search

NginxProxyManager / nginx-proxy-manager

Docker container for managing Nginx proxy hosts with a simple, powerful interface
https://nginxproxymanager.com
MIT License
22.6k stars 2.62k forks source link

use the "http2" directive instead warning #4060

Open jicho opened 1 week ago

jicho commented 1 week ago

Checklist

Describe the bug When I start the latest of version 2.11.3 I get the following warnings on my configs:

nginx-proxy-manager  | ❯ Starting nginx ...
nginx-proxy-manager  | ❯ Starting backend ...
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/18.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/18.conf:15
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/19.conf:14
nginx-proxy-manager  | nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/19.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/19.conf:15
nginx-proxy-manager  | nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/19.conf:15
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/2.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/2.conf:15
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/20.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/20.conf:15
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/22.conf:19
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/22.conf:20
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/23.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/23.conf:15

5.conf contains:

[root@docker-fde7a6d46668:/data/nginx/proxy_host]# cat 5.conf 
# ------------------------------------------------------------
# name.example.com
# ------------------------------------------------------------

server {
  set $forward_scheme http;
  set $server         "127.0.0.1";
  set $port           81;

  listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

  server_name name.example.com;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;

  # Block Exploits
  include conf.d/include/block-exploits.conf;

  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000; preload" always;

    # Force SSL
    include conf.d/include/force-ssl.conf;

  access_log /data/logs/proxy-host-5_access.log proxy;
  error_log /data/logs/proxy-host-5_error.log warn;

  location / {

    # Access Rules: 1 total

    allow 192.168.11.0/24;

    deny all;

    # Access checks must...

    satisfy any;

  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000; preload" always;

    # Proxy!
    include conf.d/include/proxy.conf;
  }

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

Data of 6.conf:

[root@docker-fde7a6d46668:/data/nginx/proxy_host]# cat 6.conf 
# ------------------------------------------------------------
# hello.example.com
# ------------------------------------------------------------

server {
  set $forward_scheme http;
  set $server         "172.17.0.1";
  set $port           9091;

  listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

  server_name hello.example.com;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;

  # Block Exploits
  include conf.d/include/block-exploits.conf;

  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000; preload" always;

    # Force SSL
    include conf.d/include/force-ssl.conf;

  access_log /data/logs/proxy-host-6_access.log proxy;
  error_log /data/logs/proxy-host-6_error.log warn;

location / {
    include /snippets/proxy.conf;
    proxy_pass $forward_scheme://$server:$port;
    add_header Access-Control-Allow-Origin *;
}

  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

How to solve this? It looks like the http2 is a warning on all my configs...

Nginx Proxy Manager Version 2.11.3

To Reproduce Steps to reproduce the behavior:

  1. Add a proxy site
  2. Restart NPM
  3. Look at the logs

Expected behavior No warning :)

Operating System Synology NAS

Additional context

ChrSchu90 commented 1 week ago

The syntax to enable http2 support has been changed.

Old (deprecated):

  listen 80;
  listen [::]:80;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

New:

  listen 80;
  listen [::]:80;

  listen 443 ssl;
  listen [::]:443 ssl;
  http2 on;
stathismes commented 5 days ago

Yes. but that needs to be fixed in the code, because all new hosts .conf files are still created with old syntax.

talondnb commented 5 days ago

Yes. but that needs to be fixed in the code, because all new hosts .conf files are still created with old syntax.

I came here to find the same. Even if you turn it off, then on again in a proxy host, it doesn't alter the conf file.