Permalink
Browse files

Upgrade to HTTP/2

  • Loading branch information...
iamcarrico committed May 2, 2016
1 parent d573fb6 commit 388688edb161b504e995b884e854e4de3dca5ae3
@@ -1,2 +1,3 @@
.vagrant
public_html
playbook.retry
@@ -1,6 +1,6 @@
# I. Am. Carrico. Server

These are the playbooks used for the I. Am. Carrico. servers.
These are the playbooks used for the I. Am. Carrico. servers.

## Requirements

@@ -13,5 +13,5 @@ $ brew install ansible
You also must have the following Ansible galaxy roles installed:

```bash
$ ansible-galaxy install Ansibles.nginx
$ ansible-galaxy install ANXS.nginx
```
@@ -1,4 +1,14 @@
---
# Variables for all instances.

nginx_source_version: 1.6.1
nginx_source_version: 1.10.0
nginx_source_modules_included:
http_v2_module: "--with-http_v2_module"
http_ssl_module: "--with-http_ssl_module"
openssl: "--with-openssl=/tmp/openssl-{{ openssl_version }}"
http_gzip_static_module: "--with-http_gzip_static_module"
upload_progress_module: "--add-module=/tmp/nginx-upload-progress-module-{{nginx_upload_progress_version}}"
headers_more_module: "--add-module=/tmp/headers-more-nginx-module-{{nginx_headers_more_version}}"
http_auth_request_module: "--add-module=/tmp/ngx_http_auth_request_module-{{nginx_auth_request_release}}"
ipv6_module: "--with-ipv6"
http_real_ip_module: "--with-http_realip_module"
@@ -1,21 +1,22 @@
- name: "Server setup tasks"
hosts: all
sudo: yes
become: true
roles:
- common
- Ansibles.nginx
- ANXS.nginx
- varnish
- php

- name: Development Server
hosts: development
sudo: yes
become: true
roles:
- development

- name: Configure Sites
tags: site_config
hosts: all
sudo: yes
become: true
roles:
- site_config
- certs
Submodule ANXS.nginx added at cf5371
@@ -1,13 +1,8 @@
server {
listen 443 ssl spdy;
listen 443 ssl http2;
server_name {{ ansible_fqdn }};
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";

spdy_keepalive_timeout 300; # up from 180 secs default
keepalive_timeout 300; # up from 75 secs default
# enable SPDY header compression
spdy_headers_comp 6;

ssl on;
ssl_certificate /etc/nginx/ssl/selfsigned.crt;
ssl_certificate_key /etc/nginx/ssl/selfsigned.key;
@@ -4,9 +4,9 @@
- name: Update Apt Cache
apt: update_cache=yes

- include: apt-packages.yml tags=apt
- include: editors.yml tags=editors
- include: etckeeper.yml tags=etckeeper
- include: motd.yml tags=motd
- include: ssh.yml tags=ssh
- include: tty.yml tags=tty
- include: apt-packages.yml
- include: editors.yml
- include: etckeeper.yml
- include: motd.yml
- include: ssh.yml
- include: tty.yml
@@ -1,7 +1,7 @@
---
# Install PHP

- name: Install PHP FastCGI and required
- name: Install PHP FastCGI and required
apt: name={{ item }} state=installed
with_items:
- php5-fpm
@@ -19,4 +19,4 @@
shell: mv /usr/local/bin/composer.phar /usr/local/bin/composer creates=/usr/local/bin/composer

- name: Ensure is composer executable
shell: chmod a+x /usr/local/bin/composer
file: path=/usr/local/bin/composer mode=a+x
@@ -27,11 +27,14 @@
- name: Create all redirects
template: src=redirect.j2 dest=/etc/nginx/sites-available/redirect
notify: restart nginx
when: redirect_domains is defined
register: redirects_added
tags:
- redirect

- name: Enable redirects
command: ln -s /etc/nginx/sites-available/redirect /etc/nginx/sites-enabled/redirect creates=/etc/nginx/sites-enabled/redirect
file: src=/etc/nginx/sites-available/redirect dest=/etc/nginx/sites-enabled/redirect state=link
notify: restart nginx
when: redirect_domains is defined
tags:
- redirect
@@ -1,13 +1,11 @@
server {
listen 443 ssl spdy;
# IPv6
listen [::]:443 ssl http2;
# IPv4
listen 443 ssl http2;
server_name {{ server_name }};
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";

spdy_keepalive_timeout 300; # up from 180 secs default
keepalive_timeout 300; # up from 75 secs default
# enable SPDY header compression
spdy_headers_comp 6;

ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
@@ -1,11 +1,15 @@
server {
# Technically, for most browsers this is not needed anymore. This site is on
# every major browser's HSTS preload list.
listen [::]:80;
listen 80;
server_name {{ server_name }} www.{{ server_name }};
return 301 https://{{ server_name }}$request_uri;
}

server {
listen 443 ssl spdy;
listen 443 ssl http2;
listen [::]443 ssl http2;
server_name www.{{ server_name }};
return 301 https://{{ server_name }}$request_uri;
}

1 comment on commit 388688e

@banderson623

This comment has been minimized.

Copy link

banderson623 commented on 388688e May 2, 2016

👍

Please sign in to comment.