nginx-proxy-manager icon indicating copy to clipboard operation
nginx-proxy-manager copied to clipboard
Published 1 month ago verified publisher icon NginxProxyManager

use the "http2" directive instead warning

Open jicho opened this issue 1 year ago • 3 comments

Checklist

  • Have you pulled and found the error with jc21/nginx-proxy-manager:latest docker image?
    • Yes
  • Are you sure you're not using someone else's docker image?
    • Yes
  • Have you searched for similar issues (both open and closed)?
    • Yes

Describe the bug When I start the latest of version 2.11.3 I get the following warnings on my configs:

nginx-proxy-manager  | ❯ Starting nginx ...
nginx-proxy-manager  | ❯ Starting backend ...
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/18.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/18.conf:15
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/19.conf:14
nginx-proxy-manager  | nginx: [warn] protocol options redefined for 0.0.0.0:443 in /data/nginx/proxy_host/19.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/19.conf:15
nginx-proxy-manager  | nginx: [warn] protocol options redefined for [::]:443 in /data/nginx/proxy_host/19.conf:15
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/2.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/2.conf:15
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/20.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/20.conf:15
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/22.conf:19
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/22.conf:20
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/23.conf:14
nginx-proxy-manager  | nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead in /data/nginx/proxy_host/23.conf:15

5.conf contains:

[root@docker-fde7a6d46668:/data/nginx/proxy_host]# cat 5.conf 
# ------------------------------------------------------------
# name.example.com
# ------------------------------------------------------------


server {
  set $forward_scheme http;
  set $server         "127.0.0.1";
  set $port           81;

  listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;


  server_name name.example.com;


  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;






  # Block Exploits
  include conf.d/include/block-exploits.conf;



  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000; preload" always;





    # Force SSL
    include conf.d/include/force-ssl.conf;





  access_log /data/logs/proxy-host-5_access.log proxy;
  error_log /data/logs/proxy-host-5_error.log warn;







  location / {


    

    # Access Rules: 1 total
    
    allow 192.168.11.0/24;
    
    deny all;

    # Access checks must...
    
    satisfy any;
    




  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000; preload" always;





    

    # Proxy!
    include conf.d/include/proxy.conf;
  }


  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

Data of 6.conf:

[root@docker-fde7a6d46668:/data/nginx/proxy_host]# cat 6.conf 
# ------------------------------------------------------------
# hello.example.com
# ------------------------------------------------------------


server {
  set $forward_scheme http;
  set $server         "172.17.0.1";
  set $port           9091;

  listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;


  server_name hello.example.com;


  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;






  # Block Exploits
  include conf.d/include/block-exploits.conf;



  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000; preload" always;





    # Force SSL
    include conf.d/include/force-ssl.conf;





  access_log /data/logs/proxy-host-6_access.log proxy;
  error_log /data/logs/proxy-host-6_error.log warn;

location / {
    include /snippets/proxy.conf;
    proxy_pass $forward_scheme://$server:$port;
    add_header Access-Control-Allow-Origin *;
}





  # Custom
  include /data/nginx/custom/server_proxy[.]conf;
}

How to solve this? It looks like the http2 is a warning on all my configs...

Nginx Proxy Manager Version 2.11.3

To Reproduce Steps to reproduce the behavior:

  1. Add a proxy site
  2. Restart NPM
  3. Look at the logs

Expected behavior No warning :)

Operating System Synology NAS

Additional context

jicho avatar Oct 12 '24 07:10 jicho

The syntax to enable http2 support has been changed.

Old (deprecated):

  listen 80;
  listen [::]:80;

  listen 443 ssl http2;
  listen [::]:443 ssl http2;

New:

  listen 80;
  listen [::]:80;

  listen 443 ssl;
  listen [::]:443 ssl;
  http2 on;

ChrSchu90 avatar Oct 12 '24 17:10 ChrSchu90

Yes. but that needs to be fixed in the code, because all new hosts .conf files are still created with old syntax.

stathismes avatar Oct 16 '24 09:10 stathismes

Yes. but that needs to be fixed in the code, because all new hosts .conf files are still created with old syntax.

I came here to find the same. Even if you turn it off, then on again in a proxy host, it doesn't alter the conf file.

talondnb avatar Oct 16 '24 10:10 talondnb

Me too, I hope to fix the bug as soon as possible

cola77777 avatar Nov 06 '24 13:11 cola77777

Same problem doesn't change the conf file when turning off and on again. When changing it manual the error messages are gone, but when making a change via the GUI then the conf file is back to the old "http2" way!

BobWs avatar Nov 07 '24 12:11 BobWs

Bug is fixed and already merged, just wait for the next release.

geertmeersman avatar Nov 14 '24 11:11 geertmeersman

Does this fix patch the conf files or are we going to have to resave each one to fix them?

quadcom avatar Nov 15 '24 00:11 quadcom

I only saw the conf file patch when you save them, but not when installing in my opinion, but I could have missed it.

You can always execute this in your conf files folder:

sed -i 's/listen 443 ssl http2;/listen 443 ssl;\nhttp2 on;/g'

https://github.com/NginxProxyManager/nginx-proxy-manager/commit/d7e0558a35a50a3f117e129ceec698b3ee15aefb

geertmeersman avatar Nov 15 '24 08:11 geertmeersman

For me (using npm docker), the following command did the trick: sed -i '/listen \[::\]:443 ssl http2;/d' ./data/nginx/proxy_host/*.conf

schnillerman avatar Dec 30 '24 01:12 schnillerman

For me a combination of the two worked from docker: sed -i 's/listen 443 ssl http2;/listen 443 ssl;\nhttp2 on;/g' /data/nginx/proxy_host/*.conf

f22raptorroland avatar Feb 23 '25 20:02 f22raptorroland

old

listen 80;
listen [::]:80;

listen 443 ssl http2;
listen [::]:443 ssl http2;

shell

sed -i 's/listen 443 ssl http2;/listen 443 ssl;\nhttp2 on;/g' /path/*.conf
sed -i '/^listen \[::\]:443 ssl http2;/s/ http2//' /path/*.conf

new

listen 80;
listen [::]:80;

listen 443 ssl;
http2 on;
listen [::]:443 ssl;

loveyu avatar Apr 01 '25 02:04 loveyu

I'm running NPM in a Docker container on a Synology NAS. To ensure everything is set up correctly after making changes in NPM, I've added a bash script to the Task Scheduler. The script executes sed commands inside the Docker container to update the Nginx configuration files.

#!/bin/bash

# Execute the sed commands inside the Docker container
docker exec npm-out /bin/bash -c "
  cd /data/nginx/proxy_host &&
  sed -i 's/listen 443 ssl http2;/listen 443 ssl;\nhttp2 on;/g' *.conf &&
  sed -i '/^listen $$::$$:443 ssl http2;/s/ http2//' *.conf
" >> /volume1/documents/logs/npm/nginx_update.log 2>&1

This script updates the listen directives in the Nginx configuration files to remove HTTP/2 support. The changes are logged to /volume1/documents/logs/npm/nginx_update.log for debugging purposes."

BobWs avatar Apr 05 '25 12:04 BobWs

Issue is now considered stale. If you want to keep it open, please comment :+1:

github-actions[bot] avatar Oct 24 '25 02:10 github-actions[bot]