Added HTTP/2 Support for SSL enabled hosts

src/backend/migrations/20181113041458_http2_support.js

@@ -0,0 +1,51 @@
+'use strict';
+
+const migrate_name = 'http2_support';
+const logger       = require('../logger').migrate;
+
+/**
+ * Migrate
+ *
+ * @see http://knexjs.org/#Schema
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.up = function (knex/*, Promise*/) {
+    logger.info('[' + migrate_name + '] Migrating Up...');
+
+    return knex.schema.table('proxy_host', function (proxy_host) {
+        proxy_host.integer('http2_support').notNull().unsigned().defaultTo(0);
+    })
+        .then(() => {
+            logger.info('[' + migrate_name + '] proxy_host Table altered');
+
+            return knex.schema.table('redirection_host', function (redirection_host) {
+                redirection_host.integer('http2_support').notNull().unsigned().defaultTo(0);
+            });
+        })
+        .then(() => {
+            logger.info('[' + migrate_name + '] redirection_host Table altered');
+
+            return knex.schema.table('dead_host', function (dead_host) {
+                dead_host.integer('http2_support').notNull().unsigned().defaultTo(0);
+            });
+        })
+        .then(() => {
+            logger.info('[' + migrate_name + '] dead_host Table altered');
+        });
+};
+
+/**
+ * Undo Migrate
+ *
+ * @param   {Object}  knex
+ * @param   {Promise} Promise
+ * @returns {Promise}
+ */
+exports.down = function (knex, Promise) {
+    logger.warn('[' + migrate_name + '] You can\'t migrate down this one.');
+    return Promise.resolve(true);
+};
+

src/backend/schema/definitions.json

@@ -186,6 +186,11 @@
       "type": "string",
       "pattern": "^(letsencrypt|other)$"
     },
+    "http2_support": {
+      "description": "HTTP2 Protocol Support",
+      "example": false,
+      "type": "boolean"
+    },
     "block_exploits": {
       "description": "Should we block common exploits",
       "example": true,

src/backend/schema/endpoints/dead-hosts.json

@@ -24,6 +24,9 @@
     "ssl_forced": {
       "$ref": "../definitions.json#/definitions/ssl_forced"
     },
+    "http2_support": {
+      "$ref": "../definitions.json#/definitions/http2_support"
+    },
     "advanced_config": {
       "type": "string"
     },
@@ -50,6 +53,9 @@
     "ssl_forced": {
       "$ref": "#/definitions/ssl_forced"
     },
+    "http2_support": {
+      "$ref": "#/definitions/http2_support"
+    },
     "advanced_config": {
       "$ref": "#/definitions/advanced_config"
     },
@@ -101,6 +107,9 @@
           "ssl_forced": {
             "$ref": "#/definitions/ssl_forced"
           },
+          "http2_support": {
+            "$ref": "#/definitions/http2_support"
+          },
           "advanced_config": {
             "$ref": "#/definitions/advanced_config"
           },
@@ -138,6 +147,9 @@
           "ssl_forced": {
             "$ref": "#/definitions/ssl_forced"
           },
+          "http2_support": {
+            "$ref": "#/definitions/http2_support"
+          },
           "advanced_config": {
             "$ref": "#/definitions/advanced_config"
           },

src/backend/schema/endpoints/proxy-hosts.json

@@ -34,6 +34,9 @@
     "ssl_forced": {
       "$ref": "../definitions.json#/definitions/ssl_forced"
     },
+    "http2_support": {
+      "$ref": "../definitions.json#/definitions/http2_support"
+    },
     "block_exploits": {
       "$ref": "../definitions.json#/definitions/block_exploits"
     },
@@ -80,6 +83,9 @@
     "ssl_forced": {
       "$ref": "#/definitions/ssl_forced"
     },
+    "http2_support": {
+      "$ref": "#/definitions/http2_support"
+    },
     "block_exploits": {
       "$ref": "#/definitions/block_exploits"
     },
@@ -151,6 +157,9 @@
           "ssl_forced": {
             "$ref": "#/definitions/ssl_forced"
           },
+          "http2_support": {
+            "$ref": "#/definitions/http2_support"
+          },
           "block_exploits": {
             "$ref": "#/definitions/block_exploits"
           },
@@ -206,6 +215,9 @@
           "ssl_forced": {
             "$ref": "#/definitions/ssl_forced"
           },
+          "http2_support": {
+            "$ref": "#/definitions/http2_support"
+          },
           "block_exploits": {
             "$ref": "#/definitions/block_exploits"
           },

src/backend/schema/endpoints/redirection-hosts.json

@@ -32,6 +32,9 @@
     "ssl_forced": {
       "$ref": "../definitions.json#/definitions/ssl_forced"
     },
+    "http2_support": {
+      "$ref": "../definitions.json#/definitions/http2_support"
+    },
     "block_exploits": {
       "$ref": "../definitions.json#/definitions/block_exploits"
     },
@@ -67,6 +70,9 @@
     "ssl_forced": {
       "$ref": "#/definitions/ssl_forced"
     },
+    "http2_support": {
+      "$ref": "#/definitions/http2_spport"
+    },
     "block_exploits": {
       "$ref": "#/definitions/block_exploits"
     },
@@ -128,6 +134,9 @@
           "ssl_forced": {
             "$ref": "#/definitions/ssl_forced"
           },
+          "http2_support": {
+            "$ref": "#/definitions/http2_support"
+          },
           "block_exploits": {
             "$ref": "#/definitions/block_exploits"
           },
@@ -174,6 +183,9 @@
           "ssl_forced": {
             "$ref": "#/definitions/ssl_forced"
           },
+          "http2_support": {
+            "$ref": "#/definitions/http2_support"
+          },
           "block_exploits": {
             "$ref": "#/definitions/block_exploits"
           },

src/backend/templates/_listen.conf

@@ -1,5 +1,5 @@
   listen 80;
 {% if certificate -%}
-  listen 443 ssl;
+  listen 443 ssl{% if http2 %} http2{% endif %};
 {% endif %}
-  server_name {{ domain_names | join: " " }};
+  server_name {{ domain_names | join: " " }};