Skip to content

fix(nginx): enable HTTP/2 support for SSL server block, from nginx 1.25.1 #186

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Honghe wants to merge 1 commit into
base: main
Choose a base branch
from
+2 −3
Open

fix(nginx): enable HTTP/2 support for SSL server block, from nginx 1.25.1 #186

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 2 additions & 3 deletions nginx/conf.d/default.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,9 +25,8 @@ server {

server {
server_name _;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
http2 on;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
Comment on lines +28 to +29
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Apr 19, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find and examine relevant files
find . -name "env.example" -o -name "default.conf" | head -20

Repository: mattermost/docker

Length of output: 102

🏁 Script executed:

# Check the full context of the nginx config file
cat -n nginx/conf.d/default.conf | head -40

Repository: mattermost/docker

Length of output: 1635

🏁 Script executed:

# Look for any nginx version specifications
rg "nginx" --type txt | grep -i version | head -10

Repository: mattermost/docker

Length of output: 209

🏁 Script executed:

# Read env.example to find nginx version requirement
cat -n env.example | head -50

Repository: mattermost/docker

Length of output: 2497

🌐 Web query:

nginx 1.25 http2 directive changes deprecated listen http2

💡 Result:

In nginx version 1.25.1 (released June 13, 2023), the "http2" parameter in the "listen" directive (e.g., "listen 443 ssl http2;") was deprecated. Instead, use the new "http2" directive (e.g., "http2 on;") at the server block level. This change enables HTTP/2 on a per-server basis and allows sharing HTTP/2 and HTTP/1.1 on the same port without warnings. Example old config: listen 443 ssl http2; listen [::]:443 ssl http2; Example new config: listen 443 ssl; listen [::]:443 ssl; http2 on; Using the old syntax triggers warnings like: "nginx: [warn] the 'listen ... http2' directive is deprecated, use the 'http2' directive instead". Official documentation confirms: - ngx_http_v2_module: "http2" directive introduced in 1.25.1, enables HTTP/2. - ngx_http_core_module listen: "http2" parameter deprecated, use "http2" directive instead. This deprecation started in 1.25.1, part of the 1.25.x stable series (1.25.0 introduced experimental HTTP/3). As of 2026, nginx 1.29.x is current, but the change remains relevant for configs on 1.25+.

Citations:

🌐 Web query:

nginx http2 on directive server block 1.25.1

💡 Result:

In nginx version 1.25.1 and later, the "http2" directive enables HTTP/2 in the server block. Syntax: http2 on; or http2 off; Default: off. Context: http, server. This appeared in version 1.25.1. Example configuration in a server block: server { listen 443 ssl; listen [::]:443 ssl; # IPv6 http2 on; # SSL certificates and other config... } The previous method using "listen 443 ssl http2;" is deprecated starting from nginx 1.25.1, and using it triggers a warning: "nginx: [warn] the 'listen ... http2' directive is deprecated, use the 'http2' directive instead". HTTP/2 requires SSL/TLS and ALPN support in OpenSSL (1.0.2+). Server push support was removed in 1.25.1.

Citations:

Update listen directives to use the http2 directive instead of the deprecated listen ... http2 parameter.

Lines 28–29 use the deprecated http2 parameter in the listen directive. Since this repository requires nginx 1.25.1 or later (as specified in env.example), remove http2 from the listen directives and add http2 on; in the server block. This avoids deprecation warnings.

Proposed fix 
-    listen 443 ssl http2 default_server;
-    listen [::]:443 ssl http2 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    http2 on;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@nginx/conf.d/default.conf` around lines 28 - 29, Remove the deprecated
"http2" parameter from the listen directives (the lines currently reading
"listen 443 ssl http2 default_server;" and "listen [::]:443 ssl http2
default_server;") and instead enable HTTP/2 by adding a single "http2 on;"
directive inside the same server block (e.g., alongside other server-level
directives); update the listen lines to "listen 443 ssl default_server;" and
"listen [::]:443 ssl default_server;" and add "http2 on;" within the server
block to avoid deprecation warnings.


# logging
access_log /var/log/nginx/mm.access.log;
Expand Down