2 changed files with 2 additions and 12 deletions
--- a/roles/ingress/defaults/main.yml
+++ b/roles/ingress/defaults/main.yml
@ -21,15 +21,11 @@ ingress_container_networks:
 ingress_container_certbot_email: rehashedsalt@cock.li
 # General Nginx configuration
-ingress_listen_args: "443 http2 ssl"
+ingress_listen_args: "443 ssl"
 ingress_resolver: 8.8.8.8
 # This non-obvious setting controls whether directives for certificates will be added to hosts
 # Set to "no" if you do not plan on terminating TLS at the ingress controller, like when using
 # a custom container that *doesn't* automatically-provision LE certs
 ingress_listen_tls: yes
 ingress_tls_protocols: TLSv1.2 TLSv1.3
 ingress_tls_ciphers: ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 ingress_tls_prefer_server_ciphers: "off"
 # Vhost configuration
 # ingress_servers:
--- a/roles/ingress/templates/vhosts.conf.j2
+++ b/roles/ingress/templates/vhosts.conf.j2
@ -3,7 +3,7 @@ server {
 {% if loop.index == 1 %}
 	listen {{ ingress_listen_args }} default_server;
 {% else %}
-	listen {{ ingress_listen_args }};
+	listen {{ ingress_listen_args }} ssl;
 {% endif %}
 	server_name {{ server.name }};
@ -13,11 +13,6 @@ server {
 	ssl_certificate_key /etc/letsencrypt/live/{{ ingress_servers[0].name }}/privkey.pem;
 	ssl_trusted_certificate /etc/letsencrypt/live/{{ ingress_servers[0].name }}/chain.pem;
 	ssl_dhparam /etc/letsencrypt/dhparams/dhparam.pem;
 	ssl_stapling on;
 	ssl_stapling_verify on;
 	ssl_protocols {{ ingress_tls_protocols }};
 	ssl_ciphers {{ ingress_tls_ciphers }};
 	ssl_prefer_server_ciphers {{ ingress_tls_prefer_server_ciphers }};
 {% endif %}
 {% if server.directives is defined %}
@ -54,6 +49,5 @@ server {
 {% endfor %}
 {% endif %}
 	resolver {{ ingress_resolver }};
 }
 {% endfor %}