Disable HTTP/2 setting is not honored in the proxy conf files.

[Miwer]

Hi,

I found this bug, that I cannot disable HTTP/2 support for my proxy sites via the web interface. In the conf file, it is still enabled, and clients are still able to use HTTP/2.

If I manually edit the conf file, and remove the "http2" text from the listen line, it works as intended.

HTTP/2 disabled in web ui:

... but not disabled in conf file:

[Miwer]

May I also suggest putting a pop-up note (like the question mark on the HSTS button) on the HTTP/2 setting, with the information, that if even one proxy host has HTTP/2 enabled, it will be enabled for all proxy hosts on the same listener address+port, regardless of the setting in the individual proxy hosts. It cannot be disabled for only one, while keeping it enabled for another.

[TonyBostonTB]

Why is this not even commented on?

[ehosinski]

Is there a way to add max age to the hsts? I tried doing it in the conf files but it just keeps setting it to 0. There are worse things but I would prefer to actually use the HSTS header as intended. The files themselves actually have 2 years but all of my responses are 0.

HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)

add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;

[ghost]

i also have the same issue - is there a solution for it?

[ehosinski]

i also have the same issue - is there a solution for it?

Not that I'm aware of unfortunately

[GitIgnoreMaybe]

@Miwer Both are good remarks. But actually, it doesn't really work for me.

To replicate:

• Turn off all HTTP/2 support in the UI
• Go to the mount -> ./data/nginx/proxy_host
• Change the configs and remove the http2
• Go pack to the UI open a proxy host and just click save without changing anything
• Back to the corresponding config

-> The http2 is back in the config.

[ghost]

@Miwer Both are good remarks. But actually, it doesn't really work for me.

To replicate:

• Turn off all HTTP/2 support in the UI
• Go to the mount -> ./data/nginx/proxy_host
• Change the configs and remove the http2
• Go pack to the UI open a proxy host and just click save without changing anything
• Back to the corresponding config

-> The http2 is back in the config.

I can replicate this too doing your steps.

I took the issue to a nextcloud forum (http2 support on the system hosting nginx caps the transfer speed to around 50mps on local transfer using reverse proxy) they suggest that http2 is enabled as a module when creating a new VM in ubuntu as part of the setup. you can choose to disable it on creation and that a system wide change like this would circumnavigate this bug.

Truth be told ive not tested this fully

[Miwer]

Thanks for the feedback. Personally I've moved on from nginx, and using Traefik now, and so I am abandoning this issue. Please feel free to reopen, if you feel the need. I'm out.

[tomshomelab]

Thanks for the feedback. Personally I've moved on from nginx, and using Traefik now, and so I am abandoning this issue. Please feel free to reopen, if you feel the need. I'm out.

I can replicate this issue doing your steps too. I also came here from nextlcoud limitation for transfer speeds and https2 being suggested as the culprit.

would be grand if this bug was fixed!

[tschaefermedia]

The issue still exists. i replicated it using the outlined steps.