Skip to content

fix(nginx-proxy): Fix http2 duplication and add SSL_STAPLING control #299

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
mrrobot47 wants to merge 1 commit into
base: develop
Choose a base branch
from
Open

fix(nginx-proxy): Fix http2 duplication and add SSL_STAPLING control #299

mrrobot47 wants to merge 1 commit into from

Conversation

@mrrobot47
Copy link
Member

@mrrobot47 mrrobot47 commented Jan 12, 2026

Summary

Fixes recurring Nginx warning logs related to duplicate http2 directives and improves handling of SSL stapling for certificates without OCSP support.

Fixes

  • Fix http2 warnings: Resolves nginx: [warn] protocol options redefined by ensuring http2 on; appears only once per server block (moved outside listen directives).
  • Fix ssl_stapling warnings: Resolves nginx: [warn] "ssl_stapling" ignored for certificates lacking OCSP responders.

Changes

  • Updated nginx.tmpl:
    • Moved http2 on; to a valid location for modern Nginx (1.25.1+), preventing duplication across IPv4/IPv6 listen blocks.
    • Added logic to respect SSL_STAPLING environment variable.
  • Updated README.md:
    • Documented new SSL_STAPLING environment variable.

Configuration

New Environment Variable:

  • SSL_STAPLING: Controls OCSP stapling. Default is on.
    • Set SSL_STAPLING=off to disable stapling and silence warnings for self-signed certs or certs without OCSP.

@mrrobot47
fix(nginx-proxy): Fix http2 duplication and add SSL_STAPLING control
e0b9765 
- Fix 'protocol options redefined' warning by placing http2 directive
  once per server block instead of after each listen directive
- Add SSL_STAPLING env var (default: on) to control OCSP stapling
- Set SSL_STAPLING=off to suppress 'ssl_stapling ignored' warnings
  for certificates without OCSP responder URLs
- Update README with SSL_STAPLING documentation
Copilot AI review requested due to automatic review settings January 12, 2026 15:01
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR fixes nginx warning logs by correcting the placement of the http2 directive and adding optional control for SSL stapling via environment variable.

Changes:

  • Moved http2 on; directive outside of listen blocks to prevent duplication warnings in nginx 1.25.1+
  • Added SSL_STAPLING environment variable to allow disabling OCSP stapling for certificates without OCSP support
  • Updated documentation to include the new SSL_STAPLING variable

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File Description
nginx-proxy/nginx.tmpl Relocated http2 on; to server-level (3 locations) and added conditional SSL stapling based on SSL_STAPLING environment variable
nginx-proxy/README.md Added documentation for the new SSL_STAPLING environment variable

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mrrobot47