enable http2 after set up ssl (#517)

docs/subquery_network/node_operators/setup/security-guide.md

@@ -18,7 +18,7 @@ The diagram below illustrates a suggested network topology of the Node Operator'
 
 ![Suggested Topology](/assets/img/network/indexer_topology.png)
 
-### Ports and Interfaces
+## Ports and Interfaces
 
 **443 / 80**: For nginx → indexer-proxy for HTTPS/HTTP Node Operators. If nginx is used, consult the [official docs for security controls](https://docs.nginx.com/nginx/admin-guide/security-controls/)
 
@@ -75,11 +75,11 @@ ufw-docker status
 
 **7370**: This port is generally safe to allow outbound and inbound traffic for Node Operators proxy p2p network
 
-### Docker
+## Docker
 
 The Coordinator has unrestricted access to your host's Docker, which can pose security risks if not adequately shielded. If the machine is solely utilised for running SubQuery services, Node Operators should contemplate applying specific Docker security measures. Refer to documentation on SeLinux or AppArmor for further insights.
 
-### Other Best Practices
+## Other Best Practices
 
 - Regularly update the host OS.
 - Ensure the SubQuery service softwares are upgraded to the latest versions.
@@ -90,13 +90,17 @@ SSL certificate is an important way to secure your Node Operator service and enc
 
 **Since it's such a standard best practice, although it's not required, we rank Node Operators higher in the Node Operator leaderboard if they have SSL enabled. You can tell if a Node Operator has SSL enabled by confirming that the `Proxy Server Endpoint` in Node Operator's metadata starts with `https` instead of `http`.**
 
-### Enabling SSL
+### 1. Purchase a domain name
 
-**1. Purchase a domain name**: You can purchase a domain from a lot of domain providers, we won't be providing a guide on how to do this. The rest of this guide assumes you have purchased `mysqindexer.com`
+You can purchase a domain from a lot of domain providers, we won't be providing a guide on how to do this. The rest of this guide assumes you have purchased `mysqindexer.com`
 
-**2. Config DNS**: Add a A record to your domain that points to your Node Operator's server IP address. For example, we add an A record for `proxy.mysqindexer.com` to our server's IP `210.10.5.61`.
+### 2. Config DNS
 
-**3. Get a SSL Cert**: You can get a free SSL Cert from [Let's Encrypt](https://letsencrypt.org/), they offer a lot of ways to get a SSL Cert, you can choose the [one that fits your needs](https://letsencrypt.org/docs/client-options/). This tutorial will use Certbot + NGINX + Ubuntu as an example.
+Add a A record to your domain that points to your Node Operator's server IP address. For example, we add an A record for `proxy.mysqindexer.com` to our server's IP `210.10.5.61`.
+
+### 3. Get a SSL Certificate
+
+You can get a free SSL Certificate from [Let's Encrypt](https://letsencrypt.org/), they offer a lot of ways to get a SSL certificate, you can choose the [one that fits your needs](https://letsencrypt.org/docs/client-options/). This tutorial will use Certbot + NGINX + Ubuntu as an example.
 
 3.1. Install Certbot: Check [https://certbot.eff.org/instructions](https://certbot.eff.org/instructions) on how to do this step
 3.2. Install Nginx: We will use nginx for two purpose.
@@ -142,8 +146,7 @@ docker-compose up -d
 ```shell
 # /etc/nginx/sites-available/proxy.mysqindexer.com
 server {
-    listen 443 ssl; // Update the ports to listen on
-    listen [::]:443 ssl;
+    listen 80;
 
     server_name proxy.mysqindexer.com; // update the server name to match your DNS address
 
@@ -157,7 +160,7 @@ server {
 sudo ln -s /etc/nginx/sites-available/proxy.mysqindexer.com /etc/nginx/sites-enabled/proxy.mysqindexer.com
 ```
 
-**4 Run certbot**
+### 4. Run Certbot
 
 ```bash
 # run certbot
@@ -185,7 +188,32 @@ sudo certbot --nginx -d proxy.mysqindexer.com
 # - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 ```
 
-**5. Update your Node Operator metadata**: set the `Proxy Server Endpoint` to `https://proxy.mysqindexer.com`
+### 5. Enable HTTP2
+
+It's important that you enable HTTP2. This significantly improves query performance across the SubQuery Network, and will likely be required at some point in the future.
+
+To enable HTTP/2 in Nginx, you must first ensure that you are running Nginx 1.9.5 or newer, as HTTP/2 support was introduced in this version. You also need to have SSL/TLS enabled because HTTP/2 in Nginx requires HTTPS due to browser support requirements.
+
+To enable HTTP2, modify your Nginx Configuration:
+
+- Open your Nginx configuration file (typically located at `/etc/nginx/nginx.conf` or within the `/etc/nginx/sites-available/` directory).
+- Find the server block for your HTTPS configuration.
+- Add the `http2` parameter to the listen directive that specifies the SSL port (usually 443). For example:
+
+```
+# /etc/nginx/sites-available/proxy.mysqindexer.com
+    server {
+      # add http2 to line below
+      listen 443 ssl http2;
+      ...
+    }
+```
+
+Before applying the changes, test your new Nginx configuration by running `nginx -t`. If the configuration test is successful, reload Nginx to apply the changes with `sudo systemctl reload nginx` or `sudo nginx -s reload`.
+
+### 6. Update your Node Operator metadata
+
+Set the `Proxy Server Endpoint` to `https://proxy.mysqindexer.com`
 
 ## Community Solutions
 

docs/subquery_network/node_operators/setup/troubleshooting.md

@@ -2,8 +2,8 @@
 
 ## Got permission denied while trying to connect to the Docker daemon socket
 
-```jsx
-[ec2-user@ip-172-31-31-78 subquery-indexer]$ docker-compose up
+```bash
+[ec2-user@example subquery-indexer]$ docker-compose up
 Got permission denied while trying to connect to the Docker daemon socket
 at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json?all=1&filters=%7B%22label%22%3A%7B%22com.docker.compose.project%3Dsubquery-indexer%22%3Atrue%7D%7D&limit=0": dial unix /var/run/docker.sock: connect: permission denied
 ```
@@ -13,13 +13,13 @@ You get this error because the user you have logged in through does not have per
 **Solution:**
 Run the following command, then log out, and log in again.
 
-```jsx
+```bash
 sudo usermod -aG docker ${USER}
 ```
 
 The alternative solution is to run as sudo user:
 
-```jsx
+```bash
 sudo docker-compose up
 
 
@@ -37,7 +37,7 @@ You get this error because the endpoint is pinged for validity.
 
 ## initdb: error: directory "/var/lib/postgresql/data" exists but is not empty
 
-```jsx
+```
 coordinator_db       | initdb: error: directory "/var/lib/postgresql/data" exists but is not empty
 coordinator_db       | If you want to create a new database system, either remove or empty
 coordinator_db       | the directory "/var/lib/postgresql/data" or run initdb
@@ -51,7 +51,7 @@ To fix this error, delete the database and start again. The database resides in
 
 The other solution for this error is to specify another directory by adding a PGDATA key-value pair.
 
-```jsx
+```yaml
 services:
   postgres:
     environment:
@@ -60,7 +60,7 @@ services:
 
 ## fork/exec /usr/local/bin/docker-compose-v1: bad CPU type in executable
 
-```jsx
+```
 fork/exec /usr/local/bin/docker-compose-v1: bad CPU type in executable
 ```
 
@@ -73,13 +73,13 @@ To work around this issue in Docker, select “Use Docker Compose V2” in prefe
 
 If you have JavaScript disabled, you will see this error message. Turn on or enable JavaScript in your browser settings to continue to use SubQuery.
 
-```jsx
+```
 You need to enable JavaScript to run this app.
 ```
 
 ## ERROR Network chainId doesn't match expected genesisHash
 
-```jsx
+```
 2022-05-16T10:19:11.162Z <api> ERROR Network chainId doesn't match expected
 genesisHash. expected="0xb0a8d493285c2df73290dfb7e61f870f17b41801197a149ca93654"
 499ea3dafe" actual="0x91b171bb158e2d3848fa23a9f1c25182fb8e20313b2c1eb49219da7a70"
@@ -101,7 +101,7 @@ For e.g. for a Kusama project, use the Kusama endpoint of: `wss://kusama.api.onf
 
 Indexers may see this error in their logs:
 
-```jsx
+```
 <transaction> WARN collect and distribute rewards: FAILED : Error: cannot estimate gas;
 transaction may fail or may require manual gas limit
 ```
@@ -128,7 +128,7 @@ The official installation guide can be found [here](https://docs.docker.com/comp
 
 ## (WIP) Unexpected EOF on client connection with an open transaction
 
-```jsx
+```
 coordinator_db       | 2022-05-07 20:17:57.675 UTC [949] LOG:
 unexpected EOF on client connection with an open transaction
 ```
@@ -137,7 +137,7 @@ unexpected EOF on client connection with an open transaction
 
 ## (WIP) FATAL: could not open file global/pg_filenode.map"
 
-```jsx
+```
 FATAL: could not open file "global/pg_filenode.map": No such file or directory
 ```