Use include files for re-using HTTP/3 specific nginx directives.

roots · Jul 30, 2024 · 01d6ea8 · 01d6ea8
1 parent 7b6e711
commit 01d6ea8
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 18 deletions.
diff --git a/roles/wordpress-setup/tasks/nginx.yml b/roles/wordpress-setup/tasks/nginx.yml
@@ -23,6 +23,13 @@
 
 - import_tasks: "{{ playbook_dir }}/roles/common/tasks/disable_challenge_sites.yml"
 
+- name: Copy Nginx wordpress site configs
+  copy:
+    src: templates/includes
+    dest: "{{ nginx_path }}"
+    mode: '0755'
+  notify: reload nginx
+
 - name: Create Nginx available sites
   template:
     src: "{{ item.src }}"

diff --git a/roles/wordpress-setup/templates/includes/directive-only/http3-negotiate-redirect.conf b/roles/wordpress-setup/templates/includes/directive-only/http3-negotiate-redirect.conf
@@ -0,0 +1,2 @@
+# Add Alt-Svc header to negotiate HTTP/3 (when redirecting from HTTP).
+add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
diff --git a/roles/wordpress-setup/templates/includes/directive-only/http3-negotiate.conf b/roles/wordpress-setup/templates/includes/directive-only/http3-negotiate.conf
@@ -0,0 +1,2 @@
+# Add Alt-Svc header to negotiate HTTP/3.
+add_header alt-svc 'h3=":443"; ma=86400';
diff --git a/roles/wordpress-setup/templates/includes/directive-only/http3-tune.conf b/roles/wordpress-setup/templates/includes/directive-only/http3-tune.conf
@@ -0,0 +1,7 @@
+quic_retry on;
+
+# enable 0-RTT
+ssl_early_data on;
+proxy_set_header Early-Data $ssl_early_data;
+
+quic_gso on;
diff --git a/roles/wordpress-setup/templates/wordpress-site.conf.j2 b/roles/wordpress-setup/templates/wordpress-site.conf.j2
@@ -24,14 +24,8 @@ server {
   {% endblock %}
 
   {% if ssl_enabled and nginx_http3_enabled -%}
-  quic_retry on;
-  # enable 0-RTT
-  ssl_early_data on;
-  proxy_set_header Early-Data $ssl_early_data;
-  quic_gso on;
-
-  # Add Alt-Svc header to negotiate HTTP/3.
-  add_header alt-svc 'h3=":443"; ma=86400';
+  include includes/directive-only/http3-tune.conf;
+  include includes/directive-only/http3-negotiate.conf;
   {% endif -%}
 
   {% block server_basic -%}
@@ -296,8 +290,7 @@ server {
   {{ self.includes_d() -}}
 
   {% if ssl_enabled and nginx_http3_enabled -%}
-  # Add Alt-Svc header to negotiate HTTP/3 (when redirecting from HTTP).
-  add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
+  include includes/directive-only/http3-negotiate-redirect.conf;
   {% endif -%}
 
   location / {
@@ -333,14 +326,8 @@ server {
   server_name {{ host.redirects | join(' ') }};
 
   {% if ssl_enabled and nginx_http3_enabled -%}
-  quic_retry on;
-  # enable 0-RTT
-  ssl_early_data on;
-  proxy_set_header Early-Data $ssl_early_data;
-  quic_gso on;
-
-  # Add Alt-Svc header to negotiate HTTP/3 (when redirecting from HTTP).
-  add_header alt-svc 'h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400';
+  include includes/directive-only/http3-tune.conf;
+  include includes/directive-only/http3-negotiate-redirect.conf;
   {% endif -%}
 
   {{ self.https() -}}