False
-# Set it to 'ssl http2' if the nginx version supports it
-nginx_ssl_type: ssl
 # When we do not use letsencrypt:
 # nginx_ssl_cert_file: '{{ pki_dir }}/certs/nginx.crt'
 # nginx_ssl_cert_key: '{{ pki_dir }}/keys/nginx.key'
diff --git a/templates/nginx-virthost.j2 b/templates/nginx-virthost.j2
index d5f52b9..9303f0c 100644
--- a/templates/nginx-virthost.j2
+++ b/templates/nginx-virthost.j2
@@ -187,11 +187,7 @@ server {
 
 {% if item.ssl_enabled %}
 server {
-    {% if item.https_port is defined %}
-    listen {{ item.https_port }} {{ nginx_ssl_type }};
-    {% else %}
-    listen {{ https_port | default('443') }} {{ nginx_ssl_type }};
-    {% endif %}
+    listen {% if item.https_port is defined %} {{ item.https_port }} {% else %} {{ https_port | default('443') }} {% endif %} ssl {% if ansible_distribution_release != "trusty" %} http2{% endif %};
     server_name {{ item.server_name }} {% if item.serveraliases is defined %}{{ item.serveraliases }}{% endif %};
 
     {% if item.access_log is defined %}