From 3dba75fb9700548f27dbe2f61dd148f392ae13a0 Mon Sep 17 00:00:00 2001
From: Stanley Hu <stanthetiger@yahoo.com>
Date: Wed, 14 Jul 2021 01:17:46 +0800
Subject: [PATCH] Support HTTP/2 in Let's Encrypt (#16371)

Modify the tlsConfig.NextProtos for Let's Encrypt and built-in HTTPS server in order to support HTTP/2.

Co-authored-by: 6543 <6543@obermui.de>
---
 cmd/web_letsencrypt.go     | 1 +
 modules/graceful/server.go | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/cmd/web_letsencrypt.go b/cmd/web_letsencrypt.go
index d50d803e1d..a683999790 100644
--- a/cmd/web_letsencrypt.go
+++ b/cmd/web_letsencrypt.go
@@ -54,6 +54,7 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 	}
 
 	tlsConfig := magic.TLSConfig()
+	tlsConfig.NextProtos = append(tlsConfig.NextProtos, "h2")
 
 	if enableHTTPChallenge {
 		go func() {
diff --git a/modules/graceful/server.go b/modules/graceful/server.go
index 704aa8a2b7..6b7d4a1a97 100644
--- a/modules/graceful/server.go
+++ b/modules/graceful/server.go
@@ -106,7 +106,7 @@ func (srv *Server) ListenAndServe(serve ServeFunction) error {
 func (srv *Server) ListenAndServeTLS(certFile, keyFile string, serve ServeFunction) error {
 	config := &tls.Config{}
 	if config.NextProtos == nil {
-		config.NextProtos = []string{"http/1.1"}
+		config.NextProtos = []string{"h2", "http/1.1"}
 	}
 
 	config.Certificates = make([]tls.Certificate, 1)