This tutorial is created because of a known vulnerability with HTTP/2
One of the components, shipped as part of the TrustBuilder IDHub package, contains a HTTP/2 vulnerabilities that allow potential DoS attacks on NGINX.
Details can be found on: https://www.nginx.com/blog/nginx-updates-mitigate-august-2019-http-2-vulnerabilities/
This needs to be executed on EVERY server block that has been configured within the NGINX configuration. HTTP/2 support is configurable on the listen settings. You will need to delete the http2 from these setting lines.
listen 443 ssl http2 default;
listen 443 ssl default;
TrustBuilder Orchestrator & TrustBuilder Admin
HTTP/2 needs to be disabled on the Tomcat-Core also as NGINX modules, used by TrustBuilder Gateway, are not communicating anymore with HTTP/2 enabled servers.
Edit the file /opt/trustbuilder/tomcat-core/conf/server.xml and delete the UpgradeProtocol tags from within the connector tags.
<Connector ... > <UpgradeProtocol className="org.apache.coyote.http2.Http2Protocol" /> </Connector>
<Connector ... protocol="HTTP/1.1" />
By default the connector returns back to HTTP/1.1 support. But can also be defined in the connector tag.