From: Grant Slater <git@firefishy.com>
Date: Wed, 8 Jul 2020 07:57:56 +0000 (+0100)
Subject: Remove tcp fast-open support. Client support is dying
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/fc2ca30e571cbfebaf13589bd7f4c09dd57ed404

Remove tcp fast-open support. Client support is dying
---

diff --git a/cookbooks/imagery/templates/default/nginx_default.conf.erb b/cookbooks/imagery/templates/default/nginx_default.conf.erb
index 3d9a5bf5c..51670c715 100644
--- a/cookbooks/imagery/templates/default/nginx_default.conf.erb
+++ b/cookbooks/imagery/templates/default/nginx_default.conf.erb
@@ -1,6 +1,6 @@
 server {
-    listen 80 deferred backlog=16384 reuseport fastopen=2048 default_server;
-    listen 443 ssl deferred backlog=16384 reuseport fastopen=2048 http2; # No default_server here unless certificate specified here too.
+    listen 80 deferred backlog=16384 reuseport default_server;
+    listen 443 ssl deferred backlog=16384 reuseport http2; # No default_server here unless certificate specified here too.
 
     server_name  _;
     default_type text/html;
diff --git a/cookbooks/nominatim/templates/default/nginx.erb b/cookbooks/nominatim/templates/default/nginx.erb
index 4596d65e9..2e851c517 100644
--- a/cookbooks/nominatim/templates/default/nginx.erb
+++ b/cookbooks/nominatim/templates/default/nginx.erb
@@ -100,9 +100,9 @@ server {
 
 server {
     # IPv4
-    listen       443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+    listen       443 ssl deferred backlog=16384 reuseport http2 default_server;
     # IPv6
-    listen       [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+    listen       [::]:443 ssl deferred backlog=16384 reuseport http2 default_server;
     server_name  localhost;
 
     ssl_certificate /etc/ssl/certs/<%= node[:fqdn] %>.pem;
diff --git a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
index 9e214675a..0ea85d755 100644
--- a/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
+++ b/cookbooks/tilecache/templates/default/nginx_tile.conf.erb
@@ -192,11 +192,11 @@ map $tile_cache$http_referer$scheme$http_user_agent $deny_missing_referer {
 
 server {
     # IPv4
-    listen       80 deferred backlog=16384 reuseport fastopen=2048 default_server;
-    listen       443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+    listen       80 deferred backlog=16384 reuseport default_server;
+    listen       443 ssl deferred backlog=16384 reuseport http2 default_server;
     # IPv6
-    listen       [::]:80 deferred backlog=16384 reuseport fastopen=2048 default_server;
-    listen       [::]:443 ssl deferred backlog=16384 reuseport fastopen=2048 http2 default_server;
+    listen       [::]:80 deferred backlog=16384 reuseport default_server;
+    listen       [::]:443 ssl deferred backlog=16384 reuseport http2 default_server;
     server_name  localhost;
 
     proxy_buffers 8 64k;
diff --git a/roles/imagery.rb b/roles/imagery.rb
index f243f44c0..3cc42a718 100644
--- a/roles/imagery.rb
+++ b/roles/imagery.rb
@@ -26,12 +26,6 @@ default_attributes(
         "kernel.sched_min_granularity_ns" => 10000000,
         "kernel.sched_wakeup_granularity_ns" => 15000000
       }
-    },
-    :kernel_tfo_listen_enable => {
-      :comment => "Enable TCP Fast Open for listening sockets",
-      :parameters => {
-        "net.ipv4.tcp_fastopen" => 3
-      }
     }
   },
   :nginx => {
diff --git a/roles/tilecache.rb b/roles/tilecache.rb
index a78cac73d..4d79d848f 100644
--- a/roles/tilecache.rb
+++ b/roles/tilecache.rb
@@ -46,12 +46,6 @@ default_attributes(
         "net.ipv4.tcp_tw_reuse" => 1
       }
     },
-    :kernel_tfo_listen_enable => {
-      :comment => "Enable TCP Fast Open for listening sockets",
-      :parameters => {
-        "net.ipv4.tcp_fastopen" => 3
-      }
-    },
     :squid_swappiness => {
       :comment => "Prefer not to swapout to free memory",
       :parameters => {