From 4a385eadbaf2ca49e771778739a1515a7913c229 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <patrick@puiterwijk.org>
Date: Wed, 12 Sep 2018 01:27:39 +0200
Subject: [PATCH] Dont use h2 for (app.)os.stg.fedoraproject.org to fix
 websockets

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
---
 playbooks/include/proxies-websites.yml     | 7 +++++++
 roles/httpd/website/defaults/main.yml      | 1 +
 roles/httpd/website/templates/website.conf | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/playbooks/include/proxies-websites.yml b/playbooks/include/proxies-websites.yml
index 8013c539ec..403e1e6f1a 100644
--- a/playbooks/include/proxies-websites.yml
+++ b/playbooks/include/proxies-websites.yml
@@ -164,6 +164,7 @@
     server_aliases: [src.stg.fedoraproject.org]
     cert_name: "{{wildcard_cert_name}}"
     sslonly: true
+    use_h2: false
 
   - role: httpd/website
     site_name: download.fedoraproject.org
@@ -591,6 +592,9 @@
     site_name: os.stg.fedoraproject.org
     sslonly: true
     cert_name: "{{wildcard_cert_name}}"
+    # The Connection and Upgrade headers don't work for h2
+    # So non-h2 is needed to fix websockets.
+    use_h2: false
     tags:
     - os.stg.fedoraproject.org
 
@@ -600,6 +604,9 @@
     sslonly: true
     cert_name: "{{os_wildcard_cert_name}}"
     SSLCertificateChainFile: "{{os_wildcard_int_file}}"
+    # The Connection and Upgrade headers don't work for h2
+    # So non-h2 is needed to fix websockets.
+    use_h2: false
     tags:
     - app.os.stg.fedoraproject.org
 
diff --git a/roles/httpd/website/defaults/main.yml b/roles/httpd/website/defaults/main.yml
index 3bc85e5b70..cebeb4246e 100644
--- a/roles/httpd/website/defaults/main.yml
+++ b/roles/httpd/website/defaults/main.yml
@@ -2,6 +2,7 @@
 #name: ...
 #cert_name: ""
 
+use_h2: true
 server_aliases: []
 server_admin: webmaster@fedoraproject.org
 certbot: false
diff --git a/roles/httpd/website/templates/website.conf b/roles/httpd/website/templates/website.conf
index 58a4c7481a..8ff23bbd0c 100644
--- a/roles/httpd/website/templates/website.conf
+++ b/roles/httpd/website/templates/website.conf
@@ -42,7 +42,7 @@
 
   RequestHeader unset X-Forwarded-For
 
-{% if ansible_distribution == 'Fedora' and not inventory_hostname.startswith(('proxy01.phx2','proxy10.phx2')) and site_name != 'src.fedoraproject.org' %}
+{% if ansible_distribution == 'Fedora' and not inventory_hostname.startswith(('proxy01.phx2','proxy10.phx2')) and use_h2 %}
   Protocols h2 http/1.1
 {% elif ansible_distribution == 'Fedora' %}
   # For proxy01/10 and src.fedoraproject.org we only do http/1.1 because h2 hits a curl bug downloading sources