fix(nginx): enable HTTP/2 support for SSL server block, from nginx 1.25.1

[Honghe]

Summary

new nginx doesn't support the Individual instruction of http2. put it in listen instruction.

Ticket Link

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated the Nginx HTTPS listener directives to consolidate HTTP/2 configuration from a standalone http2 on; directive into the listen statements for both IPv4 and IPv6 default servers, maintaining equivalent functionality.

Changes

Cohort / File(s)	Summary
Nginx Configuration nginx/conf.d/default.conf	Consolidated HTTP/2 enablement by moving the http2 on; directive into the listen directives themselves, changing listen 443 ssl default_server to listen 443 ssl http2 default_server for both IPv4 and IPv6 addresses.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and specifically describes the main change: enabling HTTP/2 support for the SSL server block in nginx by moving the configuration from a standalone directive to the listen instruction, with a version reference.
Description check	✅ Passed	The description explains the rationale for the change: newer nginx versions (from 1.25.1) no longer support the individual http2 directive and require it to be specified in the listen directive instead.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@nginx/conf.d/default.conf`:
- Around line 28-29: Remove the deprecated "http2" parameter from the listen
directives (the lines currently reading "listen 443 ssl http2 default_server;"
and "listen [::]:443 ssl http2 default_server;") and instead enable HTTP/2 by
adding a single "http2 on;" directive inside the same server block (e.g.,
alongside other server-level directives); update the listen lines to "listen 443
ssl default_server;" and "listen [::]:443 ssl default_server;" and add "http2
on;" within the server block to avoid deprecation warnings.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 885bba39-781f-4828-8633-011aef23a73c

📥 Commits

Reviewing files that changed from the base of the PR and between 1423a77 and a552f06.

📒 Files selected for processing (1)

• nginx/conf.d/default.conf

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# Find and examine relevant files
find . -name "env.example" -o -name "default.conf" | head -20

Repository: mattermost/docker

Length of output: 102

---

🏁 Script executed:

# Check the full context of the nginx config file
cat -n nginx/conf.d/default.conf | head -40

Repository: mattermost/docker

Length of output: 1635

---

🏁 Script executed:

# Look for any nginx version specifications
rg "nginx" --type txt | grep -i version | head -10

Repository: mattermost/docker

Length of output: 209

---

🏁 Script executed:

# Read env.example to find nginx version requirement
cat -n env.example | head -50

Repository: mattermost/docker

Length of output: 2497

---

🌐 Web query:

nginx 1.25 http2 directive changes deprecated listen http2

💡 Result:

In nginx version 1.25.1 (released June 13, 2023), the "http2" parameter in the "listen" directive (e.g., "listen 443 ssl http2;") was deprecated. Instead, use the new "http2" directive (e.g., "http2 on;") at the server block level. This change enables HTTP/2 on a per-server basis and allows sharing HTTP/2 and HTTP/1.1 on the same port without warnings. Example old config: listen 443 ssl http2; listen [::]:443 ssl http2; Example new config: listen 443 ssl; listen [::]:443 ssl; http2 on; Using the old syntax triggers warnings like: "nginx: [warn] the 'listen ... http2' directive is deprecated, use the 'http2' directive instead". Official documentation confirms: - ngx_http_v2_module: "http2" directive introduced in 1.25.1, enables HTTP/2. - ngx_http_core_module listen: "http2" parameter deprecated, use "http2" directive instead. This deprecation started in 1.25.1, part of the 1.25.x stable series (1.25.0 introduced experimental HTTP/3). As of 2026, nginx 1.29.x is current, but the change remains relevant for configs on 1.25+.

Citations:

• 1: https://spinupwp.com/doc/deprecated-http2-directive-nginx/
• 2: http://nginx.org/pipermail/nginx/2023-June/HKMIKLBDMF2EDYNVMZWERI3LMF4VAGO2.html
• 3: https://nginx.org/en/CHANGES
• 4: https://hg.nginx.org/nginx/rev/release-1.25.1
• 5: https://nginx.org/en/CHANGES-1.26
• 6: https://nginx.org/docs/http/ngx_http_v2_module.html
• 7: https://nginx.org/r/listen

---

🌐 Web query:

nginx http2 on directive server block 1.25.1

💡 Result:

In nginx version 1.25.1 and later, the "http2" directive enables HTTP/2 in the server block. Syntax: http2 on; or http2 off; Default: off. Context: http, server. This appeared in version 1.25.1. Example configuration in a server block: server { listen 443 ssl; listen [::]:443 ssl; # IPv6 http2 on; # SSL certificates and other config... } The previous method using "listen 443 ssl http2;" is deprecated starting from nginx 1.25.1, and using it triggers a warning: "nginx: [warn] the 'listen ... http2' directive is deprecated, use the 'http2' directive instead". HTTP/2 requires SSL/TLS and ALPN support in OpenSSL (1.0.2+). Server push support was removed in 1.25.1.

Citations:

• 1: https://nginx.org/docs/http/ngx_http_v2_module.html
• 2: https://nginx.org/en/CHANGES-1.26
• 3: https://nginx.org/en/CHANGES
• 4: https://nginx.org/en/docs/http/ngx_http_v2_module.html

---

Update listen directives to use the http2 directive instead of the deprecated listen ... http2 parameter.

Lines 28–29 use the deprecated http2 parameter in the listen directive. Since this repository requires nginx 1.25.1 or later (as specified in env.example), remove http2 from the listen directives and add http2 on; in the server block. This avoids deprecation warnings.

Proposed fix

-    listen 443 ssl http2 default_server;
-    listen [::]:443 ssl http2 default_server;
+    listen 443 ssl default_server;
+    listen [::]:443 ssl default_server;
+    http2 on;

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@nginx/conf.d/default.conf` around lines 28 - 29, Remove the deprecated
"http2" parameter from the listen directives (the lines currently reading
"listen 443 ssl http2 default_server;" and "listen [::]:443 ssl http2
default_server;") and instead enable HTTP/2 by adding a single "http2 on;"
directive inside the same server block (e.g., alongside other server-level
directives); update the listen lines to "listen 443 ssl default_server;" and
"listen [::]:443 ssl default_server;" and add "http2 on;" within the server
block to avoid deprecation warnings.

[aminvakil]

You've got it exactly backwards :)

https://nginx.org/en/docs/http/ngx_http_v2_module.html#http2